Microsoft Takedown of Rustock Botnet

Yes, now that the court has unsealed the case, Microsoft can comment on the takedown of the large, notorious and complex botnet known as Rustock.

This operation, known as Operation b107, is the second high-profile takedown in Microsoft’s joint effort between the Microsoft Digital Crimes Unit (aka DCU), Microsoft Malware Protection Center and Trustworthy Computing – known as Project MARS (Microsoft Active Response for Security) – to disrupt botnets and begin to undo the damage the botnets have caused by helping victims regain control of their infected computers. Like the Waledac takedown, this action relied on legal and technical measures to sever the connection between the command and control structure of the botnet and the malware-infected computers operating under its control to stop the ongoing harm caused by the Rustock botnet. As you may have read, the Rustock botnet was officially taken offline yesterday, after a months-long investigation by DCU and our partners, successful pleading before the U.S. District Court for the Western District of Washington and a coordinated seizure of command and control servers in multiple hosting locations escorted by the U.S. Marshals Service.

Read full details on the Microsoft On The Issues blog.

About the Author
Jeff Jones

Principal Cybersecurity Strategist

Jeff Jones a 27-year security industry professional that has spent the last decade at Microsoft working with enterprise CSOs and Microsoft's internal teams to drive practical and measurable security improvements into Microsoft products and services. Additionally, Jeff analyzes vulnerability trends Read more »