Skip to main content

Microsoft behind Rustock takedown

Earlier this week the computer security and antispam communities were puzzling over the sudden silence of the Rustock botnet, a particularly widespread and aggressive network of captive “zombie” computer that may be responsible for up to 40 percent of the world’s spam. Now, details are emerging about how Rustock was taken down—and credit goes to technology giant Microsoft (along with U.S. and international law enforcement) who were able to sever connections between Rustock’s army of captive computers and its command-and-control servers, effectively taking the botnet offline. Microsoft is now working to sanitize botnet computers before Rustock’s operators can find a way to re-harness them.

Image used with permission by copyright holder

“[Rustock] is estimated to have approximately a million infected computers operating under its control and has been known to be capable of sending billions of spam mails every day, including fake Microsoft lottery scams and offers for fake—and potentially dangerous—prescription drugs,” said Microsoft’s senior attorney in its Digital Crimes Unit Richard Boscovich, in a blog posting. “We are also now working with Internet service providers and Community Emergency Response Teams (CERTs) around the world to help reach out to help affected computer owners clean the Rustock malware off their computers.”

Recommended Videos

Microsoft’s action against Rustock was dubbed “Operation b107.” Microsoft’s approach was similar to how the company moved against the Waledac botnet a year ago, following months of investigative work at Microsoft and in conjunction with its partners—Microsoft specifically singles out security researchers at the University of Washington, network security operators FireEye, and the Dutch High Tech Crime Unit.

The actual takedown involved Microsoft and others filing suit against the botnet’s anonymous operators and making a successful pleading before a court to work with law enforcement to conduct a coordinated seizure of Rustock command-and-control servers operating in the United States. According to Microsoft, Rustock command servers were confiscated from five hosting providers in seven U.S. cities (including Kansas City, Scranton, Denver, Dallas, Chicago, Seattle, and Columbus), and coordination with upstream providers helped cut the servers off from the botnet controllers. Microsoft describes Rustock’s infrastructure as considerably more sophisticated than that used by Waledac, relying on hard-coded IP addresses that can’t easily be disrupted through DNS. Microsoft says it also worked with CN-CERT to block registration of domains in China that Rustock ould have used for new command-and-control servers.

Interestingly, drug-maker Pfizer is a party to the suits brought against Rustock’s operator, with its declaration that the drugs advertised via much of the spam sent by Rustock often have incorrect active ingredients, improper dosages, or are even contaminated with pesticides, lead, and other toxins.

At the moment, it’s safest to say Rustock has been made inactive, rather than having been taken down: the estimated million infected zombie computers are still out there, and if Rustock’s creators are wily they might be able to regain control over some portion of them. Microsoft emphasizes it’s strategy doesn’t just involve cutting the heads off botnets, but also cleaning malware off infected computers so the botnet can’t come back to life.

Geoff Duncan
Former Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Microsoft’s Surface Laptop 13 almost beat the MacBook Air. Here’s what it missed
13-inch Microsoft Surface Laptop and Macbook Air.

Microsoft is turning a new chapter for the Surface hardware, one where it competes against the best of Apple across different form factors. The latest from the company is a MacBook Air-wannabe laptop (down to the looks) and a tablet that borrows from the iPad formula. 

The new 13-inch Surface Laptop and the 12-inch Surface Pro tablet are curious additions to Microsoft’s lineup. The most perplexing part? Microsoft again went with Qualcomm (and Windows on Arm) instead of picking Intel and AMD, both of which now offer silicon ready for Copilot+ machines. 

Read more
Microsoft Surface Pro and Surface Laptop both have amazing discounts
Microsoft Surface Laptop 13-inch in silver color.

If you want a device that will maximize the capabilities of Microsoft's Copilot, look no further than Microsoft's own Surface line. The good news is that the Microsoft Surface Pro 11 and the Microsoft Surface Laptop 7 are on sale right now -- they're both available for just $800 instead of their original price of $1,000 from Best Buy, for savings of $200 when you buy either machine.

We're not sure how much time is remaining before these offers expire, but with the growing popularity of the AI assistant and the demand for Surface Pro and Surface Laptop deals, we highly recommend proceeding with your purchase quickly. Stocks of the Microsoft Surface Pro 11 and the Microsoft Surface Laptop 7 may run out at any moment, and once these offers are gone, we're not sure when you'll get another chance at them.

Read more
Surface Laptop 13 is Microsoft’s lightest yet, with MacBook-beating battery life
Color options for the Microsoft Surface Laptop 13-inch.

Microsoft is changing the design language of its laptops, and it seems the target is squarely Apple’s MacBook Air. The latest from the Redmond giant is a new 13-inch Surface Laptop, which undercuts Apple’s popular entry-level laptop with a sticker price of $899.

The company says its latest offering is the thinnest and lightest Surface Laptop yet. The new Copilot+ machine has a footprint smaller than the MacBook Air, but Microsoft’s laptop is also slightly lighter, as well, though not quite as slim as its rival.

Read more