Microsoft details Rustock botnet takedown

[Don McKenzie]

1 Hour Ago

Microsoft details Rustock botnet takedown

A million bots at a loose end, still infected.

Microsoft has revealed how it decapitated one of the world’s largest botnets, Rustock, capable of sending out billions
of pharmaceutical spam a day.

The sudden end to Rustock spam late last week was the “denouement” of a multi-month joint effort codenamed "Operation
b107" between Microsoft, drug company Pfizer and authorities in the US and the Netherlands.

The takedown was both technical and legal, with Microsoft employing the same strategy it used against the Waledac botnet
operators by filing a "John Doe" law suit against the anonymous operators of Rustock.

Arguing its case for a court order to be issued, Microsoft told a Washington Seattle District Court that the unknown
botnet operator had caused harm to Microsoft and other members of the public in Washington.

At its height in 2010, Rustock was responsible for 47.5 per cent of the world's spam, according to Symantec.

After obtaining the court order, US Marshalls officers last week seized Rustock’s command and control servers from five
hosting centres in seven locations across the US.

Full Story:
http://www.itnews.com.au/News/251801,microsoft-details-rustock-botnet-takedown.aspx

Cheers Don...

====================================


--
Don McKenzie

Dontronics Blog: http://www.GodzillaSeaMonkey.com
Dontronics Site Map: http://www.dontronics.com/sitemap
E-Mail Contact Page: http://www.dontronics.com/email
Web Camera Page: http://www.dontronics.com/webcam
No More Damn Spam: http://www.dontronics.com/spam

These products will reduce in price by 5% every month:
http://www.dontronics-shop.com/minus-5-every-month.html
http://www.dontronics-shop.com/ics.html

Bare Proto PCB for PIC or AVR projects?
"I'd buy that for a Dollar!".

 

[David Eather]

On 21/03/2011 5:57 AM, Don McKenzie wrote:

1 Hour Ago

Microsoft details Rustock botnet takedown

A million bots at a loose end, still infected.

Microsoft has revealed how it decapitated one of the world’s largest
botnets, Rustock, capable of sending out billions of pharmaceutical spam
a day.

The sudden end to Rustock spam late last week was the “denouement” of a
multi-month joint effort codenamed "Operation b107" between Microsoft,
drug company Pfizer and authorities in the US and the Netherlands.

The takedown was both technical and legal, with Microsoft employing the
same strategy it used against the Waledac botnet operators by filing a
"John Doe" law suit against the anonymous operators of Rustock.

Arguing its case for a court order to be issued, Microsoft told a
Washington Seattle District Court that the unknown botnet operator had
caused harm to Microsoft and other members of the public in Washington.

At its height in 2010, Rustock was responsible for 47.5 per cent of the
world's spam, according to Symantec.

After obtaining the court order, US Marshalls officers last week seized
Rustock’s command and control servers from five hosting centres in seven
locations across the US.

Full Story:
http://www.itnews.com.au/News/251801,microsoft-details-rustock-botnet-takedown.aspx


Cheers Don...

====================================

It made a big difference! Never thought I'd say - Well done Microsoft!

 

[atec77]

On 21/03/2011 9:08 AM, kreed wrote:

On Mar 21, 5:57 am, Don McKenzie<5...@2.5A> wrote:
1 Hour Ago

Microsoft details Rustock botnet takedown

A million bots at a loose end, still infected.

Microsoft has revealed how it decapitated one of the world’s largest botnets, Rustock, capable of sending out billions
of pharmaceutical spam a day.

The sudden end to Rustock spam late last week was the “denouement” of a multi-month joint effort codenamed "Operation
b107" between Microsoft, drug company Pfizer and authorities in the US and the Netherlands.

The takedown was both technical and legal, with Microsoft employing the same strategy it used against the Waledac botnet
operators by filing a "John Doe" law suit against the anonymous operators of Rustock.

