Microsoft and US feds shut down giant spamming operation

Microsoft and US federal authorities have shut down one of the biggest e-mail spamming organisations in a joint operation.

Microsoft and US federal authorities have shut down one of the biggest e-mail spamming organisations in a joint operation.

In an operation similar to the one that shut down the Waledac botnet in February 2010, Microsoft used legal action backed up by raids to shut down the Rustock botnet.

Three months later, Microsoft's Digital Crimes Unit (DCU) said it was planning to replicate the success in shutting down Waledac with similar operations.

In the Waledac case, Microsoft applied for restraining orders on more than 250 web domains that controlled Waledac, but used a different tactic against Rustock.

Tech security bloggers noticed a sharp dip in spam e-mail from Rustock on 17 March as dozens of servers used for spamming attacks were shut down, according to Reuters.

The operation started the day before when US Marshals disconnected the botnet control and command centres by seizing hard drives and servers at internet service providers in seven cities, including Seattle, according to local reports.

At the same time, police carried out a similar raid in the Netherlands, where one Rustock server was located.

"Rustock's infrastructure was much more complicated than Waledac's, relying on hard-coded Internet Protocol addresses rather than domain names and peer-to-peer command and control servers to control the botnet," said Richard Boscovich senior attorney, Microsoft DCU in a blog post.

Because Rustock was controlled through IP addresses on dozens of hard drives and servers, Microsoft applied for the seizure of equipment as part of a trademark-infringement lawsuit.

A large proportion of spam is advertising for counterfeit pharmaceuticals and other goods, including Microsoft products. The raids were conducted under the US Lanham Act, which prohibits trademark infringement and counterfeiting.

Microsoft said it also worked with security experts at the University of Washington, network-security firm FireEye, and pharmaceuticals company Pfizer.

The Rustock botnet or network of hijacked computers is believed to have been responsible for nearly 50% of the world's spam or up to 30billion spam e-mails a day.

More than one million computers around the world are believed to be infected with Rustock malware, and according to Microsoft researchers just one infected computer is able to send up to 240,000 e-mails a day.

Read more on IT risk management