Microsoft takes credit for Rustock shutdown

Microsoft and a range of partners were responsible for the takedown of major spamming botnet Rustock.

Cyber crime

Microsoft was responsible for taking down Rustock the giant spamming botnet which stopped spewing out messages this week.

Researchers from the likes of M86 Security and Symantec were at a loss as to why Rustock activity had ceased, but now Microsoft has explained how the botnet was killed off.

The Redmond firm revealed it took out the botnet as part of Operation b107 a joint initiative between Microsoft's Digital Crimes Unit, its Malware Protection Centre and its Trustworthy Computing branch.

The operation saw the connection between Rustock's command and control structure and the computers operating under its control severed.

To do this, command and control servers had to be seized in numerous hosting locations.

Servers were taken and analysed from five hosting providers in seven cities across the US, including Kansas City, Scranton, Denver, Dallas, Chicago, Seattle and Columbus.

Prior to this, Microsoft and its partners, including FireEye and security experts at the University of Washington, had to prove to the US District Court for the Western District of Washington that Rustock needed taking out.

Pharmaceutical firm Pfizer was brought in as well, as Rustock helped push out significant amounts of spam flogging fake drugs.

Outside of the US, Microsoft worked with the Dutch High Tech Crime Unit within the Netherlands Police Agency to put an end to Rustock activity.

The Redmond firm also blocked registration of domains in China that Rustock could have used for command and control servers.

Come together, right now

"With help from the upstream providers, we successfully severed the IP addresses that controlled the botnet, cutting off communication and disabling it," said Richard Boscovich, senior attorney for the Microsoft Digital Crimes Unit, on a blog.

"This case and this operation are ongoing and our investigators are now inspecting the evidence gathered from the seizures to learn what we can about the botnet's operations."

He confirmed Microsoft would continue to invest in similar operations in the future. The firm was also a major player in putting an end to the Waledac, or Storm, botnet.

Boscovich called for greater collaboration across industries to reduce botnet activity.

"DCU's research shows there may be close to one million computers infected with Rustock malware, all under the control of the person or people operating the network like a remote army, usually without the computer's owner even aware that his computer has been hijacked," Boscovich added.

"With your help, and the continued public and private cooperation of industry, academia and law enforcement such as Operation b107, we can stop criminals from using botnets to wreak havoc on the internet."

Last year saw a number of significant botnet takedowns. First came the shut down of Mariposa, the perpetrators of which were eventually arrested.

The massive Bredolab botnet, which had infected over 30 million computers worldwide, was also brought down.

Featured Resources

The complete guide to changing your phone system provider

Optimise your phone system for better business results

Download now

Simplify cluster security at scale

Centralised secrets management across hybrid, multi-cloud environments

Download now

The endpoint as a key element of your security infrastructure

Threats to endpoints in a world of remote working

Download now

2021 state of IT asset management report

The role of IT asset management for maximising technology investments

Download now

Recommended

Ryuk behind a third of all ransomware attacks in 2020
Security

Ryuk behind a third of all ransomware attacks in 2020

29 Oct 2020
REvil hacking group says it has made more than $100m in a year
Security

REvil hacking group says it has made more than $100m in a year

29 Oct 2020
36 billion personal records exposed by hacks in 2020 so far
Security

36 billion personal records exposed by hacks in 2020 so far

29 Oct 2020
Trump website defaced in second successive cyber breach
Security

Trump website defaced in second successive cyber breach

28 Oct 2020

Most Popular

Do smart devices make us less intelligent?
artificial intelligence (AI)

Do smart devices make us less intelligent?

19 Oct 2020
Best MDM solutions 2020
mobile device management (MDM)

Best MDM solutions 2020

21 Oct 2020
What is Neuralink?
Technology

What is Neuralink?

24 Oct 2020