Rustock
   HOME

TheInfoList



Click Here for Items Related To - Rustock
OR:
Rustock on:   [Wikipedia]   [Google]   [Amazon]

The Rustock botnet was a botnet that operated from around 2006 until March 2011. It consisted of computers running Microsoft Windows, and was capable of sending up to 25,000
spam Spam may refer to: * Spam (food), a canned pork meat product * Spamming, unsolicited or undesired electronic messages ** Email spam, unsolicited, undesired, or illegal email messages ** Messaging spam, spam targeting users of instant messaging ( ...
messages per hour from an infected PC. At the height of its activities, it sent an average of 192 spam messages per compromised machine per minute. Reported estimates on its size vary greatly across different sources, with claims that the botnet may have comprised anywhere between 150,000 and 2,400,000 machines. The size of the botnet was increased and maintained mostly through self-propagation, where the botnet sent many malicious e-mails intended to infect machines opening them with a trojan which would incorporate the machine into the botnet. The botnet took a hit after the 2008 takedown of McColo, an
ISP An Internet service provider (ISP) is an organization that provides services for accessing, using, or participating in the Internet. ISPs can be organized in various forms, such as commercial, community-owned, non-profit, or otherwise private ...
which was responsible for hosting most of the botnet's command and control servers. McColo regained
Internet The Internet (or internet) is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a '' network of networks'' that consists of private, pub ...
connectivity for several hours, and in those hours up to 15
Mbit The megabit is a multiple of the unit bit for digital information. The prefix mega (symbol M) is defined in the International System of Units (SI) as a multiplier of 106 (1 million), and therefore :1 megabit = = = 1000 kilobits. The megabit h ...
a second of traffic was observed, likely indicating a transfer of command and control to
Russia Russia (, , ), or the Russian Federation, is a List of transcontinental countries, transcontinental country spanning Eastern Europe and North Asia, Northern Asia. It is the List of countries and dependencies by area, largest country in the ...
. While these actions temporarily reduced global spam levels by around 75%, the effect did not last long: spam levels increased by 60% between January and June 2009, 40% of which was attributed to the Rustock botnet. On March 16, 2011, the botnet was taken down through what was initially reported as a coordinated effort by Internet service providers and software vendors. It was revealed the next day that the take-down, called Operation b107, was the action of
Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washing ...
, U.S. federal law enforcement agents, FireEye, and the
University of Washington The University of Washington (UW, simply Washington, or informally U-Dub) is a public research university in Seattle, Washington. Founded in 1861, Washington is one of the oldest universities on the West Coast; it was established in Seattle a ...
. To capture the individuals involved with the Rustock botnet, on July 18, 2011, Microsoft is offering "a monetary reward in the amount of US$250,000 for new information that results in the identification, arrest and criminal conviction of such individual(s)."


Operations

Botnets are composed of infected computers used by unwitting Internet users. In order to hide its presence from the user and
anti-virus software Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware. Antivirus software was originally developed to detect and remove computer viruses, hence the name. ...
, the Rustock botnet employed rootkit technology. Once a computer was infected, it would seek contact with
command-and-control server A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...
s at a number of IP addresses and any of 2,500 domains and backup domains that may direct the
zombies A zombie (Haitian French: , ht, zonbi) is a mythological undead corporeal revenant created through the reanimation of a corpse. Zombies are most commonly found in horror and fantasy genre works. The term comes from Haitian folklore, in whic ...
in the botnet to perform various tasks such as sending spam or executing distributed denial of service (DDoS) attacks. Ninety-six servers were in operation at the time of the takedown. When sending spam the botnet uses TLS encryption in around 35 percent of the cases as an extra layer of protection to hide its presence. Whether detected or not, this creates additional overhead for the mail servers handling the spam. Some experts pointed out that this extra load could negatively impact the mail infrastructure of the Internet, as most of the e-mails sent these days are spam.


See also

* Botnet *
Helpful worm A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. It often uses a computer network to spread itself, relying on security failures on the target computer to access it. It wil ...
* McColo * Operation: Bot Roast *
Srizbi botnet Srizbi BotNet is considered one of the world's largest botnets, and responsible for sending out more than half of all the spam being sent by all the major botnets combined. The botnets consist of computers infected by the Srizbi trojan, which sen ...
*
Zombie (computer science) In computing, a zombie is a computer connected to the Internet that has been compromised by a hacker via a computer virus, computer worm, or trojan horse program and can be used to perform malicious tasks under the remote direction of the hac ...
*
Alureon Alureon (also known as TDSS or TDL-4) is a trojan and rootkit created to steal data by intercepting a system's network traffic and searching for banking usernames and passwords, credit card data, PayPal information, social security numbers, and oth ...
*
Conficker Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows OS software and dictionary attacks on administrator passw ...
*
Gameover ZeuS GameOverZeus is a peer-to-peer botnet based on components from the earlier ZeuS trojan. The malware was created by Russian hacker Evgeniy Mikhailovich Bogachev. It is believed to have been spread through use of the Cutwail botnet. Unlike its pr ...
*
Storm botnet The Storm botnet or Storm worm botnet (also known as Dorf botnet and Ecard malware) was a remotely controlled network of "zombie" computers (or "botnet") that had been linked by the Storm Worm, a Trojan horse spread through e-mail spam. At ...
*
Bagle (computer worm) Bagle (also known as Beagle) was a mass-mailing computer worm affecting Microsoft Windows. The first strain, Bagle.A, did not propagate widely. A second variant, Bagle.B, was considerably more virulent. Overview Bagle used its own SMTP engine ...
*
ZeroAccess botnet ZeroAccess is a Trojan horse computer malware that affects Microsoft Windows operating systems. It is used to download other malware on an infected machine from a botnet while remaining hidden using rootkit techniques. History and propagation Th ...
*
Regin (malware) Regin (also known as Prax or QWERTY) is a sophisticated malware and hacking toolkit used by United States' National Security Agency (NSA) and its British counterpart, the Government Communications Headquarters (GCHQ). It was first publicly reveal ...
*
Cyberwarfare by Russia Cyberwarfare by Russia includes denial of service attacks, hacker attacks, dissemination of disinformation and propaganda, participation of state-sponsored teams in political blogs, internet surveillance using SORM technology, persecution of c ...
* Zeus (malware)


References

{{Botnets Internet security Multi-agent systems Distributed computing projects Spamming Botnets