Bounty on Rustock Botnet Operators

Wednesday, July 20, 2011 @ 01:07 PM gHale


The days of the Old West conjures up thoughts of bounty hunters tracking down cattle rustlers and other criminals to collect on a reward. Well, Microsoft is putting a $250,000 bounty for information leading to the arrest of those who controlled Rustock, a dismantled botnet that in its heyday was one of the biggest sources of illegal spam.

This move comes four months after Microsoft fought to take down Rustock, the botnet that held captive an estimated 1 million PCs. Since that campaign started, the number of infected machines cut in half. Not content with that, Microsoft now wants to go after the operators.

RELATED STORIES
Wireless Weakness Patched
Microsoft Security Center Site Breached
Microsoft Updates Rootkit Removal Plan
‘Indestructible’ Botnet Making Rounds

“This reward offer stems from Microsoft’s recognition that the Rustock botnet is responsible for a number of criminal activities and serves to underscore our commitment to tracking down those behind it,” said Richard Boscovich, a senior attorney in the Microsoft Digital Crimes Unit on a blog post. “While the primary goal for our legal and technical operation has been to stop and disrupt the threat that Rustock has posed for everyone affected by it, we also believe the Rustock bot-herders should be held accountable for their actions.”

Rustock was at times capable of sending 30 billion spam messages per day, Microsoft said. Among other things, it pitched discounted pharmaceutical drugs that were fakes or unlicensed, posing a hazard to those who used them.

The March takedown of the botnet wielded court orders that allowed authorities to seize servers at five hosting providers used to administer the sophisticated botnet. Although the IP addresses hardwired into the underlying malware are now gone, hundreds of thousands of PCs remain infected, Boscovich said.

The Rustock takedown came a little more than a year after Microsoft used similar tactics to bring down the Waldec botnet. In April, federal authorities borrowed similar techniques to close the Coreflood botnet. The Coreflood gave the feds legal permission to establish a substitute control channel that temporarily disabled the underlying malware running on hundreds of thousands of infected end-user computers.



Leave a Reply

You must be logged in to post a comment.