Eideard

The Rustock botnet, which sent up to 30 billion spam messages per day, might have been run by two or three people. Early analysis, following raids to knock out the spam network, suggest that it was the work of a small team.

Rustock was made up of about one million hijacked PCs and employed a series of tricks to hide itself from scrutiny for years.

Since the raids on the network’s hardware, global spam levels have dropped and remain relatively low.

“It does not look like there were more than a couple of people running it to me,” said Alex Lanstein, a senior engineer at security firm FireEye, which helped with the investigation into Rustock…

He said that the character of the code inside the Rustock malware and the way the giant network was run suggested that it was operated by a small team…

Rustock evaded capture for years because of the clever way it was controlled, he said. Victims were snared when they visited websites seeded with booby-trapped adverts and links.

Once PCs were compromised, updates were regularly pushed out to them using custom written encryption. Those downloads contained the spam engine that despatched billions of ads for fake pharmaceuticals…

“When you are a programmer and you realise that you have the full force of the Microsoft legal department pointed directly at you, then you might say to yourself its time to try something else,” he said.

Any bets on whatever they do for grins, giggles and geedus, next – is legal? Once you get hooked on higher returns from crime it’s difficult to accept less.

Rustock, purveyor of more e-mail spam than any other network in the world, was felled last week by Microsoft and federal law enforcement agents.

A lawsuit by Microsoft that was unsealed at the company’s request late today triggered several coordinated raids last Wednesday that took down Rustock, a botnet that infected millions of computers with malicious code in order to turn them into a massive spam-sending network.

“This botnet is estimated to have approximately a million infected computers operating under its control and has been known to be capable of sending billions of spam mails every day,” Richard Boscovich, senior attorney in the Microsoft Digital Crimes Unit, wrote in a blog post today.

The Wall Street Journal first reported that it was Microsoft’s digital crimes unit, working in concert with U.S. marshals, that raided seven hosting facilities across the country and seized the command-and-control machines that ran the network. Those are the servers that send instructions to the fleet of infected computers to dish out spam messages hawking such items as phony lottery scams and fake and potentially dangerous prescription drugs.The takedown was known internally as Operation b107.

Shutting down Rustock could put a huge dent in spam worldwide. Tech security giant Symantec estimated last year that Rustock was responsible for 39 percent of the world’s spam. Global spam levels dropped 12 percent after Dutch authorities took down a Trojan horse named Bredolab last November.

Rock on, Microsoft. Cleaning up the ethically-diseased flavor of hacker is always worthwhile.

No doubt there will be a new rationale for script kiddies – or the occasional “honest” crook – who will rejoin the scumsuckers of spam. Their relationship to ordinary folks who simply wish to avail themselves of modern communications will continue to be parasitic.