FBI takes over Rustock botnet investigation, aims for ringleader

The FBI is taking over the investigation of the once-massive Rustock spybot network, which was taken down in March by a joint effort of Microsoft and local and federal law enforcement.

Microsoft recently said it is handing over the case to the FBI, proving evidence that points to the ringleader of the network that was, at its height, responsible for more than 1.5 million infected computers worldwide. The move came after the company concluded its civil case against the operators of Rustock.

"We are also turning over all of the evidence we collected during discovery and our investigation to the FBI, to help ensure those responsible for operating the Rustock botnet are held accountable for their actions," wrote Richard Domingues Boscovich, senior attorney for Microsoft Digital Crime Unit, in a blog post.


Related stories:

U.S. Marshals, Microsoft take down massive spam network

Microsoft offers $250K Rustock botnet reward


In July, Microsoft announced an award of $250,000 for credible leads in the apprehension of the ringleaders of Rustock. While Boscovich didn't mention that the award had been claimed for any of the information Microsoft turned into the government, he did say the reward was still active and that anyone with credible information should contact the FBI.

Although Microsoft's investigation into the matter is coming to a close, it will still continue in the recovery process. "We are continuing to work with Internet service providers and computer emergency response teams around the world to undo the damage Rustock has caused, and help people regain control of their computers," said Boscovich.

According to Microsoft, the Rustock botnet has decreased by 73.66 percent since the beginning of the shutdown operation, and is down from 1,601,619 infected systems in March to 421,827 today.

Boscovich discussed how that number will continue to drop after Judge James L. Robart of the U.S. District Court for the Western District of Washington, ruled this month that IP addresses and domain names associated with the ring will begin to be permanently shut down.

"Fighting botnets will always be a complex and difficult endeavor as cybercriminals find new and creative ways to infect peoples' computers with malware, whether for financial gain or simply to be disruptive," said Boscovich. However, the good guys are making progress and this latest legal victory is yet another blow to the botherders' business.

About the Author

Chris Paoli is the associate Web editor for 1105 Enterprise Computing Group's Web sites, including Redmondmag.com, RCPmag.com, ADTmag.com and VirtualizationReview.com.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above