News

Microsoft offers bounty in hunt for Rustock spambot operators

Robert Westervelt, News Director

Microsoft is trying to use its financial clout to bolster its investigation into who may be behind the notorious Rustock spambot.

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

While the primary goal for our legal and technical operation has been to stop and disrupt the threat that Rustock has posed for everyone affected by it, we also believe the Rustock bot-herders should be held accountable for their actions.

Richard Boscovich, a senior attorney with the Microsoft Digital Crimes Unit

The company is offering a $250,000 reward for information leading to the arrest and conviction of the Rustock botnet operators.

The Rustock spambot is responsible for sending billions of spam emails touting counterfeit pharmaceuticals, porn and scams. At its peak, it is estimated that the botnet had about a million infected computers operating under its control. Rustock has been inactive since March 16, when Microsoft got a court order to seize affected servers from hosting providers in seven cities in the U.S.  The action severed the communication between the command-and-control servers and the infected computers under its control. The software giant is also working with ISPs to get zombie machines disinfected.

 “While the primary goal for our legal and technical operation has been to stop and disrupt the threat that Rustock has posed for everyone affected by it, we also believe the Rustock bot-herders should be held accountable for their actions,” Richard Boscovich, a senior attorney with the Microsoft Digital Crimes Unit, wrote in the Official Microsoft Blog.

Microsoft issued a special edition of its Security Intelligence Report July 5 outlining Rustock’s demise. The company worked with pharmaceutical giant Pfizer to take legal action. Security researchers at security vendor FireEye and the University of Washington provided analysis of the Rustock malware. A forensics team studied 20 seized hard drives to gain information about how the botnet works.

Boscovich said hundreds of thousands of computers remain infected with the Rustock botnet malware.

Microsoft has been on a legal crusade to gain control of some of the largest botnets. Last year the software giant took legal action to shut down the malicious domains used by the Waledac botnet, a notorious spambot that produced an estimated 1.5 billion spam messages daily.

Rustock was more difficult to take down, according to Microsoft, because its infrastructure was much more complicated. It relied on “hard-coded IP addresses rather than domain names and peer-to-peer command-and-control servers to control the botnet.”

Anyone with information about the Rustock botnet operators can contact Microsoft by email to avreward@microsoft.com. Residents of any country are eligible for the reward pursuant to the laws of that country.

Microsoft has offered rewards for information about criminal activity in the past. The company created an antivirus reward program with an initial funding of $5 million in 2003. It offered a reward for information on those responsible for the Conficker worm, which targeted vulnerable Microsoft systems. It also offered $250,000 for the arrest and conviction of the Mydoom-B author and a similar reward for the Sobig virus author, the Blaster creator and Sasser perpetrator.