Microsoft shuts down spam behemoth Rustock, could reduce worldwide spam by 39%

[Modbert]

Microsoft shuts down spam behemoth Rustock, reduces worldwide spam by 39%

Microsoft's Digital Crimes Unit, working with federal law enforcement agents, has brought down the world's largest spam network, Rustock.

Rustock, at its peak, was a botnet of around 2 million spam-sending zombies capable of sending out 30 billion spam email per day. Microsoft's wholesale slaughter of Rustock could reduce worldwide spam output by up to 39%.

Rustock was taken down, piece by piece, in a similar way to the Mega-D botnet. First the master controllers, the machines that send out commands to enslaved zombies, were identified. Microsoft quickly seized some of these machines located in the U.S. for further analysis, and worked with police in the Netherlands to disable some of the command structure outside of the U.S.

Well this is good news to hear.

 

[Midnight Marauder]

They could eliminate 99% of all botnets, by systematically removing MSIE6 and earlier versions of the browser from computers worldwide.

 

[Midnight Marauder]

I disabled a fairly good one a few years ago, that was attacking one of my sites. I wrote a script that detects IE6 or earlier, and installs the latest version of firefox on those infected computers and makes it the default browser. Cutting the fingers off the botnet one at a time, over a two week period of this rendered it completely ineffective.

The creator of that particular botnet is doing 10 years in Federal prison right now... But not from anything I did. I had him correctly identified though... But he made the mistake of also using the same botnet he created to launch DDoS attacks on some BIG boys out there, not just little guys.

 

[waltky]

Botnet controller jailed...

US jails hacker who sold access to hijacked PCs
7 September 2012 - Hijacked PCs formed into botnets are responsible for sending out most junk mail or spam

A US hacker who sold access to thousands of hijacked home computers has been jailed for 30 months. Joshua Schichtel of Phoenix, Arizona, was sentenced for renting out more than 72,000 PCs that he had taken over using computer viruses. Millions of PCs are enrolled in these networks, known as botnets, and many help to send out junk mail messages. Schichtel's customers installed their own malicious software on the PCs to aid their own cybercrime efforts.

As well as going to prison for 30 months, Schichtel was also sentenced to a three-year supervised release programme that he will serve after leaving jail. The supervision will tightly control his access to computers and the net. In a brief statement about the case, the US Department of Justice said Schichtel pleaded guilty to one count of selling access to 72,000 machines that formed part of a bigger botnet he controlled. Remotely attempting to cause damage to computers without authorisation breaks the US Computer Fraud and Abuse Act.

Schichtel received $1,500 (£939) for handing over control to an unnamed customer. In 2004, Schichtel was one of four men accused of using botnets to carry out attacks on websites. The charges against them were dropped because the US government failed to file an indictment before a court-imposed deadline.

BBC News - US jails hacker who sold access to hijacked PCs

 

[waltky]

Citadel botnet bust considered successful...

Microsoft’s botnet bust hailed a success
Sat, Jun 08, 2013 - CYBERCRIME: The network of infected PCs was used to steal money from financial organizations on a massive scale, as well as spamming and disrupting networks

Europol said a global effort led by Microsoft Corp to stop one of the world’s biggest cybercrime rings has succeeded in wiping out the malicious computer networks that the gang used, known as the Citadel Botnets. Microsoft’s Digital Crimes Unit, with help from authorities in more than 80 countries, on Wednesday cut off the servers controlling as many as 5 million infected PCs that belonged to the cybercrime operation, which is believed to have stolen more than US$500 million from bank accounts over the past 18 months. “Basically the Citadel bug is now clean,” Troels Oerting, head of Europol’s European Cybercrime Centre, said on Thursday.

The details are still emerging about the individual roles that dozens of countries across Europe and Asia played in bringing down the estimated 1,400 botnets that were part of the Citadel operation. Andy Archibald, interim Deputy Director of Britain’s National Cyber Crime Unit, said on Thursday that his agency had seized “a number of servers” as part of the effort and was closely working with the FBI on its investigation into Citadel. Archibald said forensics experts were examining the servers.

Microsoft said on Wednesday that it had collected forensic evidence from two US-based Internet hosting providers, under a federal court order that the company obtained by filing a civil lawsuit against the unknown operators of Citadel. Citadel was used against dozens of financial institutions by stealing passwords with key logging software. The victims include American Express, Bank of America, Citigroup, Credit Suisse, EBay’s PayPal, HSBC, JPMorgan Chase, Royal Bank of Canada and Wells Fargo, Microsoft said. Botnets are armies of infected PCs, or bots, which run software forcing them to regularly check in with and obey “command and control” servers operated by hackers.

Besides financial crimes, botnets are also used to send spam, distribute computer viruses and attack computer networks. Microsoft said in its court filing that it suspects the developer of the Citadel software, who goes by the alias Aquabox, lives in eastern Europe and works with at least 81 “herders,” who may be running the bots from anywhere in the world. The Citadel software is programed so it will not attack PCs or financial institutions in Ukraine or Russia, likely because the creators operate in those countries and want to avoid provoking law enforcement officials there, Microsoft said.

Microsoft?s botnet bust hailed a success - Taipei Times