Rustock botnet out of action
Microsoft's Digital Crimes Unit reports that it has infiltrated the notorious Rustock botnet, consisting of an estimated 1 million infected PCs which were able to be remotely controlled for criminal ends. On the back of extensive research work and through the use of legal measures, the company gained access to, analysed and finally disabled command and control servers at five hosting providers in seven US states. The techniques used mirrored those used a year ago to take down the Waledac botnet.
Microsoft plans to strike further blows against criminal infrastructures and is at pains to note that this cannot be done by companies acting in isolation, but rather requires a coordinated international effort. Pharmaceuticals company Pfizer, security company FireEye, specialists from the University of Washington and the Dutch police were all involved in taking down Rustock. Removing the Rustock malware, which is still sitting on users' PCs awaiting further instruction, also, according to Microsoft, necessitates a coordinated process with assistance from ISPs.
Rustock's primary purpose appears to have been sending out spam. Its takedown may result in a tangible, permanent decrease in global spam volumes. IT security specialist and journalist Brian Krebs reports a total collapse in the volume of spam originating from Rustock. Statistics from anti-spam project NiX Spam, which are not limited to Rustock volumes, also show a decline in the number of IP addresses registered as spam originating over the last two days.
- Spy versus spy, a report from The H.
- Study shows rise in spam botnets, a report from The H.
- Microsoft takes legal action against botnet, a report from The H.