Taking down botnets: Microsoft and the Rustock botnet

From Botnets.fr
Jump to navigation Jump to search

(Publication) Google search: [1]

Taking down botnets: Microsoft and the Rustock botnet
Botnet Rustock
Botnet/malware group
Exploit kits
Distribution vector
Operation/Working group Operation b107
Date 2011 / 17 Mar 2011
Editor/Conference Microsoft
Link http://blogs.technet.com/b/microsoft blog/archive/2011/03/18/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx (Archive copy)
Author Richard Boscovich


Just over a year ago, we announced that the Microsoft Digital Crimes Unit (DCU), in cooperation with industry and academic experts, had successfully taken down the botnet Waledac in an operation known as “Operation b49”. Today, I’m happy to announce that based on the knowledge gained in that effort, we have successfully taken down a larger, more notorious and complex botnet known as Rustock. This botnet is estimated to have approximately a million infected computers operating under its control and has been known to be capable of sending billions of spam mails every day, including fake Microsoft lottery scams and offers for fake – and potentially dangerous – prescription drugs.

This operation, known as Operation b107, is the second high-profile takedown in Microsoft’s joint effort between DCU, Microsoft Malware Protection Center and Trustworthy Computing – known as Project MARS (Microsoft Active Response for Security) – to disrupt botnets and begin to undo the damage the botnets have caused by helping victims regain control of their infected computers. Like the Waledac takedown, this action relied on legal and technical measures to sever the connection between the command and control structure of the botnet and the malware-infected computers operating under its control to stop the ongoing harm caused by the Rustock botnet. As you may have read, the Rustock botnet was officially taken offline yesterday, after a months-long investigation by DCU and our partners, successful pleading before the U.S. District Court for the Western District of Washington and a coordinated seizure of command and control servers in multiple hosting locations escorted by the U.S. Marshals Service.


 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2011BFR959,
   editor = {Microsoft},
   author = {Richard Boscovich},
   title = {Taking down botnets: Microsoft and the Rustock botnet},
   date = {17},
   month = Mar,
   year = {2011},
   howpublished = {\url{http://blogs.technet.com/b/microsoft_blog/archive/2011/03/18/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx}},