Indian link to Rustock Botnet
By Sumir Singh

On March 16, 2011, Microsoft announced that the Microsoft Digital Crimes Unit, in cooperation with industry and academic experts, had successfully taken down the Win32 / Rustock botnet. At the time of the takedown, Rustock was estimated to have had approximately a million infected computers operating under its control and was sending billions of spam email messages every day.

The Spam messages included fake Microsoft lottery scams and offers for fake – and potentially dangerous – prescription drugs. Microsoft’s proactive and aggressive attack on this spam giant was hailed as a new benchmark in the fight against cyber criminals.

Microsoft has released a detailed report on how it brought down the Rustock spam botnet. This Microsoft Security Intelligence Report is based on data till May 2011, and has a strong India link as well

“
Infected computers in the United States generated the most sinkhole* traffic during week 1 after takedown, with 55.8 million hits. Following the United States were France (13.7 million hits), Turkey (13.4 million), Canada (11.4 million), India (7.3 million), and Brazil (7.1 million). Some locations with large numbers of computers nevertheless generated relatively few hits, including China (423,078 hits in week 1), Chile (500,925), Denmark (539,577), and Norway (581,263).

The number of IP addresses contacting the sinkhole decreased 44.2 percent between the 1st and 8th week after the takedown, as Rustock variants were removed from affected computers by antivirus software and through other means such as scripts, removal tools and computer reinstallation.
“

*Sinkhole is a honey pot used to capture spam traffic to understand its command and control systems.