Skip to main content

Microsoft still after Rustock botnet operators

Microsoft’s stealth attack against the infamous Rustock botnet seems to have worked—the botnet has remained offline. However, Microsoft’s Digital Crimes Unit is still going after the operators, who it believes operated (and perhaps are still operating) out of Russia—and this time it’s through the press and legal process, sending notices of court orders to folks believed to be involved, and taking out 30-day ads in leading Russian newspapers in an effort to get the owners of the IP addresses that controlled Rustock to come out of the woodwork.

Microsoft Spambot infographic (Rustock) (March 2011)
Image used with permission by copyright holder

“Although history suggests that the people associated with the IP addresses and domain names connected with the Rustock botnet are unlikely to come forward in response to a court summons, we hope the defendants in this case will present themselves,” Microsoft senior attorney Richard Boscovich wrote in the company’s official blog. “If they do not, however, we will continue to pursue this case, including possibly within the Russian judicial system.”

Sending notices to the physical and email addresses associated with the IPs that controlled the botnet and taking out the ads helps Microsoft meet its legal obligations to make a “good faith” effort to contact the owners of the addresses. Microsoft’s take-down of the Rustock botnet essentially involved a coordinated take-down of its command-and-control servers, many of which were actually operating in the United States. Microsoft coordinated with security researchers, upstream providers, and law enforcement to conduct a coordinated seizure. While the takedown was conducted with court authority, the company now has to go through the due diligence to contact the owners of the IP addresses and systems involved so, if they like, they can get their day in court.

Nobody is really expecting the Rustock operators to turn up, however.

Microsoft has noted that since the takedown, the number of PCs infected with the Rustock botnet has declined substantially as more PC users update their software and remove malware from PCs. Global levels of spam also saw a significant decline in the first quarter of the year, in part due to Rustock being taken down.

Rustock’s command-and-control servers might be offline, but that doesn’t take malware off infected PCs, and there’s still a danger that, somehow, the Rustock operators might be able to re-capture their botnet of infected systems and resume their spamming. Unlike the CoreFlood botnet, there doesn’t appear to be a backdoor into Rustock that enables substitute command-and-control servers to issue shutdown or removal commands to infected machines—and do you really want someone sending commands to delete malware on your system, anyway?

Editors' Recommendations

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
How to insert a signature into Microsoft Word
how to insert a signature into microsoft word microsoftwordlaptop1

Inserting a signature into Microsoft Word is the perfect way to make your document appear more professional, as well as to provide a personal touch. Microsoft Word allows you to implement a digital signature for authenticity purposes, a handwritten signature, and a signature line that can be signed manually once the document is printed out.

Let's take a look at how to insert a signature into Microsoft Word.

Read more
Turns out Microsoft’s HoloLens 3 might not be dead after all
microsoft hololens 2

Recent rumors indicated that Microsoft's next-generation Hololens 3 mixed reality headset could be dead, but now there's a chance that might not be true at all. In a tweet, Alex Kipman, who invented HoloLens and is currently a technical fellow at Microsoft, seemed to indicate that the product could still be alive.

As a recap, the whole saga started after a Business Insider report revealed the state of internal disarray and uncertainty within the HoloLens Team. The report also indicated that Microsoft could be working with Samsung on a next-generation headset, and HoloLens 3 was canceled in the middle of last year when that project began. Kipman, though, says not to "believe what you read on the internet," and that "HoloLens is doing great."

Read more
Frustrated security researcher discloses Windows zero-day bug, blames Microsoft
Laptop sitting on a desk showing Windows 11's built-in Microsoft Teams experience.

There's a new zero-day issue in Windows, and this time the bug has been disclosed to the public by an angry security researcher. The vulnerability relates to users leveraging the command prompt with unauthorized system privileges to share dangerous content through the network.

According to a report from Bleeping Computer, Abdelhamid Naceri, the security researcher who disclosed this bug, is frustrated with Microsoft over payouts from the bug bounty program. Bounties have apparently been downgraded significantly over the past two years. Naceri isn't alone, either. One Twitter user reported in 2020 that zero-day vulnerabilities no longer pay $10,000 and are now valued at $1,000. Earlier this month, another Twitter user reported that bounties can be reduced at any time.

Read more