Microsoft takes down Rustock botnet
The Rustock botnet has effectively been taken down. And we have Microsoft (mostly) to thank for it.
Spam continues to be a problem for Internet users, even in these days of strong spam filters and common sense. Unfortunately millions of spam messages still find their way through to email inboxes every day, and thousands of people then don’t exhibit common sense upon opening it and actually respond. Which is why the criminal gangs behind mass mailings continue to ply their trade.
However, there is the occasional victory scored against these gangs. A year ago the Botnet Task Force led by Microsoft crippled the Waledac botnet. Now another well-known botnet has been taken out of commission, with Microsoft once again being heavily involved.
As first reported by the Wall Street Journal, and then detailed on the TechNet blog, the Microsoft Digital Crimes Unit (DCU), working alongside federal agents, took down the Rustock botnet. This was accomplished by seizing the servers which acted as the control center for the legion of computers which were sending the spam out.
Though the infrastructure has been taken out, the infected computers will still need to be identified, with the help of friendly ISPs, to prevent the people behind Rustock starting the process back up again. And with 1 million computers around the world believed to be involved, this is a herculean task. The people believed to be behind Rustock are referred to simply as “John Does 1-11” in the Microsoft lawsuit.
The last we heard of Rustock was over Christmas when spam coming from the botnet dropped off to zero. This prompted some to suspect Rustock was somehow being crippled but as the level of spam it was sending returned to normal immediately after the holiday season it seems this was just a seasonal blip and nothing more. Thankfully this time the fix is more permanent, with Rustock having been “decapitated.” Let’s just hope the body doesn’t live on.
Related Posts:
