Recently, The Times of India reported that Microsoft took down a major spam mailer. "Rustock was reported to be among the world's largest spam botnets and was capable of sending as many as 30 billion emails per day. Microsoft worked with Viagra-maker Pfizer and network security firm FireEye during a months-long investigation that culminated with using US warrants to seize "command and control" servers in the western state of Washington.Rustock was knocked offline on Wednesday when the connection was severed between infected computers and the machines used to give them orders, according to Boscovich"
Paul Mah writes in Fierce CIO Tech Watch:. "The notorious Rustock botnet was finally shut down on Thursday last week in a takedown operation involving Microsoft (NASDAQ: MSFT), industry partners and federal law enforcement agents. According to Symantec, the Rustock botnet was responsible for a large proportion of the world's spam (39 percent); the illicit computer network powering the botnet was thought to consist of close to a million compromised client computers.
The road to getting Rustock offline was not a short one; it was the culmination of a year-long investigation by Microsoft's Digital Crimes Unit with assistance from various industry partners. The DCU essentially compiled a long list of pertinent information such as the domain names, IP addresses and hosting companies that botnet operators were determined to be using. In a civil suit filed last February, Microsoft sought a judge's permission to gain control of the IPs of 'controller nodes' of Rustock--and which number in the hundreds.
CNET News writes: "The Wall Street Journal first reported that it was Microsoft's digital crimes unit, working in concert with U.S. marshals, that raided seven hosting facilities across the country and seized the command-and-control machines that ran the network. Those are the servers that send instructions to the fleet of infected computers to dish out spam messages hawking such items as phony lottery scams and fake and potentially dangerous prescription drugs. The takedown was known internally as Operation b107".
The WSJ article referred to by CNET must be the one by Nick Wingfield: "Microsoft says it confiscated dozens of hard drives and a handful of computers from the hosting providers as part of the raid. Most of the equipment was leased from afar by customers, some of whom listed addresses in Azerbaijan, according to Mr. Boscovich
None of us using PCs wiill likely know whether our own computers were infected. Since there are others out there with botnets, we are free from infection without lots of protection. After all, Rustock was only 39% of spam. It seems to have eminated for
No comments:
Post a Comment