A lawsuit by Microsoft that was unsealed at the company's request late today triggered several coordinated raids last Wednesday that took down Rustock, a botnet that infected millions of computers with malicious code in order to turn them into a massive spam-sending network.
The Wall Street Journal first reported that it was Microsoft's digital crimes unit, working in concert with U.S. marshals, that raided seven hosting facilities across the country and seized the command-and-control machines that ran the network. Those are the servers that send instructions to the fleet of infected computers to dish out spam messages hawking such items as phony lottery scams and fake and potentially dangerous prescription drugs.The takedown was known internally as Operation b107.
Shutting down Rustock could put a huge dent in spam worldwide. Tech security giant Symantec estimated last year that Rustock was responsible for 39 percent of the world's spam. Global spam levels dropped 12 percent after Dutch authorities took down a Trojan horse named Bredolab last November.
Microsoft shuts down giant Rustock spamming network
Like Microsoft did with the Waledac botnet in February 2010, the company used the courts to go after Rustock. On Wednesday morning, U.S. Marshals seized hard drives and servers at Internet service providers in seven U.S. cities including Seattle, disconnecting most of the IP addresses that controlled the botnet, according to court documents.
The servers were removed as evidence and will be analyzed by Microsoft. Simultaneously, police carried out similar action in the Netherlands, where one Rustock server was located, Richard Boscovich, senior attorney in Microsoft's Digital Crimes Unit, said in a phone interview.
"It's is one of the largest," Boscovich said of the Rustock botnet. "At any time, it's one of the top two sending spam."
On a good day, Rustock was capable of sending 30 billion spam e-mails per day.
Rustock Botnet Flatlined, Spam Volumes Plummet
The global volume of junk e-mail sent worldwide took a massive nosedive today following what appears to be a coordinated takedown of the Rustock botnet, one of the world’s most active spam-generating machines.
For years, Rustock has been the most prolific purveyor of spam — mainly junk messages touting online pharmacies and male enhancement pills. But late Wednesday morning Eastern Time, dozens of Internet servers used to coordinate these spam campaigns ceased operating, apparently almost simultaneously.
Such an action suggests that anti-spam activists have succeeded in executing possibly the largest botnet takedown in the history of the Internet. Spam data compiled by the Composite Spam Blocklist, the entity that monitors global junk e-mail volumes for the anti-spam outfit Spamhaus.org, shows that at around 2:45 p.m. GMT (10:45 a.m. EDT) spam sent via the Rustock botnet virtually disappeared. The CBL estimates that at least 815,000 Windows computers are currently infected with Rustock, although that number is more than likely a conservative estimate.
Spam data compiled by the Composite Spam Blocklist, the entity that monitors global junk e-mail volumes for the anti-spam outfit Spamhaus.org, shows that at around 2:45 p.m. GMT (10:45 a.m. EDT) spam sent via the Rustock botnet virtually disappeared. The CBL estimates that at least 815,000 Windows computers are currently infected with Rustock, although that number is more than likely a conservative estimate.
Edited by Union_Thug, 17 March 2011 - 10:35 PM.