Since March 16, the Rustock botnet had experienced a significant drop in its spamming activity; and since then, security experts have wondered about the unexpected stoppage of this botnet that in 2010 was responsible for sending more than 44,000 million spam emails a day and had more than a million bots under its control, monopolizing 47.5% of all spam generated.
According to Spamcop the indexes are as follows:
A small group of computer experts, backed by lawyers from Microsoft, the U.S. Marshals, and other international law enforcement agencies, cut down Rustock's command and control servers and have removed them altogether to prevent them from resurfacing. Microsoft is helping to clean up infected computers before Rustock owners have a chance to regain control of their botnet.
With the support of U.S. law enforcement, Microsoft lawyers have taken action against five web hosting providers, "successfully cutting off the IP addresses that control the botnet, disrupting communication and disabling them," Microsoft explains in a blog post. The company has already collaborated with civil authorities to shut down the Waledac botnet.
To dismantle this network, Microsoft worked for several months with the manufacturer of Viagra – the American laboratory Pfizer – and the computer security firm FireEye.
Rustock's machines have a plan B to connect their controllers to specific Internet domains if the usual C&C servers go offline, which is why Microsoft has had to work with Chinese authorities to prevent Rustock's operators from establishing new domains.
However, security experts are not convinced of its total closure, and it would not surprise them if in the coming days the activity of this botnet, headed by a well-known hacker, resurfaces.
Source: CSO
