Microsoft brings down Rustock spam botnet

Tools

The notorious Rustock botnet was finally shut down on Thursday last week in a takedown operation involving Microsoft (NASDAQ: MSFT), industry partners and federal law enforcement agents. According to Symantec, the Rustock botnet was responsible for a large proportion of the world's spam (39 percent); the illicit computer network powering the botnet was thought to consist of close to a million compromised client computers.

The road to getting Rustock offline was not a short one; it was the culmination of a year-long investigation by Microsoft's Digital Crimes Unit with assistance from various industry partners. The DCU essentially compiled a long list of pertinent information such as the domain names, IP addresses and hosting companies that botnet operators were determined to be using. In a civil suit filed last February, Microsoft sought a judge's permission to gain control of the IPs of 'controller nodes' of Rustock--and which number in the hundreds.

In a blog post, Richard Boscovich, senior attorney of the DCU described the complexity of severing the controller nodes of the botnet: "To be confident that the bot could not be quickly shifted to new infrastructure, we sought and obtained a court order allowing us to work with the U.S. Marshals Service to physically capture evidence onsite and, in some cases, take the affected servers from hosting providers for analysis."

For more on this story:
- check out this blog at TechNet
- check out this article at CNET News
- check out this article at SC Magazine
- check out this article at PC Mag

Related Articles:
RIM, Microsoft partner to take BlackBerry Enterprise Servers to the cloud 
Botched Windows Phone 7 update infuriates users 
Can the Microsoft/Nokia partnership rival Apple?  
Microsoft rolls out disposable Hotmail accounts using aliases