In an effort to continue raising awareness about the Rustock botnet that was successfully taken down on March 16th, the Microsoft Digital Crimes Unit (DCU), the Microsoft Malware Protection Center (MMPC) and Trustworthy Computing released a new Special Edition Security Intelligence Report (SIR) today titled “Battling the Rustock Threat“. Our telemetry indicates that the bot network is now less than half the size it was prior to being taken offline. However, although our global detection results show a sharp decline in Rustock-related activity, we are still working with our partners to clean the remaining, infected machines of this threat. There are still infected machines out there, orphaned from the now-offline Win32/Rustock command and control infrastructure – and the malware authors are still at large. However, through our partnerships with CERTs and ISPs worldwide, we’re making strides to identify and remove the Rustock threat from these orphaned systems and have had considerable success in the early parts of this work.
This report gives an overview of the Win32/Rustock family of rootkit-enabled backdoor trojans, its functionality and how it works. It also shows the direct impact of the takedown operation. The SIR also verifies something we have long believed: that Rustock-infected computers are also very likely to be infected with other malware. For example, DCU and MMPC conducted an experiment in which they infected a computer with Win32/Harnig, which is known to infect a computer with Rustock, in order to see what additional malware was installed. Within five minutes of installation, a wide variety of additional malware and potentially unwanted software had been downloaded and installed onto the infected computer – and many of these threats are themselves designed to eventually download even more malware. The SIR also has details about how we defeated Rustock in the courts, providing lots of previously undisclosed details from the legal and enforcement sides of the operation.
You can read more about the Rustock reduction rate on the Microsoft blog today, and definitely be sure to check out the latest Special Edition Security Intelligence Report: Battling the Rustock Threat.
Microsoft Malware Protection Center
Leave a reply