1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

MS shuts down spam behemoth Rustock, reduces worldwide spam by 39%

Discussion in 'BlackHat Lounge' started by fun4uoc, Mar 20, 2011.

  1. fun4uoc

    fun4uoc Jr. VIP Jr. VIP Premium Member

    Joined:
    Dec 25, 2007
    Messages:
    1,199
    Likes Received:
    1,041
    Location:
    ☆ ♔ ☆ ♔ ☆ ♔ ☆
    My spam box has seemed noticeably light.

    Source:
    Code:
    http://www.techamok.com/?pid=8842
    
    Microsoft's Digital Crimes Unit, working with federal law enforcement agents, has brought down the world's largest spam network, Rustock. Rustock, at its peak, was a botnet of around 2 million spam-sending zombies capable of sending out 30 billion spam email per day. Microsoft's wholesale slaughter of Rustock could reduce worldwide spam output by up to 39%.

    Rustock was taken down, piece by piece, in a similar way to the Mega-D botnet. First the master controllers, the machines that send out commands to enslaved zombies, were identified. Microsoft quickly seized some of these machines located in the U.S. for further analysis, and worked with police in the Netherlands to disable some of the command structure outside of the U.S.

    With the immediate threat disabled, Microsoft then worked with upstream providers to black hole the IP addresses of whoever was controlling the botnet. To prevent further master controllers popping up, Microsoft worked with Chinese CN-CERT to block registration of domains that could be used by new command and control servers.

    Finally, Microsoft is now working with ISPs and CERTs around the world to help clean the Rustock malware from around 1 million infected machines. It's also worth noting that Microsoft didn't do this alone; specialists from Pfizer, FireEye (the company behind the Mega-D botnet takedown), and the University of Washington helped out.
     
    • Thanks Thanks x 4
  2. roamer

    roamer Power Member

    Joined:
    Dec 2, 2008
    Messages:
    500
    Likes Received:
    479
    Occupation:
    Gfx designer, vfx and mgfx
    Location:
    plɹoʍ ǝɥʇ punoɹɐ ƃuıɯɐoɹ
    Interesting. However, this network was the replacement of another replacement of another... Everytime they shut down the big guns, there's a noticeable decrease in spam only to steadily climb back. Where there's money to be made, someone's fall is seen by others as an opportunity (IMO).
     
  3. hardybents

    hardybents Regular Member

    Joined:
    Aug 11, 2010
    Messages:
    498
    Likes Received:
    365
    Occupation:
    Enchanter
    Location:
    Flo-Ri-da
    Damn, My Dick Pills are getting low, I was looking to re-order.
     
    • Thanks Thanks x 4
  4. antsaoo

    antsaoo Supreme Member

    Joined:
    Oct 1, 2008
    Messages:
    1,291
    Likes Received:
    637
    Well PM me and well work something out. No one should be left alone becouse their little (literally) brother down there.

    Well good job from people getting down whole operation :p guess someone is going to lose lots of money.
     
    • Thanks Thanks x 1
  5. brent360

    brent360 Junior Member

    Joined:
    Feb 16, 2011
    Messages:
    102
    Likes Received:
    256
    It's amazing to see little bits and pieces of news like this and to recognize that there really are hackers and computer wizs out there who do all of the cool stuff that we see in movies, they just go undetected and it's not as extravagant. I mean, if you think about it, the owners of that network must have been banking a lot of money. The amount of money they could pull in by simply issuing a few commands is amazing.

    [​IMG]

    I agree there. Botnets are all the rage these days. :p
     
  6. Stoner47

    Stoner47 Registered Member

    Joined:
    Feb 15, 2008
    Messages:
    50
    Likes Received:
    19
    Waste of time and money!

    They will just come back take over again..

    With all the money they made, they can afford to pay the best and roll out the spam once more...

    Bill should be more worried about his shitty operating system..
     
    • Thanks Thanks x 1
  7. satyawrat

    satyawrat Jr. VIP Jr. VIP

    Joined:
    Jul 8, 2009
    Messages:
    923
    Likes Received:
    1,181
    Occupation:
    Hustler
    Location:
    Gurgaon
    Home Page:
    Its harder to set up something like this again, for the following reasons:
    The loophole which the malware uses gets recognized, their command structure gets recognized and it gets detected by AVs.

    So in order to start again, they have to:
    relocate themselves for legal reasons
    rewrite the whole botnet
    crypt to make it fud.

    and then find exploits in third party software to fast track its spreading.. its a lot of work if you ask me...
     
  8. wowhaxor

    wowhaxor Executive VIP Premium Member

    Joined:
    Apr 28, 2007
    Messages:
    2,021
    Likes Received:
    3,353
    Location:
    ?¿?
    Home Page:
    Had no idea Pfizer had anti spam specialists. Must want you to pay full price for those penis pills.
     
  9. Chees

    Chees Regular Member

    Joined:
    Apr 16, 2010
    Messages:
    476
    Likes Received:
    151
    well hurray for Microsoft
     
  10. lexa500

    lexa500 Registered Member

    Joined:
    Oct 14, 2010
    Messages:
    52
    Likes Received:
    11
    so i think huge botnets will appear again and again.
    there will always be some ways to trick av software (and to fool users, because there is a twist with social engineering). and with the growth of mobile apps market there will be more opportunities for the blackhat.

    btw, it wasn`t mentioned, that they captured someone during the operation? only servers, IPs and domain names, so the owners will take some lessons for the next hop.

    it`s like bullet and armor.