U.S. Marshals, Microsoft take down massive spam network
Connecting state and local government leaders
In conjunction with federal law enforcement agencies, Microsoft's Digital Crimes Unit (DCU) has helped pulled the plug on the Rustock spybot network.
In another blow to spammers, federal law enforcement agencies, Microsoft and other security experrts recently took the the 1 million-computer Rustock spybot network out of commission.
The botnet ring had been sending billions of spam e-mails per day, according to Microsoft. The takedown wasn't the first, as Microsoft's Digital Crimes Unit (DCU) also succeeded in hobbling the Waledac botnet in February of last year, but it was considered smaller than Rustock. In 2009, a complaint filed by the Federal Trade Commission took Pricewert LLC, which had provided service to a number of major bot herders, offline.
"This operation, known as Operation b107, is the second high-profile takedown in Microsoft's joint effort between DCU, Microsoft Malware Protection Center and Trustworthy Computing -- known as Project MARS (Microsoft Active Response for Security) -- to disrupt botnets and begin to undo the damage the botnets have caused by helping victims regain control of their infected computers," wrote Richard Boscovich, senior attorney for the Microsoft DCU.
Related coverage:
Death, taxes and spam in your inbox
Score one for the good guys in the battle against spam
Memerbs of the MARS program researched the botnet for 18 months, resulting in raids by U.S. Marshals and forensics experts of data centers in Chicago, Columbus, Dallas, Denver, Kansas City, Scranton, Pa., and Seattle, according to InfoWorld.
The international Waledac ring had been responsible for over 1.5 billion spam e-mails a day. Rustock was once held responsible for 47 percent of the world's spam, or over 30 billion e-mails a day, during its peak in December 2010. Rustock's standard operating practices to yoke computers into its network included sending spam e-mails to users concerning Microsoft lotteries that were scams, as well as offers for prescription drugs that turned out to be fakes.
With both rings, legal and technical measures were deployed to sever the connection between the main server control and the millions of infected systems. With Rustock, the team obtained a court declaration from pharmaceutical company Pfizer concerning the harmful effects of the drugs offered in the spam e-mails. According to that declaration, the drugs offered usually contained the wrong dosage amounts, incorrect active ingredients and harmful chemicals, including pesticides, floor wax and lead-based paint.
The DCU's next concern is to help unsuspecting victims of the botnet. It's doing so by working with ISPs and security organizations.
"We are also now working with Internet service providers and Community Emergency Response Teams (CERTs) around the world to help reach out to help affected computer owners clean the Rustock malware off their computers," said Boscovich.
Microsoft advises users to periodically scan their PCs for malware and remove it. The company provides some cleanup resources here.
NEXT STORY: How Stuxnet changes the security game