Microsoft shuts down spam behemoth Rustock, reduces worldwide spam by 39%
Rustock, at its peak, was a botnet of around 2 million spam-sending zombies capable of sending out 30 billion spam email per day. Microsoft's wholesale slaughter of Rustock could reduce worldwide spam output by up to 39%.
Rustock was taken down, piece by piece, in a similar way to the Mega-D botnet. First the master controllers, the machines that send out commands to enslaved zombies, were identified. Microsoft quickly seized some of these machines located in the U.S. for further analysis, and worked with police in the Netherlands to disable some of the command structure outside of the U.S.
With the immediate threat disabled, Microsoft then worked with upstream providers to black hole the IP addresses of whoever was controlling the botnet. To prevent further master controllers popping up, Microsoft worked with Chinese CN-CERT to block registration of domains that could be used by new command and control servers.
Finally, Microsoft is now working with ISPs and CERTs around the world to help clean the Rustock malware from around 1 million infected machines. It's also worth noting that Microsoft didn't do this alone; specialists from Pfizer, FireEye (the company behind the Mega-D botnet takedown), and the University of Washington helped out.
Why Pfizer you ask? Because Rustock's spam is mostly of the pharmaceutical kind. The drugs advertised in such spam are rarely the real deal. They can contain the wrong active ingredients, or the wrong dosage. Not only did Rustock spam cut into Pfizer's profits, but it might have been killing people too.
If you want to prevent your own computers from becoming botnet zombies, make sure you install anti-malware software, such as Malwarebytes' Anti-Malware.