Microsoft revealed on Thursday that the company has completed its civil case against the Rustock botnet operators.
Microsoft’s Digital Crimes Unit is now referring the case and its evidence to the FBI for criminal review. Judge James L. Robart, of the U.S. District Court for the Western District of Washington ruled earlier this month that the domain names and IP addresses used to host the Rustock botnet would be removed from the botnet hosts control. Microsoft’s participation in the Rustock botnet take down is helping to ensure that the botnet will never be used again by cyber criminals.
“We are also turning over all of the evidence we collected during discovery and our investigation to the FBI,” said Richard Domingues Boscovich, Microsoft’s digital crimes unit senior attorney. Microsoft is still offering a $250,000 reward for those responsible for Rustock. “Any tips should be sent directly to the FBI at MS_Referrals@ic.fbi.gov,” said Boscovitch in a blog post on Thursday. Microsoft’s pursuit of the Rustock botnet operators has been comprehensive thus far. The software giant claims that IP address infections of Rustock have reduced by 73.66% worldwide since the company took action in March. Microsoft took the infamous Rustock botnet down earlier this year and claims it remains dead. The software maker took the Russian botnet out alongside U.S. enforcement agents. The pair seized computer hardware from Internet hosts across the U.S. in March.
The Rustock botnet was the largest source of spam in the world, consisting of around 150,000 machines sending around 30 billion spam messages a day. The take down was part of Microsoft’s fight against illegal botnets, designed to stop the spread of malware and spam mail. Botnets are networks of compromised computers controlled by “bot herders” or “bot masters” that use the thousands (sometimes millions) of compromised Windows machines to distribute adware, spyware, spam emails and launch DDoS attacks. Botnets are typically installed onto end users machines by web browser vulnerabilities, worms, Trojan horses, or backdoors. A “bot master” will then control the machines by IRC commands to launch attacks or send email spam.