Architecture, Network security, Threats, Cybercrime, Malware

After a botnet falls, infected PCs drop by more than half

July 6, 2011

More than half of Rustock-infected machines have been cleaned since Microsoft  led a joint effort earlier this year to shut down the prolific botnet, according to new report released Tuesday by the software giant.

According to the "Battling the Rustock Threat" report, as of June 18, more than 700,000 IP addresses were infected with Rustock, down from more than 1.6 million on March 26.

"That's great news, and the infection reduction has happened much more quickly than it did for Waledac over a similar period of time last year, but we still have a long way to go," wrote Richard Boscovich, a Microsoft senior attorney, in a blog post.

Infected IP addresses based in India, Russia and the Ukraine have seen the most precipitous declines, around 70 percent each. Computers in India had the highest initial infection rate, so even with the substantial cleaning, the country still has nearly 100,000 compromised machines. The United States ranks second by number of Rustock-hijacked PCs still in existence, with more than 55,000.

At one point, Rustock was responsible for almost half of the world's spam, according to security firm Symantec. The botnet was believed to control a network of more than a million computers, enabling its controllers to send out as many as 40 billion spam emails per day, selling everything from software to discounted drugs like Viagra and Cialis, although many of the products were said to be counterfeit.

The takedown, dubbed Operation b107, was led by Microsoft but also involved law enforcement, industry and academic partners.

The operation severed the connection between Rustock's command-and-control (C&C) servers, which send out instructions to infected computers, Boscovich explained in March.

prestitial ad