• Microsoft shuts down spam behemoth Rustock, reduces worldwide spam by 39%


    Microsoft's Digital Crimes Unit, working with federal law enforcement agents, has brought down the world's largest spam network, Rustock.

    Rustock, at its peak, was a botnet of around 2 million spam-sending zombies capable of sending out 30 billion spam email per day. Microsoft's wholesale slaughter of Rustock could reduce worldwide spam output by up to 39%.

    Rustock was taken down, piece by piece, in a similar way to the Mega-D botnet. First the master controllers, the machines that send out commands to enslaved zombies, were identified. Microsoft quickly seized some of these machines located in the U.S. for further analysis, and worked with police in the Netherlands to disable some of the command structure outside of the U.S.

    With the immediate threat disabled, Microsoft then worked with upstream providers to black hole the IP addresses of whoever was controlling the botnet. To prevent further master controllers popping up, Microsoft worked with Chinese CN-CERT to block registration of domains that could be used by new command and control servers.

    Finally, Microsoft is now working with ISPs and CERTs around the world to help clean the Rustock malware from around 1 million infected machines. It's also worth noting that Microsoft didn't do this alone; specialists from Pfizer, FireEye (the company behind the Mega-D botnet takedown), and the University of Washington helped out.

    Why Pfizer you ask? Because Rustock's spam is mostly of the pharmaceutical kind. The drugs advertised in such spam are rarely the real deal. They can contain the wrong active ingredients, or the wrong dosage. Not only did Rustock spam cut into Pfizer's profits, but it might have been killing people too.

    Comments 3 Comments
    1. mjmacky's Avatar
      mjmacky -
      I read this and am perplexed by the doubt I have, I really wasn't sure if I was reading fact or fiction.
    1. duke0102's Avatar
      duke0102 -
      39% is really a massive amount...... untill tomorrow when they reopen themselves that is lol
    1. lavino's Avatar
      lavino -
      39% ... completely shut down all hotmail accounts probably instantly remove more spam received LOL