Waste: Chances are, you received one of the 200billion daily spam emails generated by the Rustock botnet
The world's biggest source of spam e-mails has been shut down after Microsoft helped U.S. authorities seize internet servers controlling almost a million computers.
The Rustock botnet, a collection of infected machines independently sending messages, had sent 200billion junk emails a day – half the global total.
The servers were rented from American internet hosting firms who were allegedly unaware of their role in Rustock.
And these ‘command and control’ servers would issue instructions to infected home and business PCs worldwide that are operated by Microsoft’s Windows software.
Microsoft were granted permission by a court to seize equipment and 'decapitate' the botnet after arguing that their trademarks had been infringed in some of the e-mails.
It is unknown who the criminals behind the spamming business are. They were named only as 'John Does 1-11' in the lawsuit.
Richard Boscovich, a senior attorney in Microsoft Digital Crimes Unit, said the raids effectively severed the link between the million or so drone computers in Rustock and the servers that control them.
He Rustock was a tough nut to crack because of the way it was organised.
The swift seizure of servers should have denied Rustock's controllers any chance of simply shifting it to fresh machines, he said.
The raids were carried out on Last Wednesday and so far no Rustock spam has been sent.
But, in other cases of breached command and control systems, infected computers have sought out websites where they can download new instructions.
The hard drives gathered in the raid would be be analysed so investigators can learn more about the way it ran and who was behind it.
Microsoft said it would also work authorities to identify and clean up PCs that were unwitting participants in the Rustock botnet.
Tricky: Many spam emails involve apparent deals but are actually cons
Disrupting the command and control infrastructure of a botnet is very difficult to do.
It requires the co-ordination of security groups, domain name registrars and internet service providers that can potentially be located across the globe, said Paul Wood, a security researcher at Symantec.cloud.
Previous attempts to take down botnets have enjoyed mixed success.
When security firm FireEye disabled the Mega-D botnet's command and control infrastructure in early November 2009, its owners were able to resume their activities within a month.
‘Many of these botnets are run as businesses, so they have back-up plans in place,’ said Mr Wood.
‘The botnet controllers can use legitimate websites - such as headlines from news sites - to identify where the new instructions can be found.’
Despite the success, the spread of botnets looks set to continue, as cyber crooks grow increasingly sophisticated in their ability to infect machines.
‘The malware used embeds itself deep in the operating system, making it difficult to identify,’ said Mr Wood.
Posts
I've used Kaspersky protection for a couple of years now, and I would recommend this solution to everybody.
ReplyDelete