back to article MS claims credit for Rustock botnet takedown

Action taken by Microsoft and law enforcement agencies was responsible for the takedown of the infamous spam-spewing Rustock botnet, the software giant said today. Anti-spam firms were taken by surprise by the abrupt cessation of junk mail from zombie clients in the Rustock botnet network on Wednesday afternoon. The reason for …


This topic is closed for new posts.
  1. GatesFanbois
    Gates Halo


    Microsoft saving the world from spam again. Bet these spammers use linux

  2. petur


    That means as much as admitting your machines were the cause in the first place...

    (of course, everybody already knew that)

    1. Naughtyhorse

      what did you expect

      a herd of 1 MILLION macs?


      1. JarekG

        1 MILLION macs

        Are there 1 MILLION macs in use?

    2. Ammaross Danan


      "That means as much as admitting your machines were the cause in the first place..."

      That's because most of the home computers out there run Windows. It's merely the best way to get zombies, due to the population. No, it's not due to some inherent flaw causing Windows to be vulnerable to these infections. Usually these bots get on the computer the same way Flash Player or Firefox gets on your computer: they're downloaded and ran. Granted, they're downloaded from less-reputable places. Very few virii nowadays actually install themselves on your computer with no user intervention.

  3. Ted Treen

    Never thought I'd say this...

    ...but good for Microsoft. They're doing us ALL a large favour in dealing with these creeps.

    Nice one, Steve

    (or whoever took the decision)

  4. James 5


    ... there weren't idiots responding to the spam "adverts" there would be no spam...

    1. Daniel 1

      It is possible to be guileless without being gullable

      A friend of ours has a form of OCD and frequently needs to ask for help and assistance in determining if something he has seen on the Internet was real (if you need a indication, on how debilitating this can be for him, he initially needed help with the Japan earthquake, for instance). He's not an idiot. He has a job, and lives a reasonably independent life: he simply has a condition that actually makes him rather more reliant upon his computer than many of the rest of us are.

      Now, I'm not sure if you think he shouldn't have an internet connection, or shouldn't have a bank account (or just haven't thought about it from his sort of angle) but he's exactly the sort these spammers go after. Which is why it is so wrong.

      Fortunately the one thing he does have, is friends, who can help him get the best from his internet connection without being preyed upon. I rather suspect that not all such people have that to fall back on... and we're not claiming sainthood for doing it.

      I'd also say it is good to see what Microsoft and the law-enforcers have done here. The zombie networks are often Windows machines, but they are nothing once their C&C servers are removed. Sure the problem will return, but this has at least shown that the problem is solvable. Spam isn't merely some force of nature that we have to put up with, but an aspect of a predatory network of individuals whose infrastructure can be got at and removed to yield real results.

      1. Daniel 1

        Hmm. Two down votes...

        what motivated that, I wonder?

  5. Tony Green
    Thumb Down


    ...if Microsoft's security model wasn't so crap that it's easy to take control of Windows machines, we wouldn't have this sort of problem anyway.

    So they're taking credit for sorting out a problem they've caused.

    1. Ammaross Danan


      Virii are executables. I can just as easily run one on my Linux box as my Windows box. The problem is, by and large, the people that hit "yes" to the "are you sure you want to run this potentially harmful program?" Be it Windows, Linux, or Mac, the user can still hit "Yes."

      Disclaimer: this would require a "virus"-like program written to run on each of the operating systems mentioned. It's very easy to do so for each of these platforms, but one can't be bothered to target such small markets.

  6. Anonymous Coward
    Anonymous Coward

    Cleaning up after themselves?

    Is MS now cleaning up their own mess, finally? Let's hope so.

    1. JarekG

      RE: Cleaning up after themselves

      No, they are not, but what they are doing is helping idiots correct their mistake.

      Think of this that way, when you are driving and someone on the passenger seat tells you to go through intersection and you just go (even though it's red) who's fault is it....yours or the passenger?

      The same logic apply here...maybe some of the morons can read before clicking yes to every little internet pop-up.

  7. Ragarath

    Gotta love them people that are never happy - NOT

    Microsoft did something good and your all shouting them down. Geeze, next you'll be whining that bugs being fixed in Linux are a bad thing.

    1. Arctic fox
      Thumb Up

      @Ragarath You have got to understand the rules old chap.

      When Microsoft are the subject of an article the following rules apply.

      1. If MS have done something wrong, log on and howl.

      2. If MS have done something right, log on and howl.

      (Make sure you say that it was all their fault in the first place whether that is wholly true, partly true or not true at all.)

      3. If MS are mentioned however peripherally, even if your posting is not even in orbit around the same planet as the article concerned let alone on topic, log on and howl.

