Microsoft’s Rustock botnet takedown has reduced infections by over 50%

By Tom Warren, on 5th Jul 11 3:21 pm with 7 Comments

Microsoft revealed new statistics for its Rustock botnet takedown on Tuesday.

The software giant claims that IP address infections of Rustock have reduced by 56.12% worldwide since the company took action in March. Microsoft took the infamous Rustock botnet down earlier this year and claims it remains dead. The software maker took the Russian botnet out alongside U.S. enforcement agents. The pair seized computer hardware from Internet hosts across the U.S. in March.

Microsoft’s latest data on the botnet suggests that infection rates in some countries have dropped by as much as 71%. The majority of the top 10 infected countries at the start of the Rustock takedown have reduced their rate of infection by over 40%. “The good news is that we are making progress,” said Microsoft’s Senior Attorney of digital crimes, Richard Boscovich. “The tech industry, policy makers and consumer advocacy groups have helped curb cyber threats through the development of safer products and by increasing public awareness of cybercrime.” Microsoft says it will continue to provide updates on the Rustock investigation and cleanup efforts.

The Rustock botnet was the largest source of spam in the world, consisting of around 150,000 machines sending around 30 billion spam messages a day. The take down was part of Microsoft’s fight against illegal botnets, designed to stop the spread of malware and spam mail. Botnets are networks of compromised computers controlled by “bot herders” or “bot masters” that use the thousands (sometimes millions) of compromised Windows machines to distribute adware, spyware, spam emails and launch DDoS attacks. Botnets are typically installed onto end users machines by web browser vulnerabilities, worms, Trojan horses, or backdoors. A “bot master” will then control the machines by IRC commands to launch attacks or send email spam.

Microsoft revealed recently that it had discovered over 400,000 email addresses on a Russian Rustock botnet server. The software maker filed a status report to a federal judge in late May. “The Microsoft Digital Crimes Unit continues to follow this case wherever it leads us,” says Boscovich. “Based on evidence gathered in the case, we have reason to believe that the people behind the Rustock botnet either have operated or are operating out of Russia.”

Microsoft has previously proposed that infected PCs should be banned from the Internet. Senior Microsoft Executive Scott Charney suggested in October that virus-infected PCs should be quarantined from the Internet in the same way that society deals with infected humans. The proposals generated a significant amount of industry debate. Charney reflected on his comments in February but still called for industry feedback and suggestions to tackle the ongoing issues of botnets and infected PCs.

  • Impartial

    FANTASTIC!

  • Entegy

    Now that would be an interesting debate. Putting an infected machine in quarantine, away from (Internet) society? On the surface, I would back that idea, but it raises a lot of social issues.

    • jonathan boatrinkin

      yeah like a big lawsuit against them for doing it, thier software goes down and gets infected more than anything else microsoft sucks canal water

    • Entegy

      I was hoping for intelligent debate.From: DisqusSent: 05/07/2011 12:36To: entegy@live.comSubject: [winrumors] Re: Microsoft’s Rustock botnet takedown has reduced infections by over 50%

      > jonathan boatrinkin (unregistered) wrote, in response to Entegy:
      >
      > yeah like a big lawsuit against them for doing it, thier software goes down and gets infected more than anything else microsoft sucks canal water
      >
      >
      > Link to comment: http://disq.us/2i0tm4
      >
      > Entegy wrote:
      >
      > Now that would be an interesting debate. Putting an infected machine in quarantine, away from (Internet) society? On the surface, I would back that idea, but it raises a lot of social issues.
      >
      > —–
      > Options: Respond in the body to post a reply comment.
      >
      >
      > To turn off notifications, go to: http://disqus.com/account/

    • Entegy

      I was hoping for intelligent debate.From: DisqusSent: 05/07/2011 12:36To: entegy@live.comSubject: [winrumors] Re: Microsoft’s Rustock botnet takedown has reduced infections by over 50%

      > jonathan boatrinkin (unregistered) wrote, in response to Entegy:
      >
      > yeah like a big lawsuit against them for doing it, thier software goes down and gets infected more than anything else microsoft sucks canal water
      >
      >
      > Link to comment: http://disq.us/2i0tm4
      >
      > Entegy wrote:
      >
      > Now that would be an interesting debate. Putting an infected machine in quarantine, away from (Internet) society? On the surface, I would back that idea, but it raises a lot of social issues.
      >
      > —–
      > Options: Respond in the body to post a reply comment.
      >
      >
      > To turn off notifications, go to: http://disqus.com/account/

    • Entegy

      I was hoping for intelligent debate.From: DisqusSent: 05/07/2011 12:36To: entegy@live.comSubject: [winrumors] Re: Microsoft’s Rustock botnet takedown has reduced infections by over 50%

      > jonathan boatrinkin (unregistered) wrote, in response to Entegy:
      >
      > yeah like a big lawsuit against them for doing it, thier software goes down and gets infected more than anything else microsoft sucks canal water
      >
      >
      > Link to comment: http://disq.us/2i0tm4
      >
      > Entegy wrote:
      >
      > Now that would be an interesting debate. Putting an infected machine in quarantine, away from (Internet) society? On the surface, I would back that idea, but it raises a lot of social issues.
      >
      > —–
      > Options: Respond in the body to post a reply comment.
      >
      >
      > To turn off notifications, go to: http://disqus.com/account/

    • Tonious

      Spammer