Rustock Botnet

Welcome back to the security fringe, your source for insight into the malicious happenings of The Internet. Back in mid-2010, the US government vowed to take action against botnets sending out medical spam. In teaming up with Microsoft, they met tremendous success. They confiscated over 96 servers in 7 different cities across America, that acted as C&C centers pushing commands to zombie machines. If you look far back, I talked on botnet's previously, saying only the C&C needs to be shut down to liberate a botnet. With the Rustock botnet, there were many C&C servers set up with specific sub 'armies' of zombie machines. These many C&C servers would then receive master commands from publicly accessible sources, so that the true server was never revealed. Unfortunately, they did not report catching the criminals responsible, which is a major part of law enforcement. Another point of failure for Operation b107, they didn't free the zombie machines (by patching vulns and removing backdoors, as commands pushed out of the C&Cs), meaning other C&C's could effectively recapture these zombie computer's easily. But I don't mean to belittle the facts, this is a huge victory in terms of cyber security. Here's the full March 2011 botnet intelligence report, most definitely an interesting topic.