Posted on 03/18/2011 1:25:49 PM PDT by LibWhacker
Microsoft's Digital Crimes Unit, working with federal law enforcement agents, has brought down the world's largest spam network, Rustock.
Rustock, at its peak, was a botnet of around 2 million spam-sending zombies capable of sending out 30 billion spam email per day. Microsoft's wholesale slaughter of Rustock could reduce worldwide spam output by up to 39%.
Rustock was taken down, piece by piece, in a similar way to the Mega-D botnet. First the master controllers, the machines that send out commands to enslaved zombies, were identified. Microsoft quickly seized some of these machines located in the U.S. for further analysis, and worked with police in the Netherlands to disable some of the command structure outside of the U.S.
With the immediate threat disabled, Microsoft then worked with upstream providers to black hole the IP addresses of whoever was controlling the botnet. To prevent further master controllers popping up, Microsoft worked with Chinese CN-CERT to block registration of domains that could be used by new command and control servers.
Finally, Microsoft is now working with ISPs and CERTs around the world to help clean the Rustock malware from around 1 million infected machines. It's also worth noting that Microsoft didn't do this alone; specialists from Pfizer, FireEye (the company behind the Mega-D botnet takedown), and the University of Washington helped out.
Why Pfizer you ask? Because Rustock's spam is mostly of the pharmaceutical kind. The drugs advertised in such spam are rarely the real deal. They can contain the wrong active ingredients, or the wrong dosage. Not only did Rustock spam cut into Pfizer's profits, but it might have been killing people too.
If you want to prevent your own computers from becoming botnet zombies, make sure you install anti-malware software, such as Malwarebytes' Anti-Malware.
Does this mean we won’t get any more spam advertising p3n1$ enlargement?
Excellent!
Must be why I’m not getting any Viagra spam e-mails anymore...
Good advice. Malwarebytes blocked suspicious activity for me today. I was on a golf equipment site looking at Callaway X-22 and Diabo irons when I got the block message. I left there in a hurry. And, no, it wasn't Callaway's website...
“Does this mean we wont get any more spam advertising p3n1$ enlargement?”
All except the ones from the girlfriend’s email addy. /humor
Although I like the spammers being taken down, I wonder when Microsoft was granted general police powers? Maybe Obama didn't read the fine print in the license agreement when he installed Windows on a White House computer.
How do they know? Is there a database somewhere?
I was gettting a bunch of that garbage sent from what looked like my own email addy. Someone's address book must've gotten hijacked. I sit behind a SonicWALL with CFS and run AVG Pro on all my workstations. Defense in depth...
That should have been CGS, not CFS. Spending too much time on the big one today...
“Microsoft quickly seized some of these machines located in the U.S. for further analysis,
Although I like the spammers being taken down, I wonder when Microsoft was granted general police powers? Maybe Obama didn’t read the fine print in the license agreement when he installed Windows on a White House computer. “
That was my first thought also!! Nice they stopped the spam but since when can a business “seize” anything?
Ex:
Cert ifie dToEnjo yCu tRate sOnTa blet s
Oht hAtW asme. So Rrya boU t th at.
Although I like the spammers being taken down, I wonder when Microsoft was granted general police powers? Maybe Obama didn't read the fine print in the license agreement when he installed Windows on a White House computer.
I'd suspect that it's a case of sloppy reporting. In all likelihood, law enforcement agencies seized the computers and then turned them over to Microsoft for the analysis.
Oh no, what will the world do without natural male enhancement.
“Lately, I’ve been getting a lot of spam where the subject is cut up.
Ex:
Cert ifie dToEnjo yCu tRate sOnTa blet s”
They do that to defeat defenses that flag certain words and send the message to the spam folder.
Thanks LibWhacker.
That’s a popular tactic....
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.