Arguing its case for a court order to be issued, Microsoft told a Washington Seattle District Court that the unknown
botnet operator had caused harm to Microsoft and other members of the public in Washington.

At its height in 2010, Rustock was responsible for 47.5 per cent of the world's spam, according to Symantec.

After obtaining the court order, US Marshalls officers last week seized Rustock’s command and control servers from five
hosting centres in seven locations across the US.

Full Story:http://www.itnews.com.au/News/251801,microsoft-details-rustock-botnet...

Cheers Don...

====================================

--
Don McKenzie

Dontronics Blog: http://www.GodzillaSeaMonkey.com
Dontronics Site Map:http://www.dontronics.com/sitemap
E-Mail Contact Page:http://www.dontronics.com/email
Web Camera Page: http://www.dontronics.com/webcam
No More Damn Spam: http://www.dontronics.com/spam

These products will reduce in price by 5% every month:http://www.dontronics-shop.com/minus-5-every-month.htmlhttp://www.dontronics-shop.com/ics.html

Bare Proto PCB for PIC or AVR projects?
"I'd buy that for a Dollar!".

And within a short time, it will be back up and running again as
though nothing happened
Possibly but it all comes down to the degree of prosecution and

incarceration

--
X-No-Archive: Yes

 

[kreed]

On Mar 21, 5:57 am, Don McKenzie <5...@2.5A> wrote:

1 Hour Ago

Microsoft details Rustock botnet takedown

A million bots at a loose end, still infected.

Microsoft has revealed how it decapitated one of the world’s largest botnets, Rustock, capable of sending out billions
of pharmaceutical spam a day.

The sudden end to Rustock spam late last week was the “denouement” of a multi-month joint effort codenamed "Operation
b107" between Microsoft, drug company Pfizer and authorities in the US and the Netherlands.

The takedown was both technical and legal, with Microsoft employing the same strategy it used against the Waledac botnet
operators by filing a "John Doe" law suit against the anonymous operators of Rustock.

Arguing its case for a court order to be issued, Microsoft told a Washington Seattle District Court that the unknown
botnet operator had caused harm to Microsoft and other members of the public in Washington.

At its height in 2010, Rustock was responsible for 47.5 per cent of the world's spam, according to Symantec.

After obtaining the court order, US Marshalls officers last week seized Rustock’s command and control servers from five
hosting centres in seven locations across the US.

Full Story:http://www.itnews.com.au/News/251801,microsoft-details-rustock-botnet...

Cheers Don...

===================================
--
Don McKenzie

Dontronics Blog:    http://www.GodzillaSeaMonkey.com
Dontronics Site Map:http://www.dontronics.com/sitemap
E-Mail Contact Page:http://www.dontronics.com/email
Web Camera Page:    http://www.dontronics.com/webcam
No More Damn Spam:  http://www.dontronics.com/spam

These products will reduce in price by 5% every month:http://www.dontronics-shop.com/minus-5-every-month.htmlhttp://www.dontronics-shop.com/ics.html

Bare Proto PCB for PIC or AVR projects?
"I'd buy that for a Dollar!".

And within a short time, it will be back up and running again as
though nothing happened

 

[Don McKenzie]

On 21-Mar-11 10:53 AM, atec77 wrote:

And within a short time, it will be back up and running again as
though nothing happened
Possibly but it all comes down to the degree of prosecution and incarceration

Wikipedia just reported its demise.
http://en.wikipedia.org/wiki/Rustock_botnet

Rustock botnet
From Wikipedia, the free encyclopedia

The Rustock botnet was a botnet that operated from around 2006 until March 2011.

Cheers Don...

=========================


--
Don McKenzie

Dontronics Blog: http://www.GodzillaSeaMonkey.com
Dontronics Site Map: http://www.dontronics.com/sitemap
E-Mail Contact Page: http://www.dontronics.com/email
Web Camera Page: http://www.dontronics.com/webcam
No More Damn Spam: http://www.dontronics.com/spam

These products will reduce in price by 5% every month:
http://www.dontronics-shop.com/minus-5-every-month.html
http://www.dontronics-shop.com/ics.html

Bare Proto PCB for PIC or AVR projects?
"I'd buy that for a Dollar!".

