Botnet Rustock is no longer

As you may have read on several news sites, the botnet Rustock, one of the world’s most active spam-generating networks, is no longer since last week (R.I.P. ;-)) on March 16th, 2011.

The Microsoft Digital Crimes Unit (or DCU), together with other agencies and organisation like the U.S. Marshalls, started an operation, under the name “Operation b107”, to take out the C&C servers at multiple locations in the US, which are responsible for managing the infected zombie computers in the botnet, leading the botnet decapitated.

The Rustock botnet was one of the major players on the internet when it comes to spam and infected zombie computers. With an estimated account of approx 1 million infected computers it had a capacity for sending out up to 30 billion spam messages per day ranging from fake Microsoft lottery scams and offers for prescription drugs.

It was not the first attempt of Microsoft to take down an botnet organisation. Earlier on, in February 2010, Microsoft did managed to get hands on +250 domains  that where used in the Waladec botnet.


Read more about Rustock and the take down:

Microsoft: Taking Down Botnets: Microsoft and the Rustock Botnet

Wall Street Journal:  Spam Network Shut Down

FireEye: An overview of Rustock

Krebs On Security: Rustock Botnet Fed by U.S. Firms

3 thoughts on “Botnet Rustock is no longer

  1. FWIW, I received “United Parcel Service notification 81539” in my spam folder @ 11:49 AM (EDT) today (March 28, 20011) from email address: with identical phrasing:
    “Dear customer.

    The parcel was sent your home address.
    And it will arrive within 3 business day.

    More information and the tracking number are attached in document below.

    Thank you.
    © 1994-2011 United Parcel Service of America, Inc.”

    File Attached:

    As usual, I did not open the attachmnet and I notified UPS.

    Stay safe, they’re still at it!

Comments are closed.