*They think they have killed it dead. Wow. That one was a monster.
*If the claims in this Rupert Murdoch organ have any connection to reality, we oughta see spam volumes drop drastically. I wouldn't be betting on that.
http://online.wsj.com/article/SB10001424052748703328404576207173861008758.html
(...)
In recent years, Microsoft has stepped up legal actions against a variety of Internet nuisances like spam that it believes inflict harm on its product and reputation. Spam taxes the servers of its Hotmail email service, and impacts the Internet experience of users of Microsoft software like Windows and Office. The malicious code used to form spam botnets often exploits security vulnerabilities in products like Windows.
That lawsuit was unsealed late Thursday by a federal judge, at Microsoft's request, after company executives said they dealt a seemingly lethal blow to the botnet in their raids on Wednesday.
As part of that dragnet, U.S. marshals accompanied employees of Microsoft's digital crimes unit into Internet hosting facilities in Kansas City, Mo.; Scranton, Pa; Denver; Dallas; Chicago; Seattle and Columbus, Ohio. (((Cybercrime: hosted near you.)))
The Microsoft officials brought with them a federal court order granting them permission to seize computers within the facilities alleged to be "command-and-control" machines, through which the operators of the Rustock botnet broadcast instructions to their army of infected computers, estimated by Microsoft at more than one million machines world-wide.
Microsoft doesn't allege in its lawsuit that the Internet hosting companies knew that machines within their facilities were being used as part of Rustock.
Company executives likened the action to a "decapitation" of the botnet aimed at severing the command-and-control computers from sending orders to their network of infected computers, which are typically owned by people who have no idea their machines are being harnessed by outsiders for spam. The Rustock botnet is the largest source of spam in the world at the end of last year, accounting for nearly half of all spam, security firm Symantec Corp. said in a blog post on Thursday. (http://blogs.technet.com/b/microsoft_on_the_issues/archive/2011/03/18/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx
(...)
"As in the legal and technical measure that enabled us to take down the Waledac botnet, Microsoft filed suit against the anonymous operators of the Rustock botnet, based in part on the abuse of Microsoft trademarks in the bot’s spam. However, Rustock’s infrastructure was much more complicated than Waledac’s, relying on hard-coded Internet Protocol addresses rather than domain names and peer-to peer command and control servers to control the botnet.
"To be confident that the bot could not be quickly shifted to new infrastructure, we sought and obtained a court order allowing us to work with the U.S. Marshals Service to physically capture evidence onsite and, in some cases, take the affected servers from hosting providers for analysis. Specifically, servers were seized from five hosting providers operating in seven cities in the U.S., including Kansas City, Scranton, Denver, Dallas, Chicago, Seattle, Columbus and, with help from the upstream providers, we successfully severed the IP addresses that controlled the botnet, cutting off communication and disabling it. This case and this operation are ongoing and our investigators are now inspecting the evidence gathered from the seizures to learn what we can about the botnet’s operations.
"Bots are versatile, limited only by the imagination of the bot-herder. That’s why Microsoft and our partners are working so aggressively on innovative approaches to quickly take out the entire infrastructure of a botnet, so that it stays inactive as we assist in cleaning the malware off of infected computers. This is how we approached the Waledac takedown and are currently approaching the Rustock takedown. We will continue to invest similar operations in the future as well in our mission to annihilate botnets and make the Internet a safer place for everyone.
"However, no single company or group can accomplish this lofty goal alone. It requires collaboration between industry, academic researchers, law enforcement agencies and governments worldwide. In this case, Microsoft worked with Pfizer, the network security provider FireEye and security experts at the University of Washington. All three provided declarations to the court on the dangers posed by the Rustock botnet and its impact on the Internet community. Microsoft also worked with the Dutch High Tech Crime Unit within the Netherlands Police Agency to help dismantle part of the command structure for the botnet operating outside of the United States. Additionally, Microsoft worked with CN-CERT in blocking the registration of domains in China that Rustock could have used for future command and control servers.
"We are also now working with Internet service providers and Community Emergency Response Teams (CERTs) around the world to help reach out to help affected computer owners clean the Rustock malware off their computers. Without multi-party public and private collaboration efforts like these, successful takedowns would not be possible. The central lesson we’ve learned from all our efforts to fight botnets has been that cooperation is the key to success.
"Botnets are known to be the tool of choice for cybercriminals to conduct a variety of online attacks, using the power of thousands of malware-infected computers around the world to send spam, conduct denial-of-service attacks on websites, spread malware, facilitate click fraud in online advertising and much more. This particular botnet is no exception...."
(((Even more for you especial Rustock fans out there. I wonder what unemployed botnet herders do for a living.)))
via SANS
–Rustock Botnet Offline
(March 16 & 17, 2011)
The Rustock botnet, which at one point was responsible for as much as
48 percent of all spam worldwide, appears to be offline. Last year,
Rustock sent out more than 44 billion spam messages a day. Rustock
stopped sending out spam on March 16, and researchers are not clear what
is responsible for its silence. The sudden and severe drop in traffic
from Rustock suggests that it may be the target of a coordinated
takedown effort, although no one has taken credit.
http://www.csoonline.com/article/677342/rustock-botnet-goes-quiet-reason-for-takedown-unclear
http://content.usatoday.com/communities/technologylive/post/2011/03/good-guys-take-down-notorious-rustock-spamming-botnet/1
http://krebsonsecurity.com/2011/03/rustock-botnet-flatlined-spam-volumes-plummet/
http://www.pcmag.com/article2/0,2817,2382167,00.asp
[Editor's Note (Honan): It appears the takedown was a coordinated effort
involving Microsoft and US Law Enforcement. A big kudos to all involved
in what is a very effective, yet difficult to execute, exercise.
http://online.wsj.com/article/SB10001424052748703328404576207173861008758.html]
