Advertisement
Advertisement

Microsoft took down Rustock spamming botnet

David Ludlow
18 Mar 2011
Microsoft took down Rustock spamming botnet
Advertisement

Billions of spam per day wiped out

When the Rustock spamming botnet, which sent out billions of messages per day, suddenly went down just over 24 hours ago, the IT industry was a bit confused by what exactly had happened. Many people just assumed it was a lull in activity, just as when the botnet temporarily went offline over Christmas.

Today, we've learned that the real reason Rustock went down was because of Microsoft appealing to the US District Court for the Western District to have botnet servers seized.

Microsoft revealed its actions in a blog post, revealing the full details of what it unimaginatively titled, Operation b107 (where's the excitement in that?).

The plan involved cutting off control of the Rustock servers to the clients. It attacks the way that botnets fundamentally work, which is to infect a whole bunch of PCs with malware, then use them to send out spam messages. The power of such as system like this is that dealing with the individual infections on PCs is practically impossible and could never be completed. By attacking the controlling servers instead, the infected computers have nothing controlling them and the spam completely dries up.

In this case, Microsoft requested the seizure of servers in Kansas City, Scranton, Denver, Dallas, Chicago, Seattle and Columbus. The information from these computers was used to identify where the botnet was being controlled from, plus gives more detail on how the botnet works to help produce better defences in the future. Then, with help from the ISPs, the IP addresses that controlled the botnet were cut off, preventing them from communicating with the infected computers.

The results were impressive, with spam from the network completely drying up. Considering that Rustock was the biggest spam network on the internet, it has meant that there's been a massive reduction in global spam levels.

Microsoft now plans to help clean up the infected computers - more information and cleaning tools can be found online at www.microsoft.com/botnets.

While it's good news for now, the thing about botnets is that they're incredibly versatile. As the hackers that run them are out for financial gain, there's a good chance that new spamming networks will spring up and we're sure that global spam levels won't take long to return to high volumes.

Next time, the necessary servers might not be hosted in the US. For this reason Microsoft has said it needs help world-wide to help combat spam, with co-operation from companies, security vendors and governments to continue to fight against spam. What's apparent from this recent victory is that technology can only be used against botnets if there's the legal backing in place to enforce the protection.

Read more

News