Microsoft Helps Shut World's Largest Spam Network -- Redmondmag.com

Microsoft Helps Shut World's Largest Spam Network

By Chris Paoli
03/18/2011

In conjunction with federal law enforcement agencies, Microsoft's Digital Crimes Unit (DCU) announced on Thursday that it had helped pulled the plug on the Rustock spybot network.

The botnet ring had controlled more than 1 million computers, sending billions of spam e-mails per day, according to Microsoft. The takedown wasn't the first, as the DCU also succeeded in hobbling the Waledac botnet in February of last year, but it was considered smaller than Rustock.

"This operation, known as Operation b107, is the second high-profile takedown in Microsoft's joint effort between DCU, Microsoft Malware Protection Center and Trustworthy Computing -- known as Project MARS (Microsoft Active Response for Security) -- to disrupt botnets and begin to undo the damage the botnets have caused by helping victims regain control of their infected computers," wrote Richard Boscovich, senior attorney for the Microsoft DCU.

The international Waledac ring had been responsible for over 1.5 billion spam e-mails a day. Rustock was once held responsible for 47 percent of the world's spam, or over 30 billion e-mails a day, during its peak in December 2010. Rustock's standard operating practices to yoke computers into its network included sending spam e-mails to users concerning Microsoft lotteries that were scams, as well as offers for prescription drugs that turned out to be fakes.

With both rings, legal and technical measures were deployed to sever the connection between the main server control and the millions of infected systems. With Rustock, the team obtained a court declaration from pharmaceutical company Pfizer concerning the harmful effects of the drugs offered in the spam e-mails. According to that declaration, the drugs offered usually contained the wrong dosage amounts, incorrect active ingredients and harmful chemicals, including pesticides, floor wax and lead-based paint.

The DCU's next concern is to help unsuspecting victims of the botnet. It's doing so by working with ISPs and security organizations.

"We are also now working with Internet service providers and Community Emergency Response Teams (CERTs) around the world to help reach out to help affected computer owners clean the Rustock malware off their computers," said Boscovich.

Microsoft advises users to periodically scan their PCs for malware and remove it. The company provides some cleanup resources here.

About the Author

Chris Paoli (@ChrisPaoli5) is the associate editor for Converge360.

Featured

Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.
Fallout from Microsoft's 'Midnight Blizzard' Saga Hits Feds

When the Russian attack group Midnight Blizzard successfully breached Microsoft corporate e-mail accounts late last year, it apparently managed to steal U.S. government agency e-mails, too.
PowerShell Script Used in Phishing Attack May Be AI-Generated

A PowerShell script being used in a novel malware campaign may have been created by AI, according to security researchers at Proofpoint.
Using Microsoft Office to Build a Network Diagram, Part 1

Keeping documentation is a great way to ease your future hardware refresh and have what you need for insurance purposes.
Microsoft Claims Breakthrough in Quantum Computing Reliability

A new paper details Microsoft's recent progress in quantum computing -- specifically, its development of a system that is both significantly less prone to errors and better at correcting them.