Microsoft revealed its plans on Monday for a cash reward for information on the Rustock botnet.
Microsoft’s pursuit of the Rustock botnet operators has been comprehensive thus far. The software giant claims that IP address infections of Rustock have reduced by 56.12% worldwide since the company took action in March. Microsoft took the infamous Rustock botnet down earlier this year and claims it remains dead. The software maker took the Russian botnet out alongside U.S. enforcement agents. The pair seized computer hardware from Internet hosts across the U.S. in March.
Microsoft’s monetary reward will be awarded to individuals who provide information that leads to the identification, arrest and criminal conviction of any Rustock operators. “This reward offer stems from Microsoft’s recognition that the Rustock botnet is responsible for a number of criminal activities and serves to underscore our commitment to tracking down those behind it,” said Microsoft’s Senior Attorney, Richard Boscovich.
The Rustock botnet was the largest source of spam in the world, consisting of around 150,000 machines sending around 30 billion spam messages a day. The take down was part of Microsoft’s fight against illegal botnets, designed to stop the spread of malware and spam mail. Botnets are networks of compromised computers controlled by “bot herders” or “bot masters” that use the thousands (sometimes millions) of compromised Windows machines to distribute adware, spyware, spam emails and launch DDoS attacks. Botnets are typically installed onto end users machines by web browser vulnerabilities, worms, Trojan horses, or backdoors. A “bot master” will then control the machines by IRC commands to launch attacks or send email spam.
Microsoft revealed recently that it had discovered over 400,000 email addresses on a Russian Rustock botnet server. The software maker filed a status report to a federal judge in late May. “The Microsoft Digital Crimes Unit continues to follow this case wherever it leads us,” says Boscovich. “Based on evidence gathered in the case, we have reason to believe that the people behind the Rustock botnet either have operated or are operating out of Russia.”
Microsoft has previously proposed that infected PCs should be banned from the Internet. Senior Microsoft Executive Scott Charney suggested in October that virus-infected PCs should be quarantined from the Internet in the same way that society deals with infected humans. The proposals generated a significant amount of industry debate. Charney reflected on his comments in February but still called for industry feedback and suggestions to tackle the ongoing issues of botnets and infected PCs.
Microsoft has setup a special email alias for those who have information, firstname.lastname@example.org.