Skip to main content

Microsoft behind Rustock spam botnet takedown

Microsoft was behind the takedown of mega-spambot Rustock on Wednesday, in an operation jointly organised with US federal law enforcement agents.

The Wall Street Journal reports that the software giant's Digital Crimes Unit teamed up with US marshals to carry out coordinated raids at seven hosting facilities across America, as part of an ongoing joint effort called Project MARS (Microsoft Active Response for Security).

Operation b107, as it was known, resulted in the seizure of the command-and-control machines that ran the Rustock network. The raids followed the decision of a federal court in Seattle in a civil lawsuit filed over the use of Microsoft's trademarks in the botnet's spam.

The takedown put a stop to the botnet - which at its height used as many as 2.4 million infected computers, known as 'bots' - to send nearly 40 per cent of the world's unsolicited 'spam' email messages.

Spam sent via Rustock was used to peddle products including illegal and counterfeit pharmaceuticals that posed a danger to public health.

"This botnet is estimated to have approximately a million infected computers operating under its control and has been known to be capable of sending billions of spam mails every day," Richard Boscovich, senior attorney in the Microsoft Digital Crimes Unit, wrote in a blog post.

The demise of the Rustock botnet took the online security community by surprise. Following a lull over Christmas last year, during which Rustock stopped sending spam for a few days, some commentators speculated that the lull could prove another temporary one.