Rustock Botnet Beaten Down by Microsoft

Microsoft announced that Wednesday, it successfully shut down another giant botnet that’s been spreading malware around the Web with the aid of perhaps as many as a million corrupted PCs.

The takedown of the latest botnet, known as Rustock, was similar to the Waledac botnet that the company helped bring down last year, according to a post to the Microsoft (NASDAQ: MSFT) on the Issues blog on Thursday, by Richard Boscovich, a senior attorney on the company’s Digital Crime Unit (DCU).

Botnets are clandestine networks of thousands, or even millions, of computers that have been secretly taken over by malware and are used to spread other malware or spam — lots of spam — at the command of controllers called “bot-herders.”

“This botnet is estimated to have approximately a million infected computers operating under its control and has been known to be capable of sending billions of spam mails every day, including fake Microsoft lottery scams and offers for fake – and potentially dangerous – prescription drugs,” Boscovich said.

The Rustock botnet was taken offline Wednesday following a ruling by the U.S. District Court for the Western District of Washington, resulting in the seizure of command and control servers hosted in multiple locations, the post said.

The ruling came about through the same strategy Microsoft had used last year when it shut down Waledac in February 2010. Microsoft sued the anonymous operators of the two botnets.

“We sought and obtained a court order allowing us to work with the U.S. Marshals Service to physically capture evidence onsite and, in some cases, take the affected servers from hosting providers for analysis,” Boscovich said.

Using the court’s order, they seized servers from five hosting companies in seven U.S. cities. That included Kansas City, Scranton, Denver, Dallas, Chicago, Seattle, and Columbus.

Microsoft disabled the botnet by severing the IP addresses that let the controllers communicate, breaking the systems’ communications in a way that can’t be reactivated.

As with Waledac, Microsoft said it will also help in removing malware from the infected PCs. There may be a lot of work to do.

“DCU researchers watched a single Rustock-infected computer send 7,500 spam emails in just 45 minutes – a rate of 240,000 spam mails per day,” the post added.

Waledac had the capability to send as many as 1.5 billion spam messages per day, Microsoft said.

Stuart J. Johnston is a contributing editor at, the news service of, the network for technology professionals. Follow him on Twitter @stuartj1000.

News Around the Web