Microsoft behind Rustock takedown

Earlier this week the computer security and antispam communities were puzzling over the sudden silence of the Rustock botnet, a particularly widespread and aggressive network of captive “zombie” computer that may be responsible for up to 40 percent of the world’s spam. Now, details are emerging about how Rustock was taken down—and credit goes to technology giant Microsoft (along with U.S. and international law enforcement) who were able to sever connections between Rustock’s army of captive computers and its command-and-control servers, effectively taking the botnet offline. Microsoft is now working to sanitize botnet computers before Rustock’s operators can find a way to re-harness them.

microsoft behind rustock takedown spambot infographic  march 2011

“[Rustock] is estimated to have approximately a million infected computers operating under its control and has been known to be capable of sending billions of spam mails every day, including fake Microsoft lottery scams and offers for fake—and potentially dangerous—prescription drugs,” said Microsoft’s senior attorney in its Digital Crimes Unit Richard Boscovich, in a blog posting. “We are also now working with Internet service providers and Community Emergency Response Teams (CERTs) around the world to help reach out to help affected computer owners clean the Rustock malware off their computers.”

Microsoft’s action against Rustock was dubbed “Operation b107.” Microsoft’s approach was similar to how the company moved against the Waledac botnet a year ago, following months of investigative work at Microsoft and in conjunction with its partners—Microsoft specifically singles out security researchers at the University of Washington, network security operators FireEye, and the Dutch High Tech Crime Unit.

The actual takedown involved Microsoft and others filing suit against the botnet’s anonymous operators and making a successful pleading before a court to work with law enforcement to conduct a coordinated seizure of Rustock command-and-control servers operating in the United States. According to Microsoft, Rustock command servers were confiscated from five hosting providers in seven U.S. cities (including Kansas City, Scranton, Denver, Dallas, Chicago, Seattle, and Columbus), and coordination with upstream providers helped cut the servers off from the botnet controllers. Microsoft describes Rustock’s infrastructure as considerably more sophisticated than that used by Waledac, relying on hard-coded IP addresses that can’t easily be disrupted through DNS. Microsoft says it also worked with CN-CERT to block registration of domains in China that Rustock ould have used for new command-and-control servers.

Interestingly, drug-maker Pfizer is a party to the suits brought against Rustock’s operator, with its declaration that the drugs advertised via much of the spam sent by Rustock often have incorrect active ingredients, improper dosages, or are even contaminated with pesticides, lead, and other toxins.

At the moment, it’s safest to say Rustock has been made inactive, rather than having been taken down: the estimated million infected zombie computers are still out there, and if Rustock’s creators are wily they might be able to regain control over some portion of them. Microsoft emphasizes it’s strategy doesn’t just involve cutting the heads off botnets, but also cleaning malware off infected computers so the botnet can’t come back to life.

Mobile

Think iPhones can’t get viruses? Our expert explains why it could happen

If your iPhone has been acting strangely, then you may be concerned about the possibility it is infected with a virus or some malware. We take a look at just how likely that is and explain why iOS is considered relatively safe.
Computing

Dodge the cryptojackers with the best torrent clients available today

Looking for the best torrent clients to help you share all of that wonderful legal content you own? Here's a list of our favorite torrent clients, all packed with great features while dodging malware and adverts.
Movies & TV

The best shows on Netflix right now (March 2019)

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Movies & TV

The best movies on Netflix in March, from Buster Scruggs to Roma

Save yourself from hours wasted scrolling through Netflix's massive library by checking out our picks for the streamer's best movies available right now, whether you're into explosive action, witty humor, or anything else.
Computing

The iMac finally got updated, but how does it compare to the Mac mini?

Apple announced a long-awaited update to the Mac mini. Thanks to the updated specs and increase in price, it's begun to creep up to the base model iMac. In this guide, we now put up the specs on the newest refreshed Mac mini against the…
Computing

Here's our guide to how to charge your laptop using a USB-C cable

Charging via USB-C is a great way to power up your laptop. It only takes one cable and you can use the same one for data as well as power -- perfect for new devices with limited port options.
Computing

Pinning websites to your taskbar is as easy as following these quick steps

Would you like to know how to pin a website to the taskbar in Windows 10 in order to use browser links like apps? Whichever browser you're using, it's easier than you might think. Here's how to get it done.
Computing

Great PC speakers don't need to break the bank. These are our favorites

Not sure which PC speakers work best with your computer? Here are the best computer speakers on the market, whether you're working with a tight budget or looking to rattle your workstation with top-of-the-line audio components.
Computing

Should you buy the affordable MacBook Air, or is the MacBook Pro worth the price?

Though they both share Retina Displays and similar keyboards, there are still some specs differences and other changes that differentiate the new 2018 MacBook Air and MacBook Pro. In this guide, we stack the two up against each other.
Computing

Changing a PDF into an EPUB file is easier than you might think

If you like to read on a tablet or ebook reader, you'll find that ePUB files offer a number of advantages over PDFs. With this guide, we'll show you how to convert a PDF to EPUB in a few quick steps.
Computing

Confused about RSS? Don't be. Here's what it is and how to use it

What is an RSS feed, anyway? This traditional method of following online news is still plenty useful. Let's take a look at what RSS means, and what advantages it has in today's busy world.
Computing

Here are the best affordable monitors for your budget desktop

Looking for the best budget monitors? These monitors are affordable, but still provide the features you need for gaming, work, home or other plans! Take a look at the displays and your wallet will thank you.
Computing

This limited-time Dell deal cuts $330 off the price of the XPS 15

Dell is currently running a limited-time sale that is cutting the pricing on the XPS 15 down by $330, but only through Thursday, March 21, and with the use of a special coupon code. 
Mobile

Google hit with another fine by the EU, this time for $1.7 billion

Google has been fined for the third time by the EU, this time for breaching antitrust laws by requiring third-party websites using its search function to prioritize its ads over competitors.