$250K bounty for Rustock kingpins offered by Microsoft

2011-07-19 10:26 AM
By: John P. Mello, Jr.

Spammers turned to crime

One of the world's largest software companies continued its relentless pursuit of the leaders of what was once one of the world's largest gushers of spam by placing a $250,000 bounty on their heads.

"In order to determine the identities of the John Doe defendants principally responsible for the control of the Rustock botnet, Microsoft Corporation is offering a $ 250,000.00 dollar reward (USD) for any new information that results in the identification, arrest and criminal conviction of whoever is responsible for the control of the Rustock bot-net," the company declared in a posting on the Internet.

"Anyone with such information should contact Microsoft Corporation by email to avreward@microsoft.com," it continued. "Microsoft Corporation reserves the exclusive right to review and evaluate the legitimacy of all leads submitted, and further reserves the right to provide such leads to United States law enforcement."

Microsoft's senior manager for corporate blogs, Jeffrey Meisner, explained the software maker's motivation behind its latest move against Rustock in a company blog. "This reward offer stems from Microsoft's recognition that the Rustock botnet is responsible for a number of criminal activities and serves to underscore our commitment to tracking down those behind it," he wrote.

"While the primary goal for our legal and technical operation has been to stop and disrupt the threat that Rustock has posed for everyone affected by it," he added, "we also believe the Rustock bot-herders should be held accountable for their actions."

He explained that the legal action Microsoft took in civil court was successful in taking down and disrupting the operation of Rustock, which was a notorious spam giant, with a capacity for spewing 30 billion spam mails every day.

Indeed, since the Rustock takedown, spam volumes have declined, a sign, according to some spam fighters, that Microsoft's action has forced junk mailers to rethink how they operate. "Spammer tactics are changing as spam levels flat-lined this quarter to the lowest levels in around three years, primarily due to the highly-publicized Rustock botnet takedown," Commtech, a cyber security firm in Sunnyvale, CA, noted in its Internet Threats Report for July.

In addition to its spamming operations, Meisner observed, Rustock was responsible for a number of other crimes as well, including advertising counterfeit or unapproved versions of pharmaceuticals, and violating the trademarks of Pfizer and Microsoft.

While the Rustock botnet infection base has been cut in half in the short time since the takedown, he said, there are still hundreds of thousands of infected computers around the world yet to be cleaned of the botnet malware.

"Microsoft has already been gathering strong evidence in our ongoing investigation and this reward aims to take that effort a step further," he added. "We will continue to follow this case wherever it leads us and remain committed to working with our partners around the world to help people regain control of their Rustock-infected computers."

Microsoft's bounty offer follows a campaign launched in June to get Rustock's leaders to come out of the shadows through a series of advertisements in Russian newspapers. "By placing these quarter-page ads, which will run for 30 days, we honor our legal obligation to make a good faith effort to contact the owners of the IP address and domain names that were shut down when Rustock was taken offline," Richard Boscovich, senior attorney with Microsoft's Digital Crimes Unit, wrote in a company blog.

"Although history suggests that the people associated with the IP addresses and domain names connected with the Rustock botnet are unlikely to come forward in response to a court summons, we hope the defendants in this case will present themselves," he added. "If they do not, however, we will continue to pursue this case, including possibly within the Russian judicial system, if necessary."

http://www.gsnmagazine.com/node/23952?c ... responders