 

[atec77]

On 21/03/2011 12:16 PM, Don McKenzie wrote:

On 21-Mar-11 10:53 AM, atec77 wrote:

And within a short time, it will be back up and running again as
though nothing happened
Possibly but it all comes down to the degree of prosecution and
incarceration

Wikipedia just reported its demise.
http://en.wikipedia.org/wiki/Rustock_botnet

Rustock botnet
From Wikipedia, the free encyclopedia

The Rustock botnet was a botnet that operated from around 2006 until
March 2011.

Cheers Don...

=========================


Never bothered us being filtered at my news server

--
X-No-Archive: Yes

 

[Peter Howard]

Don McKenzie wrote:

1 Hour Ago

Microsoft details Rustock botnet takedown

A million bots at a loose end, still infected.

Microsoft has revealed how it decapitated one of the world’s largest
botnets, Rustock, capable of sending out billions of pharmaceutical
spam a day.
The sudden end to Rustock spam late last week was the “denouement” of
a multi-month joint effort codenamed "Operation b107" between
Microsoft, drug company Pfizer and authorities in the US and the
Netherlands.
The takedown was both technical and legal, with Microsoft employing
the same strategy it used against the Waledac botnet operators by
filing a "John Doe" law suit against the anonymous operators of
Rustock.
Arguing its case for a court order to be issued, Microsoft told a
Washington Seattle District Court that the unknown botnet operator
had caused harm to Microsoft and other members of the public in
Washington.
At its height in 2010, Rustock was responsible for 47.5 per cent of
the world's spam, according to Symantec.
After obtaining the court order, US Marshalls officers last week
seized Rustock’s command and control servers from five hosting
centres in seven locations across the US.
Full Story:
http://www.itnews.com.au/News/251801,microsoft-details-rustock-botnet-takedown.aspx

Cheers Don...

====================================

Good news indeed. Just goes to show what can be done if enough money, lawyers
and influence is thrown at the problem. Hope this isn't the end of it and
progress is being made at tracking down the anonymous operators. I suggest that
a speedy trial and public hanging from the nearest lamp post would be a fair
thing.

I've just read a message in my spam trap from a nice Christian Dutch lady who
is terminally ill in hospital. In accordance with her late husbands wishes she
wants to transfer her entire fortune to me so that I can distribute it to worthy
charitable causes. Well it makes a change from emails from the brother-in-law of
the late Oil Minister of Nigeria.
PH

 

[son of a bitch]

For a minute there, I thought Microshit might have fixed the actual
Problem, their own servers spam detection (useless at the best of times)

But no, it's easier to shut down the network creating the spam than
fix their own software.

 

[terryc]

Don McKenzie wrote:

At its height in 2010, Rustock was responsible for 47.5 per cent of the
world's spam, according to Symantec.

Funny, but I haven't seen pharma spam for years. The servers were well
listed on spam blockers that I use.

 

[Sylvia Else]

On 21/03/2011 10:53 AM, atec77 wrote:

On 21/03/2011 9:08 AM, kreed wrote:

And within a short time, it will be back up and running again as
though nothing happened
Possibly but it all comes down to the degree of prosecution and
incarceration

Likely to be none.

Sylvia.

 

[Polly the Parrott]

On Sun, 20 Mar 2011 16:08:59 -0700 (PDT), kreed
<kenreed1999@gmail.com> wrote:

And within a short time, it will be back up and running again as
though nothing happened

Rod Speed is reported to be very upset.

No where now to buy his Viagra!

 

[son of a bitch]

On 2011/03/21 18:57, terryc wrote:

Don McKenzie wrote:

At its height in 2010, Rustock was responsible for 47.5 per cent of
the world's spam, according to Symantec.

Funny, but I haven't seen pharma spam for years. The servers were well
listed on spam blockers that I use.

