In association with heise online

18 March 2011, 12:35

Rustock botnet out of action

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Microsoft Digital Crimes Unit Logo Microsoft's Digital Crimes Unit reports that it has infiltrated the notorious Rustock botnet, consisting of an estimated 1 million infected PCs which were able to be remotely controlled for criminal ends. On the back of extensive research work and through the use of legal measures, the company gained access to, analysed and finally disabled command and control servers at five hosting providers in seven US states. The techniques used mirrored those used a year ago to take down the Waledac botnet.

Microsoft plans to strike further blows against criminal infrastructures and is at pains to note that this cannot be done by companies acting in isolation, but rather requires a coordinated international effort. Pharmaceuticals company Pfizer, security company FireEye, specialists from the University of Washington and the Dutch police were all involved in taking down Rustock. Removing the Rustock malware, which is still sitting on users' PCs awaiting further instruction, also, according to Microsoft, necessitates a coordinated process with assistance from ISPs.

Rustock's primary purpose appears to have been sending out spam. Its takedown may result in a tangible, permanent decrease in global spam volumes. IT security specialist and journalist Brian Krebs reports a total collapse in the volume of spam originating from Rustock. Statistics from anti-spam project NiX Spam, which are not limited to Rustock volumes, also show a decline in the number of IP addresses registered as spam originating over the last two days.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit