fbpx
Wikipedia

Rustock botnet

March 17, 2024

The Rustock botnet was a botnet that operated from around 2006[1] until March 2011.

It consisted of computers running Microsoft Windows, and was capable of sending up to 25,000 spam messages per hour from an infected PC.[2][3] At the height of its activities, it sent an average of 192 spam messages per compromised machine per minute.[4] Reported estimates on its size vary greatly across different sources, with claims that the botnet may have comprised anywhere between 150,000 and 2,400,000 machines.[5][6][7] The size of the botnet was increased and maintained mostly through self-propagation, where the botnet sent many malicious e-mails intended to infect machines opening them with a trojan which would incorporate the machine into the botnet.[8]

The botnet took a hit after the 2008 takedown of McColo, an ISP which was responsible for hosting most of the botnet's command and control servers. McColo regained Internet connectivity for several hours, and in those hours up to 15 Mbit a second of traffic was observed, likely indicating a transfer of command and control to Russia.[9] While these actions temporarily reduced global spam levels by around 75%, the effect did not last long: spam levels increased by 60% between January and June 2009, 40% of which was attributed to the Rustock botnet.[10][11]

On March 16, 2011, the botnet was taken down through what was initially reported as a coordinated effort by Internet service providers and software vendors.[12] It was revealed the next day that the take-down, called Operation b107,[13][14] was the action of Microsoft, U.S. federal law enforcement agents, FireEye, and the University of Washington.[15][16]

To capture the individuals involved with the Rustock botnet, on July 18, 2011, Microsoft is offering "a monetary reward in the amount of US$250,000 for new information that results in the identification, arrest and criminal conviction of such individual(s)."[17]

Operations edit

Botnets are composed of infected computers used by unwitting Internet users. In order to hide its presence from the user and anti-virus software, the Rustock botnet employed rootkit technology. Once a computer was infected, it would seek contact with command-and-control servers at a number of IP addresses and any of 2,500 domains and backup domains[18] that may direct the zombies in the botnet to perform various tasks such as sending spam or executing distributed denial of service (DDoS) attacks.[19] Ninety-six servers were in operation at the time of the takedown.[20] When sending spam the botnet uses TLS encryption in around 35 percent of the cases as an extra layer of protection to hide its presence. Whether detected or not, this creates additional overhead for the mail servers handling the spam. Some experts pointed out that this extra load could negatively impact the mail infrastructure of the Internet, as most of the e-mails sent these days[when?] are spam.[21]

See also edit

References edit

  1. ^ Chuck Miller (2008-07-25). . SC Magazine US. Archived from the original on 2012-07-30. Retrieved 2010-04-21.
  2. ^ . News.techworld.com. Archived from the original on 2012-04-07. Retrieved 2010-04-21.
  3. ^ . trustwave.com. Chicago, IL, USA: Trustwave Holdings. 2009-04-22. Archived from the original on 2016-04-20. Retrieved 2014-01-09.
  4. ^ "Symantec Announces August 2010 MessageLabs Intelligence Report". symantec.com. Sunnyvale, CA, USA: Symantec. 2010-08-24. Retrieved 2014-01-09.
  5. ^ "MessageLabs intelligence" (PDF). MessageLabs. April 2010. Retrieved 20 November 2010.
  6. ^ . Securityinfowatch.com. 2009-02-06. Archived from the original on 2020-06-18. Retrieved 2010-04-21.
  7. ^ "Rustock botnet responsible for 40 percent of spam". Good Gear Guide. Retrieved August 25, 2010.
  8. ^ "New Rustock Botnet Trying to Expand Itself". SPAMfighter. 2008-07-25. Retrieved 2010-04-21.
  9. ^ "Dead network provider arms Rustock botnet from the hereafter - McColo dials Russia as world sleeps". The Register. 18 November 2008. Retrieved 20 November 2010.
  10. ^ "Rustock botnet leads spam surge up 60 percent in 2009". MX Logic. 2009-07-14. Retrieved 2010-04-21.
  11. ^ "Grum and Rustock botnets drive spam to new levels > Botnet > Vulnerabilities & Exploits > News > SC Magazine Australia/NZ". securecomputing.net.au. 2010-03-02. Retrieved 2010-04-21.
  12. ^ Hickins, Michael (2011-03-17). "Prolific Spam Network Is Unplugged". Wall Street Journal. Retrieved 2011-03-17.
  13. ^ Williams, Jeff. "Operation b107 - Rustock Botnet Takedown". Retrieved 2011-03-27.
  14. ^ Bright, Peter (22 March 2011). "How Operation b107 decapitated the Rustock botnet". Ars Technica. Retrieved 2011-03-27.
  15. ^ Wingfield, Nick (2011-03-18). "Spam Network Shut Down". Wall Street Journal. Retrieved 2011-03-18.
  16. ^ Williams, Jeff. "Operation b107 - Rustock Botnet Takedown". Retrieved 2011-04-06.
  17. ^ "Microsoft Offers Reward for Information on Rustock". Retrieved 2011-07-18.
  18. ^ Microsoft Amended Application for Temporary Restraining Order. Case 11CV00222, US Fed. Ct. W.D. Wash., Feb 28 2011
  19. ^ Prince, Brian (2009-07-28). "Security: A Day in the Life of the Rustock Botnet". EWeek. Retrieved 20 November 2010.
  20. ^ "Spammers sought after botnet takedown". BBC News. 2011-03-25.
  21. ^ "Beware Botnet's Return, Security Firms Warn". PCWorld. 2010-03-28. Retrieved 2010-04-21.

