A major spam network has been taken down by federal agents and Microsoft . Raids were launched Wednesday across the U.S. against the Rustock botnet, which used computers hijacked with malicious software to send out billions of e-mails.
The raids are related to Microsoft's civil lawsuit, filed in Seattle federal court last month, against the unnamed operators of the botnet. The company said the spam network impacts its products and reputation, such as adversely affecting users of Windows and Office, adding traffic loads to Hotmail, and exploiting vulnerabilities in Windows. Microsoft also said spammers using Rustock are violating its trademarks with e-mails that purport to be Microsoft lotteries. On Thursday, the lawsuit was unsealed at Microsoft's request.
The raids involved U.S. marshals joining employees from the software giant's digital-crimes unit, who went into hosting services in Kansas City, Mo.; Columbus, Ohio; Scranton, Pa.; Denver; Dallas; Chicago and Seattle.
The raiders brought a copy of the federal order allowing Microsoft to seize computers thought to have been taken over by the spam network, and that were relaying instructions to a million or more computers in the U.S. and elsewhere. Hard drives and computers were seized in the raids at the hosting providers. Much of the equipment had been leased by companies in other countries, according to Microsoft.
The intent was to remove the central command for the spam network, which is reportedly the largest in the world, and it may have worked -- at least temporarily. On its company blog, security firm Symantec reported Thursday that the Rustock botnet may have stopped spamming.
Symantec Malware data analyst Mat Nisbet wrote that, on Wednesday, "the botnet known as Rustock ceased sending spam." He added that, over the last year or so, Rustock has been "the dominant source of spam in the world," accounting for as much as 47.5 percent of all spam by the end of last year.
'Much More Complicated'
Nisbet wrote that other botnets are increasing their output and could make up the difference even if Rustock doesn't reemerge. But, he noted, as of Friday "there was a noticeable drop in mail volume since Rustock has dropped offline."
A year ago, Microsoft successfully took down the botnet Waledac. On Microsoft's TechNet blog, Senior Attorney Richard Boscovich of the company's digital-crimes unit wrote that the knowledge from that action led to successfully taking down Rustock, which he described as "larger, more notorious and complex."
He noted that Rustock's infrastructure was "much more complicated" that Waledac's, and taking affected servers from the hosting providers was needed to make sure the botnet "could not be quickly shifted to new infrastructure." Boscovich added that Microsoft is working with ISPs and community emergency response teams worldwide to help "affected computer owners clean Rustock malware off their computers."