      4. Do remember to spell the Great Satan's name with a $-sign as often as possible whilst you howl.

      As far as the subject of this article is concerned I am glad to see that MS appear to be taking their responsibilities seriously. I personally feel that they should have been moving in this way a considerable while ago but I am reasonably impressed with the sheer scale of the operation involving as it did MS officials, the Feds, the US courts and national compliance and policing authorities in several countries (including China's own CNERT-team believe or not!). So yes, on this occasion I am also willing to give Redmond a cautious thumbs up.

  8. Tigra 07
    Thumb Up

    Good news everybody...

    Well done MS!

  9. Anonymous Coward
    Anonymous Coward


    Amazing how people will piss and moan about something positive (and not easy or inexpensive) MS is doing to solve a problem. Yes, it helped create the problem in the first place, but the last time I checked, Adobe, whose security is now arguably worse than MS, has exactly ZERO takedowns to their credit and I'm not expecting any soon.

  10. Pavlov's obedient mutt
    Thumb Up


    Give us some perspective - how many is that per day/hour/minute etc

    oh - and yeah, well done Microsoft.

  11. Anteaus

    Well done!

    Though, the spammers might not be the only ones miffed about this. I'm betting some DNSBL operators are grinding their axes and calling Microsoft all kinds of unmentionable things.

    Fortunately, I somehow doubt they'd have the brass neck to blacklist in retaliation for the proportional reduction in filtering-service revenue.

  12. Anonymous Coward

    "Much More Complicated"

    "Rustock's infrastructure was much more complicated than Waledac's, relying on hard-coded Internet Protocol addresses rather than domain names and peer-to-peer command and control servers to control the botnet."

    Since when is a static IP "much more complicated" to trace than a domain name or P2P?

    1. TeeCee Gold badge

      Re: "Much More Complicated"

      Too right. WTF? indeed.

      Likewise: "To be confident that the bot could not be quickly shifted to new infrastructure...."

      'cos moving a physical IP address from A to B is infinitely simpler than changing a DNS entry of course.....

      1. Anonymous Coward

        Re Re

        I was just thinking that. I'm wondering who in their PR dept has come out with that one.

        It would be a hell of a lot easier to block IP a.b.c.d rather than a DNS pointing to a.b.c.f then a.c.d.a later...

        (Though you could block the DNS itself, which many bots already have workarounds ;)

    2. Coyote

      Since botnets started using P2P, that's when

      If a botnet relies on something like round-robin or fast-flux dynamic DNS to find C&C servers, all you have to do is take down the domain name and the botnet is decapitated. P2P makes things a little harder, because once the bot knows a few P2P nodes the C&C server isn't required anymore.

      Rustock did something like include a huge list of existing bot IPs every time the malware propagated. That kind of botnet is hard to stop once it gets going: If any of the IPs in the list are reachable, a new bot can bootstrap the whole list.

  13. VeganVegan
    Gates Halo

    That's why we have pooper-sccoper regulations

    If your dog made a mess on the sidewalk, does that mean that the innocent pedestrian who steps in it has only himself to blame?

    It is indeed good that Microsoft is cleaning up the mess they made, but let's not blame the wrong party for the spam problem.

    1. Arctic fox

      Well actually it is not the dog that is doing the shitting.

      It is the "customer" who is shitting all over the sidewalk regardless of how often one tries to explain that they should keep it in their pants. How many articles in how many mainstream media publications warning said "customers" about downloading programmes of a certain type is it going to take before the brain dead finally realise that they are doing something silly? Interesting that many of us criticise (correctly in my view) Apple's walled garden on the grounds of freedom and choice, whilst at the same time many log on here to howl about "M$" on the grounds that they do not succeed in preventing said braindeads from fucking everything up. Do not misunderstand me, MS could clearly do a lot more to improve security (and I suspect they are aware of that) but I am piss tired of the fact that as long as the Great Satan From Redmond is involved many immediately find it convenient to forget that the biggest threat to a pc is the dickhead at the keyboard. Precisely how is "M$" supposed to stop these plonkers downloading that kind of shit without taking the kind of measures that would have us all howling a blue fit? So yes, the customer is NOT always right - sometimes they are completely wrong and ought to take some responsibility (that goes with freedom, right?) for their own behaviour.

  14. ScissorHands

    P2P bots, ph3ar!

    I hope none of them download the Kademlia eMule code...

  15. Anonymous Coward
    Anonymous Coward

    Is it just me?

    If this spam is advertising pharmaceuticals, why doesn't MS buy some of these pharmaceuticals then trace where their money went and who the beneficiary was (through the credit card records).

    Then the credit card companies can block payments in future. Result - no payment, no point in spam advertising.

    I seem to recall this approach was spectacularly effective in closing down

  16. gef05

    Came here for the MS snark

    ...and wasn't disappointed. Let me just save you fools the hassle:

    "I hate Microsoft."

    "Windows sucks."

    "You're a Redmond shill."

    "Gates is a jerk."

    "Whales are fat and deserve to die."

    "If martians ate peanuts they'd crap satay."

    etc ad nauseum

This topic is closed for new posts.

Other stories you might like