This time last week, a million computers infected with malicious software were sending an estimated 50%-70% of all spam email worldwide. These infected computers made up a “botnet” called Rustock which has been operating for several years. Many of the emails were scams designed to cheat people out of their money by telling them they had won a fake lottery, or offering fake medications.
Last Thursday morning (NZ time), Microsoft led a take-down of the Rustock “botnet” by seizing dozens of computers that were controlling it. Immediately traffic from the “botnet” plummeted from thousands of spam emails per second to just single digits. The take-down was a decisive success.
This work was the culmination of months of research about the Rustock “botnet” and how it operated. The take-down had to be done quickly and carefully to be sure that control could not be quickly shifted to new computers.
There are signs that the operators of the Rustock “botnet” are trying to re-establish control, but so far the legal and technical measures that were taken last week have worked.
In most cases the owners of the computers that were part of the Rustock “botnet” didn’t know they were infected. Everyone can help prevent the growth of this type of “botnet” by making sure you trust any software that you install on your PC, keeping all your software up to date with security patches, and keeping your anti-virus software current.
Microsoft provides a complimentary Malicious Software Removal Tool that you can use to scan your system for the most common malware (including Rustock). We also offer a complimentary anti-virus product called Microsoft Security Essentials that can provide ongoing protection for home use and small business PCs running the Windows operating system.
If you work with a New Zealand internet service provider, we would be interested to hear if you have noticed any change in spam email volumes following on from this work.