Rustock still down, Microsoft pursues the botherders

Microsoft believes that the individuals behind the (still crippled) Rustock botnets are located in Russia, so it placed advertisements in the The Moscow News and the Delovoy Petersburg in the attempt to notify them of the proceeding against them.

“By placing these quarter-page ads, which will run for 30 days, we honor our legal obligation to make a good faith effort to contact the owners of the IP address and domain names that were shut down when Rustock was taken offline,” says Richard Boscovich, Senior Attorney with Microsoft’s Digital Crimes Unit. “The ads notify them of the takedown as well as the date, time and location of hearings where they will have an opportunity to make their case.”

They have also sent notice of the complaint and court orders to the postal and e-mail addresses given by the defendants when they signed up for IP addresses and domains used to control the botnet.

According to the latest status report Microsoft posted on a dedicated domain regarding the case, they are also continuing their investigation into the Webmoney account through which some of the command and control servers were bought and its apparent owner – one Vladimir Alexandrovich Shergin, apparently living in Khimki, near Moscow – and into the nickname “Cosma2k”, associated with the individual who signed up for a number of the command and control servers.

In the meantime, the Rustock botnet is still “dead”. “Our technical countermeasures have worked effectively to prevent the bot’s self-defense mechanisms from reanimating it,” says Boscovich. “Moreover, in the months since the takedown, we’ve seen the number of infected IP addresses (a loose proxy for the number of infected computers) decline as more and more people update their software or get malware removed from their PCs.”