Friday, March 18, 2011

Rustock Botnet - This time Microsoft did win big!!!

You can be sure that half your spam you got was from Rustock Botnet. A spam server farm of over 150.000 server.
I get as an example on a daily basis around 150 spams. Since Wednesday i only get 70 a day. Microsoft was able to hunt them down, thank you Microsoft. I hope they hunt more down.

This is a very big success for MS.

Wikiepdia on Rustock Botnet:
The Rustock botnet (founded around 2006)[1] is a botnet that consists of an estimated 150,000 computers running Microsoft Windows, and is capable of sending around 30 billion spam messages a day (each infected PC is capable of sending an estimated 25,000 messages a day).[2] Reported estimates on its size vary greatly across different sources, with claims that the botnet may be anywhere between 150,000 to 2,400,000 machines.[3][4][5] The size of the botnet is increased and maintained mostly through self-propagation, where the botnet sends a large amount of malicious e-mails in the hopes of infecting its receivers with a trojan which will then turn the receiver into a part of the botnet.[6]

The botnet took a hit after the 2008 takedown of McColo, an ISP which was responsible for hosting most of the botnet's command and control servers. McColo regained internet connectivity for several hours and in those hours up to 15 Mbit a second of traffic was observed, likely indicating a transfer of command and control to Russia.[7] While these actions temporarily reduced global spam levels by around 75%, the effect did not last long. Spam levels increased by 60% between January and June 2009, 40% of which has been credited to the Rustock botnet

Full article about MS vs Rustock Botnet: (NICK WINGFIELD article):
Microsoft Corp. and federal law enforcement agents seized computer equipment from Internet hosting facilities across the U.S. in a sweeping legal attack designed to cripple the leading source of junk email on the Internet.

Microsoft launched the raids as part of a civil lawsuit filed in federal court in Seattle in early February against unnamed operators of the Rustock "botnet," a vast network of computers around the globe infected with malicious software that allows its masterminds to distribute enormous volumes of spam, peddling everything from counterfeit software to pharmaceuticals.
In recent years, Microsoft has stepped up legal actions against a variety of Internet nuisances like spam that it believes inflict harm on its product and reputation. Spam taxes the servers of its Hotmail email service, and impacts the Internet experience of users of Microsoft software like Windows and Office. The malicious code used to form spam botnets often exploits security vulnerabilities in products like Windows.

A collection of hard drives Microsoft seized in Kansas City, Mo., as part of a nationwide takedown of a leading source of spam.
That lawsuit was unsealed late Thursday by a federal judge, at Microsoft's request, after company executives said they dealt a seemingly lethal blow to the botnet in their raids on Wednesday.

As part of that dragnet, U.S. marshals accompanied employees of Microsoft's digital crimes unit into Internet hosting facilities in Kansas City, Mo.; Scranton, Pa; Denver; Dallas; Chicago; Seattle and Columbus, Ohio. The Microsoft officials brought with them a federal court order granting them permission to seize computers within the facilities alleged to be "command-and-control" machines, through which the operators of the Rustock botnet broadcast instructions to their army of infected computers, estimated by Microsoft at more than one million machines world-wide.

Microsoft doesn't allege in its lawsuit that the Internet hosting companies knew that machines within their facilities were being used as part of Rustock.

Company executives likened the action to a "decapitation" of the botnet aimed at severing the command-and-control computers from sending orders to their network of infected computers, which are typically owned by people who have no idea their machines are being harnessed by outsiders for spam. The Rustock botnet is the largest source of spam in the world at the end of last year, accounting for nearly half of all spam, security firm Symantec Corp. said in a blog post on Thursday.

"We think this has been 100% effective," said Richard Boscovich, senior attorney in Microsoft's digital crimes unit.

The defendants in Microsoft's lawsuit are referred to simply as "John Does 1-11," since the identities of the operators of the botnet aren't yet known.

The move seemed to be largely effective at disabling its target, a prodigious source of spam that at times delivered billions of spam messages a day, many of them offering steep discounts on drugs like Viagra and Cialis, according to Microsoft. Symantec said in a blog post that Rustock ceased sending spam at around 11:30 am eastern time on Wednesday, according to its junk email measurements.

That time is shortly after Microsoft's action on the botnet commenced, according to Microsoft executives.

Microsoft says it confiscated dozens of hard drives and a handful of computers from the hosting providers as part of the raid. Most of the equipment was leased from afar by customers, some of whom listed addresses in Azerbaijan, according to Mr. Boscovich

The move by Microsoft is the second time the company has employed novel legal tactics to target a botnet, the services of which are often rented out by their operators to purveyors of spam and malware. In February 2010, a federal judge okayed a request by Microsoft to seize control of hundreds of Internet addresses that were allegedly being used to transmit commands to a botnet known as Waledac. That move was effective in knocking Waledac out of commission, according to Microsoft.

In its action against Rustock, Microsoft officials say they had to seize actual computer equipment connected to the botnet, rather than simply taking possession of Internet addresses. That's because the masterminds behind Rustock designed their infected computers to receive instructions from Internet protocol addresses tied to specific command-and-control machines.

As a precaution, Microsoft also worked with the companies that provide Internet access to the hosting facilities where the machines were stored to prevent any communications with the Internet protocol addresses allegedly linked to the botnet.

In its complaint, Microsoft alleges that the operators of Rustock are allegedly violating Microsoft trademarks with spam that fraudulently claims Microsoft sponsorships of lotteries and other come-ons.

Read more:

No comments:

Post a Comment