Microsoft's Server Take Down Cut Ruckstock Botnet in Half

By CIOinsight  |  Posted 07-07-2011 Print
Microsoft released new statistics in the wake of its Rustock server takedown in March, including one showing the botnet is significantly smaller than it used to be

The Rustock botnet has been nearly halved in size and effectively crippled, demonstrating how tech companies can coordinate with law enforcement to take down malware distributing botnets, Microsoft said.

Since Microsoft seized several command and control servers in the United States in March, the infection rate for Rustock malware has declined dramatically, Richard Boscovich, a senior attorney with Microsoft s Digital Crime Unit, wrote July 5 on the Official Microsoft Blog. The blog post accompanied a special-edition Microsoft Security Intelligence Report containing the latest statistics on Rustock.

The worldwide number of known infected systems declined about 56 percent from more than 1.6 million at the end of March to just over 700,000 in June, Microsoft said. The infection rate in the U.S. dropped by 35.48 percent, or from 86,000 machines to 53,000. Even though the Microsoft-coordinated takedown operation only shut down U.S.-based servers and didn t affect other C&C servers operating in other countries, it appeared that infection rates in India and Russia also declined 69.30 and 70.61 percent, respectively.

"Since the time of the initial takedown, we estimate the Rustock botnet is now less than half the size it was when we took it down in March," wrote Broscovitch. He said the drop in infection rates had happened much more quickly than expected.

At its peak, Rustock sent out billions of spam email messages per day and accounted for nearly half of global spam volume. Custom software was found on one of the drives of the seized C&C servers capable of mailing a spam file to 427,000 email addresses from a single data set.

eWeek eWeek

Have the latest technology news and resources emailed to you everyday.