Microsoft is offering a $250,000 bounty for information leading to the identification and conviction of the Rustock botnet's operators.
Microsoft is offering a bounty for the operators behind the
Rustock botnet, which the company helped disable in March. Before it went
offline, the botnet was capable of sending billions of spam emails per day.
In exchange for information that leads to the identification,
arrest and conviction of those individuals, Microsoft is now willing to pay some
$250,000. This comes on the heels of Microsoft's civil lawsuit filed against
Rustock's anonymous operators. The company claims that, in addition to sending
untold amounts of spam messages, Rustock was also responsible for crimes
ranging from advertising counterfeit drugs to trademark violations, and that
hundreds of thousands of computers worldwide remain infected with the botnet's
"This reward offer stems from Microsoft's recognition that
the Rustock botnet is responsible for a number of criminal activities and
serves to underscore our commitment to tracking down those behind it," Richard
Boscovich, senior attorney for Microsoft's Digital Crimes Unit, wrote in a July
18 email posted on The
Official Microsoft Blog
. "The legal action Microsoft has taken in civil
court has already been successful, helping us take down the Rustock botnet and
disrupt its operations."
Before its shutdown, estimates of Rustock's size varied
between 1.1 million and 1.7 million infected computers, and the botnet may have
been responsible for 47.5 percent of all spam sent worldwide by the end of
2010. Microsoft blocked the IP addresses controlling the botnet, in conjunction
with a coordinated seizure of Rustock command-and-control servers located at
five hosting providers in seven U.S. cities: Denver;
Scranton, Pa.; Kansas City; Dallas; Chicago;
Seattle; and Columbus, Ohio.
The takedown operation, referred to as Operation b107, was
part of Project MARS (Microsoft Active Response for Security), a joint effort
between Microsoft's Digital Crimes Unit, Microsoft Malware Protection Center
and Trustworthy Computing.
Microsoft's previous big-botnet killing, in February 2010,
kicked off when a federal judge in Virginia issued a temporary restraining
order that cut off the 277 Internet domains associated with Waledac, which was
blamed for producing more than 1.5 million spam messages per day. Having
infected hundreds of thousands of computers around the world, Waledac was
considered a big enough threat to attract the attention of not only Microsoft,
but also Symantec, Shadowserver Foundation, the University of Washington and a
handful of others joined together in an initiative termed "Operation b49."
At the time, security experts questioned whether such legal
maneuvers would ultimately be sufficient to curb the increasingly endemic issue
of botnets. Microsoft's latest bounty on Rustock's operators suggests the
company is taking ever-harder steps to deal with the threat.
Nicholas Kolakowski on Twitter