Skip to main content

Microsoft behind Rustock takedown

Earlier this week the computer security and antispam communities were puzzling over the sudden silence of the Rustock botnet, a particularly widespread and aggressive network of captive “zombie” computer that may be responsible for up to 40 percent of the world’s spam. Now, details are emerging about how Rustock was taken down—and credit goes to technology giant Microsoft (along with U.S. and international law enforcement) who were able to sever connections between Rustock’s army of captive computers and its command-and-control servers, effectively taking the botnet offline. Microsoft is now working to sanitize botnet computers before Rustock’s operators can find a way to re-harness them.

Image used with permission by copyright holder

“[Rustock] is estimated to have approximately a million infected computers operating under its control and has been known to be capable of sending billions of spam mails every day, including fake Microsoft lottery scams and offers for fake—and potentially dangerous—prescription drugs,” said Microsoft’s senior attorney in its Digital Crimes Unit Richard Boscovich, in a blog posting. “We are also now working with Internet service providers and Community Emergency Response Teams (CERTs) around the world to help reach out to help affected computer owners clean the Rustock malware off their computers.”

Recommended Videos

Microsoft’s action against Rustock was dubbed “Operation b107.” Microsoft’s approach was similar to how the company moved against the Waledac botnet a year ago, following months of investigative work at Microsoft and in conjunction with its partners—Microsoft specifically singles out security researchers at the University of Washington, network security operators FireEye, and the Dutch High Tech Crime Unit.

The actual takedown involved Microsoft and others filing suit against the botnet’s anonymous operators and making a successful pleading before a court to work with law enforcement to conduct a coordinated seizure of Rustock command-and-control servers operating in the United States. According to Microsoft, Rustock command servers were confiscated from five hosting providers in seven U.S. cities (including Kansas City, Scranton, Denver, Dallas, Chicago, Seattle, and Columbus), and coordination with upstream providers helped cut the servers off from the botnet controllers. Microsoft describes Rustock’s infrastructure as considerably more sophisticated than that used by Waledac, relying on hard-coded IP addresses that can’t easily be disrupted through DNS. Microsoft says it also worked with CN-CERT to block registration of domains in China that Rustock ould have used for new command-and-control servers.

Interestingly, drug-maker Pfizer is a party to the suits brought against Rustock’s operator, with its declaration that the drugs advertised via much of the spam sent by Rustock often have incorrect active ingredients, improper dosages, or are even contaminated with pesticides, lead, and other toxins.

At the moment, it’s safest to say Rustock has been made inactive, rather than having been taken down: the estimated million infected zombie computers are still out there, and if Rustock’s creators are wily they might be able to regain control over some portion of them. Microsoft emphasizes it’s strategy doesn’t just involve cutting the heads off botnets, but also cleaning malware off infected computers so the botnet can’t come back to life.

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Microsoft is letting anyone use ChatGPT’s $200 reasoning model for free
Copilot on a laptop on a desk.

OpenAI’s o1 model is now a part of Microsoft Copilot AI experience. Microsoft 365 users can access the model for free through a new toggle called 'Think Deeper' that is now available for Copilot chat.

Microsoft AI chief, Mustafa Suleyman recently announced details of the new Microsoft 365 feature on LinkedIn. The feature can assist with advice, planning, and deep diving into various topics, among other tasks. Unlike other Copilot features, which are embedded within Microsoft 365 desktop programs, you can access Think Deeper through the Copilot web-based chat at copilot.microsoft.com or via the downloadable Copilot app. You must have a Microsoft account to access the feature.

Read more
Microsoft says you can run DeepSeek R1 right on your laptop
The Surface Laptop shown in front of a Copilot+ sign.

Microsoft has made an interesting move in being quick to support the DeepSeek R1 reasoning model on its Azure cloud computing platform and GitHub tool for developers, not long after setting its sights legally on the China-based company.

Microsoft has announced that it will make the new DeepSeek AI model available in “NPU-optimized” versions that will be more aligned with Windows 11 Copilot+ PCs and compatible with the components they run. It will first roll out a version for Qualcomm Snapdragon X devices, then one for Intel Lunar Lake PCs, and finally a variant for AMD Ryzen AI 9 processors. Additionally, Microsoft will add the DeepSeek-R1-Distill-Qwen-1.5B model to its Microsoft AI Toolkit for developers, and will also make available 7B and 14B versions.

Read more
Microsoft is killing this popular Word feature and replacing it with AI
Microsoft word document.

In a Microsoft Support blog post, the software giant announced the end of a helpful feature called Smart Lookup available in Word. It appears like an attempt to get users to use Microsoft's Copilot AI. The feature has been around since 2016, and it gives users definitions, relevant links, and synonyms directly inside of Word. Now, it's gone for good.

Nevertheless, if you right-click on a word and choose Search from the context menu, you will see only an empty search panel. Some users will see a message saying, "Sorry, something went wrong. Please try again," while others will see a blank space that never stops loading. Microsoft even removed the Smart Lookup feature from the standalone Office 2024 suite.

Read more