If microshit did checksum verification and delayed deliveries for
unverified senders then almost all spam on microshit servers could be
avoided.

Microshits spam detection is basically
Keywords: Totally useless today
Bayesian: Almost Totally useless today
Blacklists: Effective up to a point

And still, the biggest source of spam comes from Microshits hotmail

 

[Don McKenzie]

On 21-Mar-11 6:57 AM, Don McKenzie wrote:

1 Hour Ago

Microsoft details Rustock botnet takedown

A million bots at a loose end, still infected.

Of course, you don't have to put up with Email Spam:
http://dontronics-shop.blogspot.com/2011/03/no-more-damn-spam.html

Cheers Don...

=====================


--
Don McKenzie

Dontronics Blog: http://www.GodzillaSeaMonkey.com
Dontronics Site Map: http://www.dontronics.com/sitemap
E-Mail Contact Page: http://www.dontronics.com/email
Web Camera Page: http://www.dontronics.com/webcam
No More Damn Spam: http://www.dontronics.com/spam

These products will reduce in price by 5% every month:
http://www.dontronics-shop.com/minus-5-every-month.html
http://www.dontronics-shop.com/ics.html

Bare Proto PCB for PIC or AVR projects?
"I'd buy that for a Dollar!".

 

Glad to see the PHP page is still going strong!

Most of the spam I get these days (usually max of 10 or so a day) are
directly through my ISP mail accounts (which I never divulge to
anybody) so they are just "dictionary attacks" - usually confirmed by
the large number of CCs to other people using my ISP.

In fact I haven't changed my "main" e-mail address since 2006 as I
very rarely get any spam through there these days.

Cheers
Alan

ps. noticed I get a mention in the blog post - famous at last



On Tue, 22 Mar 2011 06:18:39 +1100, Don McKenzie <5V@2.5A> wrote:

On 21-Mar-11 6:57 AM, Don McKenzie wrote:
1 Hour Ago

Microsoft details Rustock botnet takedown

A million bots at a loose end, still infected.

Of course, you don't have to put up with Email Spam:
http://dontronics-shop.blogspot.com/2011/03/no-more-damn-spam.html

Cheers Don...

=====================

 

[Don McKenzie]

On 22-Mar-11 2:01 PM, noon@128.0.0.1 wrote:

Glad to see the PHP page is still going strong!

Most of the spam I get these days (usually max of 10 or so a day) are
directly through my ISP mail accounts (which I never divulge to
anybody) so they are just "dictionary attacks" - usually confirmed by
the large number of CCs to other people using my ISP.

In fact I haven't changed my "main" e-mail address since 2006 as I
very rarely get any spam through there these days.

Cheers
Alan

ps. noticed I get a mention in the blog post - famous at last

G'day Alan,

Hardly famous, but I'll always be grateful for your input on that one. It changed the way I deal with Spam forever.
As a matter of course, I change my addy annually, but there is possibly no need to now.

My Spam level is so small, I have to have conversations with Nigerian Scammers to fill in my day.

Here is today's example:
I just advertised my Olimex boards on graigslist.org, as I was told it would pick up many back links to my site when
google indexes it. I don't know it that is true or not, but thought I would give it a try and see.

It wasn't for a specific product, just a general ad for Micro programmers and development boards. I did however decide
to use the graiglist email address associated with that ad, that directs email onto me. I have the option of hiding it also.

