U.S. Marshals, Microsoft take down massive spam network

1 million-computer botnet had sent billions of spam messages a day

In another blow to spammers, federal law enforcement agencies, Microsoft and other security experrts recently took the the 1 million-computer Rustock spybot network out of commission.

The botnet ring had been sending billions of spam e-mails per day, according to Microsoft. The takedown wasn't the first, as Microsoft's Digital Crimes Unit (DCU) also succeeded in hobbling the Waledac botnet in February of last year, but it was considered smaller than Rustock. In 2009, a complaint filed by the Federal Trade Commission took Pricewert LLC, which had provided service to a number of major bot herders, offline.

"This operation, known as Operation b107, is the second high-profile takedown in Microsoft's joint effort between DCU, Microsoft Malware Protection Center and Trustworthy Computing -- known as Project MARS (Microsoft Active Response for Security) -- to disrupt botnets and begin to undo the damage the botnets have caused by helping victims regain control of their infected computers," wrote Richard Boscovich, senior attorney for the Microsoft DCU.

Related coverage:

Death, taxes and spam in your inbox

Score one for the good guys in the battle against spam

Memerbs of the MARS program researched the botnet for 18 months, resulting in raids by  U.S. Marshals and forensics experts of data centers in Chicago, Columbus, Dallas, Denver, Kansas City, Scranton, Pa., and Seattle, according to InfoWorld.  

The international Waledac ring had been responsible for over 1.5 billion spam e-mails a day. Rustock was once held responsible for 47 percent of the world's spam, or over 30 billion e-mails a day, during its peak in December 2010. Rustock's standard operating practices to yoke computers into its network included sending spam e-mails to users concerning Microsoft lotteries that were scams, as well as offers for prescription drugs that turned out to be fakes.

With both rings, legal and technical measures were deployed to sever the connection between the main server control and the millions of infected systems. With Rustock, the team obtained a court declaration from pharmaceutical company Pfizer concerning the harmful effects of the drugs offered in the spam e-mails. According to that declaration, the drugs offered usually contained the wrong dosage amounts, incorrect active ingredients and harmful chemicals, including pesticides, floor wax and lead-based paint.

The DCU's next concern is to help unsuspecting victims of the botnet. It's doing so by working with ISPs and security organizations.

"We are also now working with Internet service providers and Community Emergency Response Teams (CERTs) around the world to help reach out to help affected computer owners clean the Rustock malware off their computers," said Boscovich.

Microsoft advises users to periodically scan their PCs for malware and remove it. The company provides some cleanup resources here.

About the Author

Chris Paoli is the associate Web editor for 1105 Enterprise Computing Group's Web sites, including Redmondmag.com, RCPmag.com, ADTmag.com and VirtualizationReview.com.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected