Microsoft Report: Rustock Botnet Infections Halved Worldwide
Microsoft today released new information on the Rustock botnet ring, showing decreased infection rates since law enforcement actions took place.
The details are spelled out in a special-edition Microsoft Security Intelligence Report, entitled, "Battling the Rustock Threat." Microsoft, in conjunction with government officials, helped to shut down the Rustock Botnet ring in March. Officials seized command-and-control servers in the United States, disrupting the botnet, which was estimated at its height to have infected more than a million computers.
The Rustock botnet was said to have sent out billions of spam e-mails per day. Law enforcement actions have reduced the infections substantially worldwide.
"In short, since the time of the initial takedown, we estimate the Rustock botnet is now less than half the size it was when we took it down in March," wrote Richard Broscovitch, senior attorney at Microsoft's Digital Crimes Unit, in a blog post discussing the report.
According to information obtained from IP addresses, the worldwide number of known infected systems went from 1,601,619 at the end of March to 702,860 in June -- a decrease of 56.12 percent. The U.S. infection rate dropped by 35.48 percent, while the two largest infected countries, India and Russia, decreased their infection rates by 69.30 and 70.61 percent, respectively.
Speaking of Russia, Microsoft has long believed the mastermind of the Rustock Botnet hails from that region. Microsoft even ran ads in two mainstream Russian newspapers for 30 days that announced those responsible can claim their case in front of a court.
"Although history suggests that the people associated with the IP addresses and domain names connected with the Rustock botnet are unlikely to come forward in response to a court summons, we hope the defendants in this case will present themselves," Broscovitch wrote in an earlier blog posting. "If they do not, however, we will continue to pursue this case, including possibly within the Russian judicial system, if necessary."
Microsoft's report provides a detailed overview of how the Rustock Trojan functions, and how the majority of systems infected with it are also plagued with additional malware. Microsoft performed a test of the virus by installing it on a clean computer, Within five minutes, the system was infected with multiple unwanted software, and many of those programs caused additional malware to download and install.
Broscovitch sees this demonstration as a good wakeup call for users to be diligent in their safe computing practices online.
"Safe practices include things like running up-to-date and legitimate software (for Microsoft customers, this also means ensuring Microsoft Update is turned on to automatically update all your Microsoft software, but it also means keeping your other software up to date as well), firewall protection and anti-virus and anti-malware protection."
|Top 10 Infected Countries (March 2011)
||Number of Infected Systems
||Decrease of Infected Systems (June 2011)
Table data courtesy of Microsoft.