Here is what I got this morning:

=====================================
dave.malvin@gmail.com
please is your item available for sale and good working condition?

this message was remailed to you via: sale-xffq9-xxxxxxxxxxxx@craigslist.org
=====================================
Hi,
Which specific item were you interested in?
Cheers Don...
=====================================
Hello,
Am Bianca Alvise from United Kingdom ,I am interested in the
immediate purchase of this item and I shall be paying through a BANK
TRANSFER,I am sending this item to Lagos Nigeria in West Africa Region
because am presenting it to my younger wife just for her Birthday
ceremony Present becouse she went there with her other selected team
on a project execution and it is needed urgently . As for shipment,
get me the shipping cost .becouse i want it shipped via REGISTERED
MAIL or DHL. Can this be done ? . If yes, please get back to me as
soon as possible with your full name and bank details so that I can
proceed with the payment I am wait your response to move this
transaction forward.
=====================================
as there are 500+ different items in the range, which one do you want?
Cheers Don...
=====================================
Hello, what did you said?
=====================================
How many do you want?
What colour?
Do you want with door handles, or without?
Sizes, do you want S, M, L, XL, XXL, XXXL, or BBBB, which is what we call here "BluddyBigBlackBugger"?
Do you need them with the optional WitchetyGrubs?
If you can tell me exactly what you want, we can give you our bank account details, and get the goods to you in Nigeria,
as I don't want to delay too long.
Sales have been very poor, and I have to make some money for my Grand mothers heart operation.
Cheers Don...
=====================================

I am still waiting to hear back.

My apologies to any BBBB sized people out there. Was all that came to mind at the time.

Cheers Don...

=====================================




--
Don McKenzie

Dontronics Blog: http://www.GodzillaSeaMonkey.com
Dontronics Site Map: http://www.dontronics.com/sitemap
E-Mail Contact Page: http://www.dontronics.com/email
Web Camera Page: http://www.dontronics.com/webcam
No More Damn Spam: http://www.dontronics.com/spam

These products will reduce in price by 5% every month:
http://www.dontronics-shop.com/minus-5-every-month.html
http://www.dontronics-shop.com/ics.html

Bare Proto PCB for PIC or AVR projects?
"I'd buy that for a Dollar!".

 

[atec77]

On 22/03/2011 2:26 PM, Don McKenzie wrote:

On 22-Mar-11 2:01 PM, noon@128.0.0.1 wrote:
Glad to see the PHP page is still going strong!

Most of the spam I get these days (usually max of 10 or so a day) are
directly through my ISP mail accounts (which I never divulge to
anybody) so they are just "dictionary attacks" - usually confirmed by
the large number of CCs to other people using my ISP.

In fact I haven't changed my "main" e-mail address since 2006 as I
very rarely get any spam through there these days.

Cheers
Alan

ps. noticed I get a mention in the blog post - famous at last

G'day Alan,

Hardly famous, but I'll always be grateful for your input on that one.
It changed the way I deal with Spam forever.
As a matter of course, I change my addy annually, but there is possibly
no need to now.

My Spam level is so small, I have to have conversations with Nigerian
Scammers to fill in my day.

Here is today's example:
I just advertised my Olimex boards on graigslist.org, as I was told it
would pick up many back links to my site when google indexes it. I don't
know it that is true or not, but thought I would give it a try and see.

It wasn't for a specific product, just a general ad for Micro
programmers and development boards. I did however decide to use the
graiglist email address associated with that ad, that directs email onto
me. I have the option of hiding it also.

Here is what I got this morning:

=====================================
dave.malvin@gmail.com
please is your item available for sale and good working condition?

this message was remailed to you via:
sale-xffq9-xxxxxxxxxxxx@craigslist.org
=====================================
Hi,
Which specific item were you interested in?
Cheers Don...
=====================================
Hello,
Am Bianca Alvise from United Kingdom ,I am interested in the
immediate purchase of this item and I shall be paying through a BANK
TRANSFER,I am sending this item to Lagos Nigeria in West Africa Region
because am presenting it to my younger wife just for her Birthday
ceremony Present becouse she went there with her other selected team
on a project execution and it is needed urgently . As for shipment,
get me the shipping cost .becouse i want it shipped via REGISTERED
MAIL or DHL. Can this be done ? . If yes, please get back to me as
soon as possible with your full name and bank details so that I can
proceed with the payment I am wait your response to move this
transaction forward.
=====================================
as there are 500+ different items in the range, which one do you want?
Cheers Don...
=====================================
Hello, what did you said?
=====================================
How many do you want?
What colour?
Do you want with door handles, or without?
Sizes, do you want S, M, L, XL, XXL, XXXL, or BBBB, which is what we
call here "BluddyBigBlackBugger"?
Do you need them with the optional WitchetyGrubs?
If you can tell me exactly what you want, we can give you our bank
account details, and get the goods to you in Nigeria, as I don't want to
delay too long.
Sales have been very poor, and I have to make some money for my Grand
mothers heart operation.
Cheers Don...
=====================================

I am still waiting to hear back.

