Feeds

Rustock zombies halved as clean-up efforts continue

Leaderless undead remotely brain-shot from Redmond

SANS - Survey on application security programs

The zombie machines which formerly powered the infamous Rustock botnet are down to half their original number, according to Microsoft.

Redmond ran a successful takedown operation back in March that effectively knocked out Rustock's command and control nodes. That meant that infected PCs were no longer being sent spam templates or other instructions while doing nothing to alter the fact that they were contaminated with malware.

Subsequent efforts, including the addition of Rustock botnet disinfection agents to the Microsoft Malicious Software Removal tool, have reduced the number of infected hosts by more than half.

Worldwide Rustock infection rates are down from a zombie count of 1.6 million in the middle of March to 703,000 in the week ending 18 June, the latest available figures. India, the US and Turkey are the most infected countries, but the malware itself remains widely spread across the world, as explained in a blog post here.

Microsoft has pledged to continue its clean-up efforts. In the meantime it is chasing leads on the owners and operators of the botnet. The Rustock control servers were rented by two Russians - Vladimir Alexandrovich Shergin and Dmitri A Sergeev - who have each become key suspects in the case.

Rustock began operation in 2006 and, at its peak, accounted for more than 13.8 billion spam emails daily, most of which punted unlicensed pharmaceutical websites. The take down operation was the second of its type. Microsoft was also heavily involved in the takedown of the Waledac botnet in March 2010.

A Special Edition of Microsoft's Security Intelligence Report provides more information on the Rustock threat and can be found here. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.