Microsoft and U.S. enforcement agents seized computer hardware from Internet hosts across the U.S. on Wednesday.
The software giant launched raids as part of a lawsuit it filed in February against operators of the Rustock botnet. The Wall Street Journal reported the raids after a federal judge unsealed the lawsuit on Thursday. U.S. marshals assisted Microsoft’s digital crimes unit into Internet hosting facilities in Kansas City, Mo.; Scranton, Penn; Denver; Dallas; Chicago; Seattle and Columbus, Ohio.
“We think this has been 100% effective,” said Richard Boscovich to WSJ, senior attorney in Microsoft’s digital crimes unit. The move comes after Microsoft helped coordinate a major botnet takedown of Waledac last year. The waledac bonnet consisted of around 90,000 compromised machines capable of sending around 1.5 billion spam messages a day. The Rustock botnet is the largest source of spam in the world, consisting of around 150,000 machines sending around 30 billion spam messages a day. The take down is part of Microsoft’s fight against illegal botnets is designed to stop the spread of malware and spam mail.
Botnets are networks of compromised computers controlled by “bot herders” or “bot masters” that use the thousands (sometimes millions) of compromised Windows machines to distribute adware, spyware, spam emails and launch DDoS attacks. Botnets are typically installed onto end users machines by web browser vulnerabilities, worms, Trojan horses, or backdoors. A “bot master” will then control the machines by IRC commands to launch attacks or send email spam.
Microsoft has previously proposed that infected PCs should be banned from the Internet. Senior Microsoft Executive Scott Charney suggested in October that virus-infected PCs should be quarantined from the Internet in the same way that society deals with infected humans. The proposals generated a significant amount of industry debate. Charney reflected on his comments in February but still called for industry feedback and suggestions to tackle the ongoing issues of botnets and infected PCs.