Skip to main content

Microsoft behind Rustock takedown

Earlier this week the computer security and antispam communities were puzzling over the sudden silence of the Rustock botnet, a particularly widespread and aggressive network of captive “zombie” computer that may be responsible for up to 40 percent of the world’s spam. Now, details are emerging about how Rustock was taken down—and credit goes to technology giant Microsoft (along with U.S. and international law enforcement) who were able to sever connections between Rustock’s army of captive computers and its command-and-control servers, effectively taking the botnet offline. Microsoft is now working to sanitize botnet computers before Rustock’s operators can find a way to re-harness them.

Image used with permission by copyright holder

“[Rustock] is estimated to have approximately a million infected computers operating under its control and has been known to be capable of sending billions of spam mails every day, including fake Microsoft lottery scams and offers for fake—and potentially dangerous—prescription drugs,” said Microsoft’s senior attorney in its Digital Crimes Unit Richard Boscovich, in a blog posting. “We are also now working with Internet service providers and Community Emergency Response Teams (CERTs) around the world to help reach out to help affected computer owners clean the Rustock malware off their computers.”

Microsoft’s action against Rustock was dubbed “Operation b107.” Microsoft’s approach was similar to how the company moved against the Waledac botnet a year ago, following months of investigative work at Microsoft and in conjunction with its partners—Microsoft specifically singles out security researchers at the University of Washington, network security operators FireEye, and the Dutch High Tech Crime Unit.

The actual takedown involved Microsoft and others filing suit against the botnet’s anonymous operators and making a successful pleading before a court to work with law enforcement to conduct a coordinated seizure of Rustock command-and-control servers operating in the United States. According to Microsoft, Rustock command servers were confiscated from five hosting providers in seven U.S. cities (including Kansas City, Scranton, Denver, Dallas, Chicago, Seattle, and Columbus), and coordination with upstream providers helped cut the servers off from the botnet controllers. Microsoft describes Rustock’s infrastructure as considerably more sophisticated than that used by Waledac, relying on hard-coded IP addresses that can’t easily be disrupted through DNS. Microsoft says it also worked with CN-CERT to block registration of domains in China that Rustock ould have used for new command-and-control servers.

Interestingly, drug-maker Pfizer is a party to the suits brought against Rustock’s operator, with its declaration that the drugs advertised via much of the spam sent by Rustock often have incorrect active ingredients, improper dosages, or are even contaminated with pesticides, lead, and other toxins.

At the moment, it’s safest to say Rustock has been made inactive, rather than having been taken down: the estimated million infected zombie computers are still out there, and if Rustock’s creators are wily they might be able to regain control over some portion of them. Microsoft emphasizes it’s strategy doesn’t just involve cutting the heads off botnets, but also cleaning malware off infected computers so the botnet can’t come back to life.

Editors' Recommendations

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
How to find your BitLocker recovery key
A business owner using QuickBooks Online on a laptop.

BitLocker is a useful security feature for modern Windows installations that helps protect your files and data from prying eyes. But if you made major changes to your PC, or an administrator has triggered a security event, you may need to input your BitLocker recovery key to get into Windows. Don't have it at hand? Don't worry. Here's how to find your recovery key so you can log in again.

Read more
Microsoft Word Free Trial: Get a month of service for free
A person using MS Word.

The titular office suite, and one that just about everyone knows, called Microsoft Office, includes the renowned word processor Microsoft Word. But with the recent versions of its software, Microsoft has migrated to the cloud. Microsoft Word is a versatile and capable word processor that's essential for typing and editing written documents, among other things (and there are a lot of things you probably didn't know you could do in Microsoft Word). Microsoft Office is paid software, however, Word is included, and for some, the cost may seem high even with some of the best Microsoft Office deals floating around. So, if you're wondering if there's a Microsoft Word free trial or any other way to get it for free, read on to find out.
Is there a Microsoft Word free trial?

Microsoft Word is actually part of the company's wider Office app suite. Now known simply as Microsoft 365 (formerly Microsoft Office), Microsoft's enterprise software is available in a number of different packages that are now subscription-based; the company has retired the older bundles that were available for a one-time payment. That means if you want a Microsoft Word free trial, you'll need to sign up for the Microsoft 365 trial, which includes the Word app along with Excel, PowerPoint, Outlook, Teams, OneDrive, and Editor.

Read more
How to remove a login password on Windows 11
A padlock surrounded by keys.

Your password is your key to Windows 11, as it protects your files and your important information. There are some cases, however, where you might want to remove a login password in Windows.

One such case is when you’re sharing a PC with someone and don’t necessarily have anything that’s private on your system. Though we don’t recommend it, removing the password can also mean faster logins to your PC.

Read more