Special Edition Security Intelligence Report: Battling the Rustock Threat
On March 16, 2011, Microsoft Digital Crimes Unit (DCU) in cooperation with industry and academic experts had successfully taken down the Win32/Rustock botnet. At the time of the takedown, Rustock was estimated to have had approximately a million infected computers operating under its control and known to be capable of sending billions of spam email messages every day, including fake Microsoft lottery scams and offers for fake â€“ and potentially dangerous â€“ prescription drugs.
Read an overview of the Win32/Rustock family of rootkit-enabled backdoor Trojans background, functionality, how it works, and threat telemetry data with analysis for 2010 to May 2011. This document provides legal and technical action used to takedown the Rustock botnet and how to detect and remove the threat using Microsoft antimalware products.
For current Rustock botnet activities and updates, visit the Microsoft on the Issues blog.