• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Current News   »   Microsoft brings Rustock botnet case to FBI

Microsoft brings Rustock botnet case to FBI

  • Posted on:October 7, 2011
  • Posted in:Current News, Cybercrime
  • Posted by:
    Trend Micro
0

After taking down the Rustock botnet in March, Microsoft now plans to hand over information obtained during the criminal investigation to FBI officials.

According to accounts from Microsoft, the Rustock botnet may have been one of the most serious Internet security threats in history. At its peak, the ring of infected computers was capable of delivering approximately 30 million spam emails per day. Microsoft's Digital Crimes Unit was able to identify one machine that sent 7,500 spams message in just 45 minutes, equating to a rate of 240,000 per day.

After effectively stunting Rustock's expansion, the DCU moved forward with a civil case against the anonymous botnet controllers, according to CIO.

"We went as as far as we could on the civil side, we were able to develop some very good leads that we think will lead to the identities of some of those responsible," DCU senior attorney Richard Boscovich told the news outlet. "We decided to give our finding to law enforcement so they could use their expertise. It was a natural progression for the case."

However, after offering a $250,000 reward for information leading to the arrest of Rustock operators, Microsoft was flooded with responses from experts across the data security community. According to CNET, Microsoft is now confident that they have identified the Internet handle of the botnet ringleader. By transferring the case file to FBI officials, Microsoft is hoping to move closer to justice as federal agents build a criminal case against alleged perpetrator Cosma2k.

At the height of its power, the botnet may have infected a total of 1.3 million PCs worldwide. And although Microsoft was able to reduce the scope of the threat by 74 percent since March, Rustock still controls more than 400,000 computers, according to CIO. This is particularly concerning when considering the type of criminal activities botnet operators have pursued.

According to Microsoft, Rustock was heavily involved in the market for counterfeit prescription drugs. The medications advertised in the spam emails may have very well contained improper dosages, mislabeled ingredients and potentially harmful toxins.

In an effort to prevent further use of the malicious system, a U.S. District Court recently ruled that approximately 50,000 domain names known to be infected by the botnet would be taken out of circulation in the next few years, according to CNET. But as PC users wait for law enforcement to catch up with the Rustock perpetrators, a proactive approach to data security may be needed.

According to the United States Computer Emergency Readiness Team, the main challenge botnets pose is in their ability to evade detection and conduct their malicious activities while only providing minimal warning signs to the user. However, there are a number of fundamental strategies to consider that can significantly reduce the possibility of acquring a botnet infection.

Firewalls provide a first line of defense against cybersecurity threats by restricting the flow of traffic entering and leaving a computer. However, serious attacks can often disable this utitility without the user's knowledge. According to US-CERT, strong antivirus software provides the next layer in an effective data security solution. By identifying viruses that have gained access to a system, the software can remove the malicious program before it can do further damage. But to leverage the full power of antivirus software, users must diligently ensure that the program is updated with the most current virus definitions.

These and other technologies can play a large part in botnet defense, but responsible use is an essential complement. Consumers should take every precaution to ensure they stay informed on the latest threats and preventative tactics. And in the office, network managers may be wise to directly promote more enlightened use with a variety of educational outreach initiatives.

Security News from SimplySecurity.com by Trend Micro

Related posts:

  1. Grum botnet goes offline, but threat still lingers
  2. Botnet Basics – Don’t become a Zombie!
  3. Microsoft finds pre-infected PCs, takes down botnet
  4. Botnet Advancements – The latest trends in botnet activities

Security Intelligence Blog

  • Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
  • Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack
  • Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Answering IoT Security Questions for CISOs
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • How To Be An Informed Skeptic About Security Predictions
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Trend Micro Selected as Launch Partner for AWS Ingress Routing Service and Stalkerware on the Rise
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • The Shared Responsibility Model
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • What Worries CISOs Most In 2019

Follow Us

Trend Micro In The News

  • Trend Micro Takes On Palo Alto Networks With Cloud Conformity Buy
  • Trend Micro Partners with Snyk to Fix Vulnerabilities for DevOps
  • Trend Micro Partners With Snyk To Advance DevSecOps
  • Hackers to stress-test Facebook Portal at hacking contest
  • NEW TECH: Trend Micro inserts 'X' factor into 'EDR' - endpoint detection response
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.