Microsoft Claims Rustock Botnet Takedown

Have you missed your daily dose of spam emails advertising everything from Viagra to fake pharmaceuticals and watches this week? According to a link spotted on eWeek, Microsoft is claiming responsibility for the takedown of the massive Rustock botnet, which stopped sending out spam midmorning on 16 March 2011.

This operation, known as Operation B107, is the second high-profile takedown in Microsoft’s joint effort between Microsoft Digital Crimes Unit (DCU), Microsoft Malware Protection Center and Trustworthy Computing – known as Project MARS (Microsoft Active Response for Security) – to disrupt botnets and begin to undo the damage the botnets have caused.

The previous operation against the Waledac botnet (B49) followed a judgement by the US District Court of Eastern Virginia, that upheld a recommendation to grant Microsoft’s motion for the transfer of the domains behind the Waledac botnet to Microsoft.

The Rustock Botnet is estimated to have infected up to 1.7 million computers worldwide, and up to the end of 2010 may have been responsible for almost 50% of the spam sent worldwide. At times Rustock was capable of sending 30 billion spam e-mails per day.

The Rustock Botnet was identified as being more complicated than the Waledac botnet, using hard coded IP addresses rather than domain names, and peer-to peer command and control servers. To combat this Microsoft obtained a court order allowing them to work with the U.S. Marshals Service to physically capture evidence onsite and, in some cases, take the affected servers from hosting providers for analysis.

The amount of computers which can be linked in a botnet is mind boggling, and because the bots are so versatile their use is limited only be the imagination of their controller, or bot-herder.

In order to combat botnets, Microsoft encourage every computer owner to make sure their machine isn’t doing a criminal’s dirty work. If you believe your computer may be infected by Rustock or other type of malware, we encourage you to visit support.microsoft.com/botnets for free information and resources to clean your computer.

Further links and resources

Finally, for everyone who likes comics, check out the Microsoft comic strip Terrifying Tales of Digital Delivery

Microsoft launches Internet Explorer 9

Microsoft has launched the finished version of its Internet Explorer 9 web browser, and at the same time started a campagn to rid the world of the dreaded IE6. The site called The Internet Explorer 6 Countdown, appears to be set on moving the world off Internet Explorer 6 – and about time too!

However, the joy at the launch of IE9 may not be ubiquitous; While Windows Vista or Windows 7 users can now download the full release version of IE9, XP users and Mac OS X or Linux users are not so fortunate. There are plenty of other browsers of course, including Firefox, Chrome, Safari, Opera, and many others to chose from, so there are plenty of alternatives to IE6.

Meanwhile on another front, a Downing Street petition is calling for the UK government to drop IE6 and move to a more modern browser. The petition highlights IE6 security flaws and uses outdated technology, creating a burden for developers. The petition comes as the Department of Health advised the NHS to move away from the old browser. How long will it be before other government departments catch on and realize that it is time to ditch the bad egg, which is well past it’s use by date.

If you are running Windows Vista or Windows 7, you can click here to download IE9

For a more critical view of the new browser from the Microsoft stable, read Five Reasons not to “Upgrade” to Windows’ Internet Explorer 9

Microsoft Takes Down The Waledac Botnet

In a post on the Official Microsoft blog, entitled Cracking Down on Botnets, Microsoft announced the takedown of the Waledac botnet, one of the 10 largest botnets in the United States and a major distributor of spam globally. Microsoft achieved this after a federal judge granted a temporary restraining order cutting off 277 Internet domains believed to be run by criminals.

In a complaint filed in the Eastern District of Virginia on the 22 February against John Does 1-27 et al, Microsoft alleged that the “Doe defendants have undertaken the forgoing acts with the knowledge that such acts would cause harm through the .com domains located in Virginia and through user computers located in Verginia, therby injuring Microsoft, its customers and others both in Virginia and elsewhere in the United States”. This argues that the Virginia Court has jurisdiction over the case regardless where the perpetrator reside.

The takedown of the Waledac botnet, or Operation B49 as it was known internally in Microsoft, was the result of months of investigation. The Waledac botnet is believed to have had the capacity to send over 1.5 billion spam emails per day. From Microsoft’s analysis, between 3-21 December 2009, approximately 651 million spam emails attributable to Waledac were directed to Hotmail accounts alone.

This legal and industry operation against Waledac is the first of its kind, but hopefully it won’t be the last. Microsoft has acted with experts from the international security communication to combat this menace to computer users everywhere. However, taking down the botnet is not the end of the story.

Thousands of computers are still infected with the Waledac computer worm, a self-replicating malware computer program. Although the zombies are now largely out of the bot-herders’ control, they are still infected with the original malware. Microsoft advise users people running Windows machines to visit the Microsoft Security Web site, where they can find Microsoft’s Malicious Software Removal Tool, which removes Waledac.

Links and resources relating to Microsoft Takes Down The Waledac Botnet: