Special Edition Security Intelligence Report: Battling the Rustock Botnet

The Rustock botnet was a large botnet with over 1 million infected computers under its control. This botnet was used to send large volumes of spam. Researchers at Microsoft observed a single Rustock infected computer sending 7,500 spam emails in 45 minutes – a rate of 240,000 spam emails per day. At times Rustock was capable of sending an estimated 30 billion spam emails per day.

Much of the spam email that the Rustock botnet sent advertised counterfeit or unapproved knock-off versions of pharmaceuticals. Microsoft worked with Pfizer who conducted test purchases of the drugs advertised by Rustock. Pfizer’s analysis of the kind of drugs advertised through this type of spam often contained the wrong active ingredients, incorrect dosages, or ingredients not related to medicine at all. It turns out that fake drugs are often contaminated with substances including pesticides, lead-based highway paint, and floor wax, to name just a few examples.

Microsoft’s Digital Crimes Unit worked with Pfizer, the network security provider FireEye, and security experts at the University of Washington, as well as the Dutch High Tech Crime Unit within the Netherlands Police Agency, and CN-CERT, to take the Rustock botnet down in March of this year.

We have just published a special edition Security Intelligence Report that will provide you with granular details on how this botnet worked and how it was taken down. This is required reading for security professionals that need to understand the tactics and techniques bot operators are currently using.

clip_image002

Figure: Rustock botnet activity detected by Forefront Online Protection for Exchange in 1Q11, by messages received and IP addresses used

~Tim

About the Author
Tim Rains

Director, Trustworthy Computing

Tim Rains has over 20 years of experience in the technology industry across several disciplines including engineering, consulting, and marketing communications roles. He currently manages security marketing and corporate communications in the Trustworthy Computing division at Microsoft. His expertise ranges Read more »