Microsoft’s Digital Crime Unit announced the takedown of one of the world’s largest bot networks that leveraged “approximately a million infected computers” and was capable of sending up to 30 billion spam emails per day. Researchers watched a single Rustock-infected computer send 7,500 spam emails in just 45 minutes – a rate of 240,000 spam mails per day.
These scams included fake Microsoft lottery scams, but it appears that the bulk of the spam sent via this botnet focused on advertising counterfeit or unapproved knock-off versions of pharmaceuticals.
The Rustock spambot was officially taken offline yesterday after a federal investigation into the criminal operators behind the bot ended. The investigation began as a result of Microsoft suing the spammers. (Don’t know what as bot is? Read my post What are Bots, Zombies, and Botnets?)
Here is an excerpt from Microsoft’s blog post:
Botnets are known to be the tool of choice for cybercriminals to conduct a variety of online attacks, using the power of thousands of malware-infected computers around the world to send spam, conduct denial-of-service attacks on websites, spread malware, facilitate click fraud in online advertising and much more. This particular botnet is no exception.
….Spam is annoying and it can advertise potentially dangerous or illegal products. It is also significant as a symptom of greater threats to Internet health. Although Rustock’s primary use appears to have been to send spam, it’s important to note that a large botnet can be used for almost any cybercrime a bot-herder can dream up. Botnets are powerful and, with a simple command, can be switched from a spambot to a password thief or DDOS attacker.
Again, DCU’s research shows there may be close to 1 million computers infected with Rustock malware, all under the control of the person or people operating the network like a remote army, usually without the computer’s owner even aware that his computer has been hijacked. Bot-herders infect computers with malware in a number of ways, such as when a computer owner visits a website booby-trapped with malware and clicks on a malicious advertisement or opens an infected e-mail attachment. Bot-herders do this so discretely that owners often never suspect their PC is living a double life.
It’s like a gang setting up a drug den in someone’s home while they’re on vacation and coming back to do so every time the owner leaves the house, without the owner ever knowing anything is happening. Home owners can better protect themselves with good locks on their doors and security systems for their homes. Similarly, computer owners can be better protected from malware if they run up-to-date software – including up-to-date antivirus and antimalware software – on their computers.
Finally, we encourage every computer owner to make sure their machine isn’t doing a criminal’s dirty work. If you believe your computer may be infected by Rustock or other type of malware, we encourage you to visit support.microsoft.com/botnets for free information and resources to clean your computer.
What this means to you
You must protect your internet connected devices. Unlike your toaster, the internet is not a plug-it-in-and-go experience.
- It requires installing, or turning on security software onto your devices – and then setting the software to auto-update so it keeps your safety level current.
- It requires creating strong passwords to log-in to the computer.
- It requires ensuring any WiFi connection is password protected.
- It requires changing passwords periodically
- It requires getting educated on how to avoid scams, spam, and protect your privacy.
It also requires that you step up to your civic duty of protecting others. An infected device is the digital equivalent of Typhoid Mary – you may not intend to send infected documents, or be part of a botnet spewing spam and scams, contributing to denial of service attacks, or spreading viruses, but if you haven’t taken security precautions to keep your devices clean, you are part of the problem.