Microsoft is offering a bounty for the operators behind the Rustock botnet, which the company helped disable in March. Before it went offline, the botnet was capable of sending billions of spam emails per day.
In exchange for information that leads to the identification, arrest and conviction of those individuals, Microsoft is now willing to pay some $250,000. This comes on the heels of Microsoft’s civil lawsuit filed against Rustock’s anonymous operators. The company claims that, in addition to sending untold amounts of spam messages, Rustock was also responsible for crimes ranging from advertising counterfeit drugs to trademark violations, and that hundreds of thousands of computers worldwide remain infected with the botnet’s malware.
“This reward offer stems from Microsoft’s recognition that the Rustock botnet is responsible for a number of criminal activities and serves to underscore our commitment to tracking down those behind it,” Richard Boscovich, senior attorney for Microsoft’s Digital Crimes Unit, wrote in a July 18 email posted on The Official Microsoft Blog. “The legal action Microsoft has taken in civil court has already been successful, helping us take down the Rustock botnet and disrupt its operations.”
Before its shutdown, estimates of Rustock’s size varied between 1.1 million and 1.7 million infected computers, and the botnet may have been responsible for 47.5 percent of all spam sent worldwide by the end of 2010. Microsoft blocked the IP addresses controlling the botnet, in conjunction with a coordinated seizure of Rustock command-and-control servers located at five hosting providers in seven U.S. cities: Denver; Scranton, Pa.; Kansas City; Dallas; Chicago; Seattle; and Columbus, Ohio.
The takedown operation, referred to as Operation b107, was part of Project MARS (Microsoft Active Response for Security), a joint effort between Microsoft’s Digital Crimes Unit, Microsoft Malware Protection Center and Trustworthy Computing.
Microsoft’s previous big-botnet killing, in February 2010, kicked off when a federal judge in Virginia issued a temporary restraining order that cut off the 277 Internet domains associated with Waledac, which was blamed for producing more than 1.5 million spam messages per day. Having infected hundreds of thousands of computers around the world, Waledac was considered a big enough threat to attract the attention of not only Microsoft, but also Symantec, Shadowserver Foundation, the University of Washington and a handful of others joined together in an initiative termed “Operation b49.”
At the time, security experts questioned whether such legal maneuvers would ultimately be sufficient to curb the increasingly endemic issue of botnets. Microsoft’s latest bounty on Rustock’s operators suggests the company is taking ever-harder steps to deal with the threat.