Microsoft’s Strong Pursuit of Rustock

Microsoft has taken its pursuit of the operators of the notorious Rustock botnet to the next level by offering a monetary reward of $250,000 for any information about them that leads to their identification, arrest, and criminal conviction.

Microsoft Digital Crimes Unit

In 2010, the  Microsoft Digital Crimes Unit (DCU), in cooperation with industry and academic experts, had successfully taken down the botnet Waledac in an operation known as Operation b49. This successful operation against Waledac paved the way for future shutdowns in cases where criminals are abusing anonymity to victimize computer users around the world. The Rustock takedown was the next, and the biggest success till date. In March 2011, the Rustock botnet was taken down with help of industry partners and law enforcement. In an operation known as Operation b107, this was a joint effort between the DCU, the Microsoft Malware Protection Center, and Trustworthy Computing known as Project MARS (Microsoft Active Response for Security). Since that time the botnet has stayed dead.

Last month, Microsoft published notices in two mainstream Russian newspapers, the Delovoy Petersburg and The Moscow News, to notify the Rustock operators of the civil lawsuit. The quarter-page ads ran for 30 days to make a good faith effort to contact the owners of the IP address and domain names that were shut down when Rustock was taken offline. Microsoft also created the website specifically dedicated to the case.

However, Microsoft has made clear that keeping the botnet dead or taking action against the perpetrators of this botnet isn’t the only focus. Microsoft intends to effectively reduce digital crime globally by deterring the criminals who seek to profit from botnets. This huge cash bounty testifies to Microsoft’s insistence that the Rustock botnet is responsible for a number of criminal activities.

Rustock was a spam giant with a capacity for sending 30 billion spam mails every day. DCU researchers watched a single Rustock-infected computer send 7,500 spam emails in just 45 minutes a rate of 240,000 spam mails per day. The spam mails included fake Microsoft lottery scams and offers for fake and potentially dangerous prescription drugs. The botnet was estimated to have approximately a million infected computers operating under its control.

Computers are recruited into botnets when malware is installed on them. Botnets are known to be the tool of choice for cybercriminals because they are easy to hide behind. Botnets harness the processing power, storage, and bandwidth of infected computers and can be used to to send spam, conduct denial-of-service attacks on websites, spread malware, facilitate click fraud in online advertising and much more.

The United States had the most botnet infections (2.1 million), far ahead of Brazil, which had the second greatest number of infections (550,000). Korea had the highest rate of botnet infections (14.6 bot computers cleaned per thousand).

Published by

Abhishek Baxi

Abhishek Baxi is an independent technology columnist for several international publications and a digital consultant. He speaks incessantly on Twitter (@baxiabhishek) and dons the role of Editor-in-Chief here at Techie Buzz.