Microsoft Working to Take Down Win32/Rustock Botnet
Microsoft's Jeff Williams gives an update on Microsoft's part in continued action to eradicate the Win32/Rustock botnet.
Over a year ago Microsoft marshalled a unique botnet-fighting team. Made up of others in industry and some folks in academia, they used a combination of legal and technical means to take control of the Win32/Waledac botnet as the first milestone action in project MARS (Microsoft Active Response for Security.)
A similar action in the past couple of days has had its legal seal opened that allowed Microsoft to talk more openly about the Win32/Rustock botnet.
Sure, Waledac was a simpler and smaller botnet than Rustock, but because of lessons learned with it, Microsoft was able to take on the much larger Rustock botnet.
Rustock is estimated to've infected over a million computers and was spewing out millions of spams daily
In fact, some statistics have suggested that at its peak, Rustock accounted for a staggering 80% of all spam traffic in volume and were sending at a rate of over 2,000 messages per second.
What was so impressive in the botnet takedown was the scope of things: the seizure of command and control servers was under court order from the U.S. District Court for the Western District of Washington; the order was carried out by the U.S. Marshals Service and by authorities in the Netherlands.
That alone would be a fairly big deal, but here's the kicker: investigators are now going through evidence seized from five hosting centers in seven locations to learn more about those responsible and their activities.
This was a collaboration with others such as Pfizer (whose brands were infringed on from fake-pharma spam coming from Rustock), FireEye, and the University of Washington.
All three gave valuable statements to the court on the behaviors of Rustock and also the specific dangers to public health which is in addition to those effecting the Internet.
We applaud Microsoft and its partners for pulling this off. Their continued work with CERT and ISPs around the world is the only way to reach those whose computers are infected and help defeat and remove these viruses.
The comments to this entry are closed.