Microsoft and feds bring down spam giant Rustock

A raid, triggered by a Microsoft lawsuit, neutralized the massive spamming network last week.

Jay Greene
Jay Greene Former Staff Writer
Jay Greene, a CNET senior writer, works from Seattle and focuses on investigations and analysis. He's a former Seattle bureau chief for BusinessWeek and author of the book "Design Is How It Works: How the Smartest Companies Turn Products into Icons" (Penguin/Portfolio).
2 min read

Rustock, purveyor of more e-mail spam than any other network in the world, was felled last week by Microsoft and federal law enforcement agents.

A lawsuit by Microsoft that was unsealed at the company's request late today triggered several coordinated raids last Wednesday that took down Rustock, a botnet that infected millions of computers with malicious code in order to turn them into a massive spam-sending network.

"This botnet is estimated to have approximately a million infected computers operating under its control and has been known to be capable of sending billions of spam mails every day," Richard Boscovich, senior attorney in the Microsoft Digital Crimes Unit, wrote in a blog post today.

The Wall Street Journal first reported that it was Microsoft's digital crimes unit, working in concert with U.S. marshals, that raided seven hosting facilities across the country and seized the command-and-control machines that ran the network. Those are the servers that send instructions to the fleet of infected computers to dish out spam messages hawking such items as phony lottery scams and fake and potentially dangerous prescription drugs.The takedown was known internally as Operation b107.

Hard drives seized yesterday at a hosting facility in Kansas City, Mo. Microsoft

Shutting down Rustock could put a huge dent in spam worldwide. Tech security giant Symantec estimated last year that Rustock was responsible for 39 percent of the world's spam. Global spam levels dropped 12 percent after Dutch authorities took down a Trojan horse named Bredolab last November.

Rustock's demise surprised the cybersecurity community last week, which often works in unison to corral spammers. According to an earlier Journal blog post, spam monitors didn't know why the botnet's activity halted. It was clear at the time that the effort was coordinated and complete.

Microsoft's digital crimes unit has long worked with law enforcement to track down and eliminate spammers, botnets, and other malicious code creators. Government authorities rarely have the resources to spend on the investigations, something Microsoft willingly finances since it has a vested interest in keeping people e-mailing.