My apologies to any BBBB sized people out there. Was all that came to
mind at the time.

Cheers Don...

=====================================




A while back out of boredom my friend fiddled with a big bad faker

set an account
took the deposit and refused to send the difference eventually sending
them a bill for fake fees and of course a copy of all transactions and
email to new Scotland yard etc etc .never heard a thing more about it
and he no longer gets any begging awards either
The faaker got very shitty about not getting his difference sent in
time , quite amusing for a day or two

--
X-No-Archive: Yes

 

[Alan]

On Tue, 22 Mar 2011 15:26:54 +1100, Don McKenzie <5V@2.5A> wrote:

My Spam level is so small, I have to have conversations with Nigerian Scammers to fill in my day.

I usually don't bother with whatever spam comes in today - what little
does arrive I deal with through Mailwasher - nice little programme!

I do like to have fun with the "Microsoft Support Centre" guys from
India that seem to call me from time to time. The last one I had a
very nice 5 minute chat with about how my windows were all working
fine because I had just repainted then and put new grease on the
hinges, same as the doors. Told him I would call a carpenter if I
found I have a virus in them so I could get them fixed.

My usual response though is to play dumb (quite easy!) and express joy
at having won the computer from them as I've always wanted a computer!
And how soon will it arrive, etc. Normally keeps them going for a few
minutes till they get cheesed off - but at least they're not annoying
some other poor so and so.

Talking about Nigerian scams - I remember about 8 or 9 years ago the
boss where I was working was very excited about this fax from Nigeria
and the "outstanding opportunity" it offered. Took quite a while to
convinse him it was a scam.

Alan

--
Sell your surplus electronic components athttp://ozcomponents.com
Search or browse for that IC, capacitor,
crystal or other component you need.
Or find new components athttp://auscomponents.com

 

[Don McKenzie]

On 22-Mar-11 6:30 PM, Alan wrote:

Talking about Nigerian scams - I remember about 8 or 9 years ago the
boss where I was working was very excited about this fax from Nigeria
and the "outstanding opportunity" it offered. Took quite a while to
convinse him it was a scam.

Alan

my two daughters live on the internet, and it seems every 6 or 12 months, I am warning them about some new phising
attack method, or scam, as there are some very smart operators out there. Getting very sophisticated.

Like the dummy front panels on ATMs. What a trap that would have been for anyone when they first pulled that one.

Now spammers are using your first name, last name, and paypal email address, to get you to click on their site.
With only paypal having my paypal email address, I know it is an internal security breach on their behalf. I was warned
about it, then I got 2 emails like this, changed email addresses, and it stopped.

Cheers Don...

--
Sell your surplus electronic components athttp://ozcomponents.com
Search or browse for that IC, capacitor,
crystal or other component you need.
Or find new components athttp://auscomponents.com

--
Don McKenzie

Dontronics Blog: http://www.GodzillaSeaMonkey.com
Dontronics Site Map: http://www.dontronics.com/sitemap
E-Mail Contact Page: http://www.dontronics.com/email
Web Camera Page: http://www.dontronics.com/webcam
No More Damn Spam: http://www.dontronics.com/spam

These products will reduce in price by 5% every month:
http://www.dontronics-shop.com/minus-5-every-month.html
http://www.dontronics-shop.com/ics.html

Bare Proto PCB for PIC or AVR projects?
"I'd buy that for a Dollar!".