With Rustock, a new twist on fighting Internet crime
IDG News Service - For more than 24 hours this week, it was a question that very few security experts could answer: Who had knocked the world's worst spam botnet offline?
After infecting close to a million computers and spamming out as many as 30 billion unwanted email messages a day, the Rustock botnet went silent around 11 a.m. Eastern Time on Wednesday.
Now we know the reason why: a small group of computer researchers, backed by Microsoft's lawyers, U.S. Marshals and international law enforcement officers executed a number of surgical strikes on the botnet. Hitting it as if it were the mythical Hydra, they cut off Rustock's heads -- its command-and-control servers -- and scorched them to keep them from growing back. And now Microsoft is helping to clean up infected computers before Rustock's owners have a chance to regain control of their botnet.
With seizure warrants in their hands, and U.S. Marshals backing them up, Microsoft's lawyers descended on five hosting providers in U.S. cities such as Kansas City, Scranton, Denver, Dallas, and Chicago on Wednesday and "successfully severed the IP addresses that controlled the botnet, cutting off communication and disabling it," Microsoft said in a blog posting.
Rustock is one nasty piece of software. It gives the criminals control over an infected machine to send spam, attack another computer, or spy on the victim. It's installed by tricking a victim into visiting a malicious Web site or opening a specially coded email attachment -- and it is very difficult to detect and remove.
The botnet is notorious for sending out pharmaceutical spam, and its demise should put a further dent in global spam volumes, which have been down since two other major spamming botnets, Pushdo and Bredolab, were taken offline late last year.
With the Rustock takedown -- the first of several that are now in the works -- the Internet community has polished a technique for getting rid of complex global networks of malicious computers, said Barry Greene, president of the Internet Software Consortium, makers of the BIND Domain Name System (DNS) software. It all started months ago, as a large group of Internet researchers observed Rustock and developed techniques to destroy it. Then a much smaller trusted group was deputized and given the job of managing the takedown with law enforcement.
In this case the action was led by Microsoft, with help from security vendor FireEye, the University of Washington, drug maker Pfizer, and the Dutch police. Instead of using the criminal justice system, Microsoft filed civil suits against Rustock's anonymous operators and got court orders allowing them to seize the servers used to control the botnet, and the Dutch police helped take down servers outside of the U.S.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts