After taking down the Rustock botnet in March, Microsoft now plans to hand over information obtained during the criminal investigation to FBI officials.
According to accounts from Microsoft, the Rustock botnet may have been one of the most serious Internet security threats in history. At its peak, the ring of infected computers was capable of delivering approximately 30 million spam emails per day. Microsoft's Digital Crimes Unit was able to identify one machine that sent 7,500 spams message in just 45 minutes, equating to a rate of 240,000 per day.
After effectively stunting Rustock's expansion, the DCU moved forward with a civil case against the anonymous botnet controllers, according to CIO.
"We went as as far as we could on the civil side, we were able to develop some very good leads that we think will lead to the identities of some of those responsible," DCU senior attorney Richard Boscovich told the news outlet. "We decided to give our finding to law enforcement so they could use their expertise. It was a natural progression for the case."
However, after offering a $250,000 reward for information leading to the arrest of Rustock operators, Microsoft was flooded with responses from experts across the data security community. According to CNET, Microsoft is now confident that they have identified the Internet handle of the botnet ringleader. By transferring the case file to FBI officials, Microsoft is hoping to move closer to justice as federal agents build a criminal case against alleged perpetrator Cosma2k.
At the height of its power, the botnet may have infected a total of 1.3 million PCs worldwide. And although Microsoft was able to reduce the scope of the threat by 74 percent since March, Rustock still controls more than 400,000 computers, according to CIO. This is particularly concerning when considering the type of criminal activities botnet operators have pursued.
According to Microsoft, Rustock was heavily involved in the market for counterfeit prescription drugs. The medications advertised in the spam emails may have very well contained improper dosages, mislabeled ingredients and potentially harmful toxins.
In an effort to prevent further use of the malicious system, a U.S. District Court recently ruled that approximately 50,000 domain names known to be infected by the botnet would be taken out of circulation in the next few years, according to CNET. But as PC users wait for law enforcement to catch up with the Rustock perpetrators, a proactive approach to data security may be needed.
According to the United States Computer Emergency Readiness Team, the main challenge botnets pose is in their ability to evade detection and conduct their malicious activities while only providing minimal warning signs to the user. However, there are a number of fundamental strategies to consider that can significantly reduce the possibility of acquring a botnet infection.
Firewalls provide a first line of defense against cybersecurity threats by restricting the flow of traffic entering and leaving a computer. However, serious attacks can often disable this utitility without the user's knowledge. According to US-CERT, strong antivirus software provides the next layer in an effective data security solution. By identifying viruses that have gained access to a system, the software can remove the malicious program before it can do further damage. But to leverage the full power of antivirus software, users must diligently ensure that the program is updated with the most current virus definitions.
These and other technologies can play a large part in botnet defense, but responsible use is an essential complement. Consumers should take every precaution to ensure they stay informed on the latest threats and preventative tactics. And in the office, network managers may be wise to directly promote more enlightened use with a variety of educational outreach initiatives.
Security News from SimplySecurity.com by Trend Micro