March 17, 2024
rustock, botnet, botnet, that, operated, from, around, 2006, until, march, 2011, consisted, computers, running, microsoft, windows, capable, sending, spam, messages, hour, from, infected, height, activities, sent, average, spam, messages, compromised, machine,. The Rustock botnet was a botnet that operated from around 2006 1 until March 2011 It consisted of computers running Microsoft Windows and was capable of sending up to 25 000 spam messages per hour from an infected PC 2 3 At the height of its activities it sent an average of 192 spam messages per compromised machine per minute 4 Reported estimates on its size vary greatly across different sources with claims that the botnet may have comprised anywhere between 150 000 and 2 400 000 machines 5 6 7 The size of the botnet was increased and maintained mostly through self propagation where the botnet sent many malicious e mails intended to infect machines opening them with a trojan which would incorporate the machine into the botnet 8 The botnet took a hit after the 2008 takedown of McColo an ISP which was responsible for hosting most of the botnet s command and control servers McColo regained Internet connectivity for several hours and in those hours up to 15 Mbit a second of traffic was observed likely indicating a transfer of command and control to Russia 9 While these actions temporarily reduced global spam levels by around 75 the effect did not last long spam levels increased by 60 between January and June 2009 40 of which was attributed to the Rustock botnet 10 11 On March 16 2011 the botnet was taken down through what was initially reported as a coordinated effort by Internet service providers and software vendors 12 It was revealed the next day that the take down called Operation b107 13 14 was the action of Microsoft U S federal law enforcement agents FireEye and the University of Washington 15 16 To capture the individuals involved with the Rustock botnet on July 18 2011 Microsoft is offering a monetary reward in the amount of US 250 000 for new information that results in the identification arrest and criminal conviction of such individual s 17 Operations editBotnets are composed of infected computers used by unwitting Internet users In order to hide its presence from the user and anti virus software the Rustock botnet employed rootkit technology Once a computer was infected it would seek contact with command and control servers at a number of IP addresses and any of 2 500 domains and backup domains 18 that may direct the zombies in the botnet to perform various tasks such as sending spam or executing distributed denial of service DDoS attacks 19 Ninety six servers were in operation at the time of the takedown 20 When sending spam the botnet uses TLS encryption in around 35 percent of the cases as an extra layer of protection to hide its presence Whether detected or not this creates additional overhead for the mail servers handling the spam Some experts pointed out that this extra load could negatively impact the mail infrastructure of the Internet as most of the e mails sent these days when are spam 21 See also editBotnet Helpful worm McColo Operation Bot Roast Srizbi botnet Zombie computer science Alureon Conficker Gameover ZeuS Storm botnet Bagle computer worm ZeroAccess botnet Regin malware Cyberwarfare by Russia Zeus malware References edit Chuck Miller 2008 07 25 The Rustock botnet spams again SC Magazine US Archived from the original on 2012 07 30 Retrieved 2010 04 21 Real Viagra sales power global spam flood Techworld com News techworld com Archived from the original on 2012 04 07 Retrieved 2010 04 21 Marshal8e6 Releases New Insight and Analysis into Botnets trustwave com Chicago IL USA Trustwave Holdings 2009 04 22 Archived from the original on 2016 04 20 Retrieved 2014 01 09 Symantec Announces August 2010 MessageLabs Intelligence Report symantec com Sunnyvale CA USA Symantec 2010 08 24 Retrieved 2014 01 09 MessageLabs intelligence PDF MessageLabs April 2010 Retrieved 20 November 2010 Biggest spammer The Rustock botnet Securityinfowatch com 2009 02 06 Archived from the original on 2020 06 18 Retrieved 2010 04 21 Rustock botnet responsible for 40 percent of spam Good Gear Guide Retrieved August 25 2010 New Rustock Botnet Trying to Expand Itself SPAMfighter 2008 07 25 Retrieved 2010 04 21 Dead network provider arms Rustock botnet from the hereafter McColo dials Russia as world sleeps The Register 18 November 2008 Retrieved 20 November 2010 Rustock botnet leads spam surge up 60 percent in 2009 MX Logic 2009 07 14 Retrieved 2010 04 21 Grum and Rustock botnets drive spam to new levels gt Botnet gt Vulnerabilities amp Exploits gt News gt SC Magazine Australia NZ securecomputing net au 2010 03 02 Retrieved 2010 04 21 Hickins Michael 2011 03 17 Prolific Spam Network Is Unplugged Wall Street Journal Retrieved 2011 03 17 Williams Jeff Operation b107 Rustock Botnet Takedown Retrieved 2011 03 27 Bright Peter 22 March 2011 How Operation b107 decapitated the Rustock botnet Ars Technica Retrieved 2011 03 27 Wingfield Nick 2011 03 18 Spam Network Shut Down Wall Street Journal Retrieved 2011 03 18 Williams Jeff Operation b107 Rustock Botnet Takedown Retrieved 2011 04 06 Microsoft Offers Reward for Information on Rustock Retrieved 2011 07 18 Microsoft Amended Application for Temporary Restraining Order Case 11CV00222 US Fed Ct W D Wash Feb 28 2011 Prince Brian 2009 07 28 Security A Day in the Life of the Rustock Botnet EWeek Retrieved 20 November 2010 Spammers sought after botnet takedown BBC News 2011 03 25 Beware Botnet s Return Security Firms Warn PCWorld 2010 03 28 Retrieved 2010 04 21 Retrieved from https en wikipedia org w index php title Rustock botnet amp oldid 1210288487, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.