Threat Management, Malware

Microsoft wins Rustock civil case, passes evidence to FBI

Microsoft has prevailed in its civil case against the operators of the Rustock botnet, and now is handing over its evidence to the FBI in the hopes it will pursue a criminal case, the company announced on Thursday.

U.S. District Court Judge James Robart, sitting in Washington state, earlier this month ruled that the tens of thousands of domain names and IP addresses used to host the prolific botnet were to be disabled for a period of two years.

The move follows a Microsoft-led takedown operation in March, which involved cutting off command-and-control centers from being able to communicate with Rustock-infected machines, and filing a lawsuit against 11 unnamed defendants.

Now, Microsoft is working with the FBI to ensure the masterminds behind the botnet, at one time responsible for almost half of the world's spam, are “held accountable for their actions,” Richard Boscovich, senior attorney with Microsoft's Digital Crimes Unit, wrote in a blog post Thursday.

In July, Microsoft announced a $250,000 reward for information leading to the arrest and conviction of the Rustock operators. That offer is still in effect, but Microsoft has asked that any tips be sent directly to the FBI.

As of last week, Microsoft – which offers free tools to clean Rustock infections – identified 421,000 IP addresses worldwide still infected by Rustock, a reduction of nearly 75 percent since the March effort. In the United States, there are still more than 36,000 Rustock-hijacked PCs.

In its heyday, the botnet was believed to control a network of more than a million computers, enabling them to send out as many as 40 billion spam emails per day, selling everything from software to discounted drugs, like Viagra and Cialis, although many of the products were believed to be counterfeit.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.