22 Eylül 2011 Perşembe

Rustock Civil Case Closed: Microsoft Refers Criminal Evidence to FBI

Rustock Civil Case Closed: Microsoft Refers Criminal Evidence to FBI:

Six months after I first wrote about how the Microsoft Digital Crimes Unit, Microsoft Malware Protection Center, Trustworthy Computing and our partners shut down the Rustock botnet, I am pleased to report that we have successfully concluded our civil case against the Rustock botnet operators. We’re now referring the matter, and the discovery gathered during our civil case, to the FBI for criminal review.

As you may have read in this morning’s edition of CNET, on Sept. 13th, Judge James L. Robart, of the U.S. District Court for the Western District of Washington ruled that the domain names and Internet protocol addresses used to host the botnet would be effectively removed from the defendants’ control. This case not only enabled the take down of a botnet known to be one of the single largest sources of spam on the Internet, but it is now helping to ensure that this botnet will never be used for cybercrime again. However, we’re not stopping here.

We are also turning over all of the evidence we collected during discovery and our investigation to the FBI, to help ensure those responsible for operating the Rustock botnet are held accountable for their actions. It is important to note that Microsoft ‘s $250,000 reward offer for information that leads to the arrest and conviction of Rustock’s operators remains in effect, but now any tips should be sent directly to the FBI at MS_Referrals@ic.fbi.gov.

We are also continuing to work with Internet service providers (ISPs) and Community Emergency Response Teams (CERTS) around the world to undo the damage Rustock has caused, and help people regain control of their computers. We already see great progress, with our estimates showing that as of Sept. 13th, the Rustock botnet has decreased in size by almost 75 percent since we took it down in March.

We also have positive new numbers to share in regards to Rustock infection rates per country, since we released our special edition Security Intelligence Report (SIR) on Rustock in June.

Worldwide Rustock reduction rate (by observed known IP address infections):


Observed
Mar 20-26, 2011


Observed
Sept 11-17, 2011



Reduction
Mar – Sept 2011



1,601,619



421,827



73.66%

Top 10 infected countries at start of Rustock takedown:

Country



Observed Mar 20-26, 2011



Reduction
Mar – Sept 2011



India



322,566



85.47%



Russia



93,703



82.76%



Turkey



89,122



68.43%



USA



86,375



58.01%



Italy



53,656



62.31%



Brazil



46,978



72.32%



Ukraine



45,828



83.84%



Germany



43,946



66.43%



Malaysia



42,541



83.60%



Mexico



39,648



72.54%



Top 10 infected countries as of today:


Country



Observed
Sept 11-17, 2011



Reduction
Mar – Sept 2011



India



46,865



85.47%



USA



36,269



58.01%



Turkey



28,135



68.43%



Italy



20,225



62.31%



Russia



16,150



82.76%



France



15,037



51.66%



Germany



14,753



66.43%



Brazil



13,005



72.32%



United Kingdom



11,521



49.98%



Poland



11,493



64.78%

Although there have been significant strides in cleaning up computers infected with Rustock malware, this is a long-term effort. We continue to provide free tools and information to clean your computer at support.microsoft.com/botnets.

Lastly, we take what we learn from the cases we have filed under the Project MARS program and leverage it to build a stronger and more robust intelligence database. We are releasing new videos today that give a precise moment-to-moment view of what the footprint of the Rustock and Waledac botnets looked like worldwide as of yesterday as infected computers continue to attempt to check into them. Intelligence like this has already helped in the cleanup effort with ISPs and CERTs around the world and we are looking at other ways of applying this in our quest to disrupt the infrastructure used by cyber criminals. Stay tuned for more information on this – and our ongoing fight against cybercrime – in the coming weeks.

Fighting botnets will always be a complex and difficult endeavor as cybercriminals find new and creative ways to infect peoples’ computers with malware, whether for financial gain or simply to be disruptive. However, the good guys are making progress and this latest legal victory is yet another blow to the botherders’ business. This takedown not only caused spam levels to drop, but more importantly, hit these criminals where it counts – in the pocketbook.

By taking out Rustock’s infrastructure, we disrupted the botherders’ enterprise, and it is disruptive action like this that will have a positive impact in the fight against botnets. The FBI and the Department of Justice used a similar approach to take down the Coreflood botnet in April, and we hope others will join us in using this strategy, because only collaboration will win out in the long run.

Posted by Richard Domingues Boscovich
Senior Attorney, Microsoft Digital Crimes Unit

Hiç yorum yok:

Yorum Gönder