The Rustock botnet was a botnet that operated from around 2006[1] until March 2011.
It consisted of computers running Microsoft Windows, and was capable of sending up to 25,000 spam messages per hour from an infected PC.[2][3] At the height of its activities, it sent an average of 192 spam messages per compromised machine per minute.[4] Reported estimates on its size vary greatly across different sources, with claims that the botnet may have comprised anywhere between 150,000 and 2,400,000 machines.[5][6][7] The size of the botnet was increased and maintained mostly through self-propagation, where the botnet sent many malicious e-mails intended to infect machines opening them with a trojan which would incorporate the machine into the botnet.[8]
The botnet took a hit after the 2008 takedown of McColo, an ISP which was responsible for hosting most of the botnet's command and control servers. McColo regained Internet connectivity for several hours, and in those hours up to 15 Mbit a second of traffic was observed, likely indicating a transfer of command and control to Russia.[9] While these actions temporarily reduced global spam levels by around 75%, the effect did not last long: spam levels increased by 60% between January and June 2009, 40% of which was attributed to the Rustock botnet.[10][11]
On March 16, 2011, the botnet was taken down through what was initially reported as a coordinated effort by Internet service providers and software vendors.[12] It was revealed the next day that the take-down, called Operation b107,[13][14] was the action of Microsoft, U.S. federal law enforcement agents, FireEye, and the University of Washington.[15][16]
To capture the individuals involved with the Rustock botnet, on July 18, 2011, Microsoft is offering "a monetary reward in the amount of US$250,000 for new information that results in the identification, arrest and criminal conviction of such individual(s)."[17]
^Chuck Miller (2008-07-25). "The Rustock botnet spams again". SC Magazine US. Archived from the original on 2012-07-30. Retrieved 2010-04-21.
^"Real Viagra sales power global spam flood - Techworld.com". News.techworld.com. Archived from the original on 2012-04-07. Retrieved 2010-04-21.
^"Marshal8e6 Releases New Insight and Analysis into Botnets". trustwave.com. Chicago, IL, USA: Trustwave Holdings. 2009-04-22. Archived from the original on 2016-04-20. Retrieved 2014-01-09.
^"Symantec Announces August 2010 MessageLabs Intelligence Report". Symantec. Sunnyvale, CA, USA: Symantec. 2010-08-24. Archived from the original on August 28, 2010. Retrieved 2014-01-09.
^"MessageLabs intelligence" (PDF). MessageLabs. April 2010. Retrieved 20 November 2010.
^"Biggest spammer? The Rustock botnet |". Securityinfowatch.com. 2009-02-06. Archived from the original on 2020-06-18. Retrieved 2010-04-21.
^"Rustock botnet responsible for 40 percent of spam". Good Gear Guide. Retrieved August 25, 2010.
^"Dead network provider arms Rustock botnet from the hereafter - McColo dials Russia as world sleeps". The Register. 18 November 2008. Retrieved 20 November 2010.
^"Rustock botnet leads spam surge up 60 percent in 2009". MX Logic. 2009-07-14. Retrieved 2010-04-21.
^"Grum and Rustock botnets drive spam to new levels > Botnet > Vulnerabilities & Exploits > News > SC Magazine Australia/NZ". securecomputing.net.au. 2010-03-02. Retrieved 2010-04-21.
^Hickins, Michael (2011-03-17). "Prolific Spam Network Is Unplugged". Wall Street Journal. Retrieved 2011-03-17.
The Rustockbotnet was a botnet that operated from around 2006 until March 2011. It consisted of computers running Microsoft Windows, and was capable...
Grum and Rustockbotnets - Security". Thetechherald.com. Archived from the original on 2010-07-21. Retrieved 2010-07-30. "MessageLabs: Botnets a threat...
breaking it. Many large botnets tend to use domains rather than IRC in their construction (see Rustockbotnet and Srizbi botnet). They are usually hosted...
full extent of the law. The DCU has taken down many major botnets such as the Citadel, Rustock, and Zeus. Around the world malware has cost users about...
Storm botnet or Storm worm botnet (also known as Dorf botnet and Ecard malware) was a remotely controlled network of "zombie" computers (or "botnet") that...
'spambot'.[citation needed] Anti-spam techniques Botnet Dead Internet theory List poisoning Rustockbotnet Spamtrap Spider trap Votebots "Tinder Is Being...
behind another botnet, named Rustock. According to Symantec, the code used in the Srizbi trojan is very similar to the code found in the Rustock trojan, and...
FireEye participated to take down the Mega-D botnet (also known as Ozdok). On March 16, 2011, the Rustockbotnet was taken down through action by Microsoft...
botnets and their impact, December 9, 2009, Top 10 botnets and their impact, Help Net Security The top 10 'most wanted' spam-spewing botnetsRustock,...
"Rustock - The King of All Other Botnets". SPAMfighter. January 1, 1990. Retrieved July 30, 2010. "The top 10 'most wanted' spam-spewing botnets". Networkworld...
buyers due to being widely blacklisted. Botnet Oleg Nikolaenko, whose arrest also reduced worldwide spam Rustockbotnet, one of the largest spambots ever built...
sensitive data) and installs more malware on the victim's computer. May 6: Rustock.C, a hitherto-rumored spambot-type malware with advanced rootkit capabilities...