Microsoft Handover The Rustock Botnet Case to FBI

Microsoft lawyers have sealed their victory over the operators of what was once the world's biggest source of spam after winning a court case giving them permanent control over the IP addresses and servers used to host the Rustock botnet. The seizure was completed earlier this month when a federal judge in Washington state awarded Microsoft summary judgement in its novel campaign against Rustock, which at its height enslaved about 1.6 million PCs and sent 30 billion spam messages per day. The complex legal action ensured that IP addresses and more than two dozen servers for Rustock were seized simultaneously to prevent the operators from regrouping.
Now the attorneys are turning over the evidence obtained in the case to the FBI in hopes that the Rustock operators can be tracked down and prosecuted. Microsoft has already offered a $250,000 bounty for information leading to their conviction. It has also turned up the pressure by placing ads in Moscow newspapers to satisfy legal requirements that defendants be given notice of the pending lawsuit.
According to court documents, the Rustock ringleader is a Russian citizen who used the online handle Cosma2k to buy IP addresses that hosted many of the Rustock command and control servers. Microsoft investigators claimed the individual distributed malware and was involved in illegal spam pitching pharmaceutical drugs.
“This suggests that 'Cosma2k' is directly responsible for the botnet as a whole, such that the botnet code itself bore part of this person’s online nickname,” the Microsoft motion stated. In a blog post published Thursday, Microsoft said the number of PCs still infected by Rustock malware continued to drop. As of last week, a fewer than 422,000 PCs reported to the seized IP addresses, almost a 74 percent decline from late March. It also represented significant progress since June, when almost 703,000 computers were observed.
The Rustock takedown has been a rare bright spot in the ongoing fight against computer crime. After it was initiated, federal authorities waged a similar campaign against Coreflood, another notorious botnet estimated to have infected 2 million PCs since 2002. In a step never before taken in the US, federal prosecutors obtained a court order allowing them to set up a substitute command and control server that forces infected machines to temporarily stop running the underlying malware. Taking down botnets is a good start, but it does little stop criminals from setting up new ones. Microsoft's determination in tracking down Cosma2k and his cronies could go a step further, by showing would-be botherders there are consequences to their crimes, no matter where in the world they may be located.

-News Source (Microsoft, Register & CNET)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft Handover The Rustock Botnet Case to FBI"https://www.voiceofgreyhat.com/2011/09/microsoft-handover-rustock-botnet-case.html</a>

Microsoft is Offering Reward to Fight Against Cyber Crime & SPAM

Microsoft puts on the Superhero outfit this week and battles Cyber Crime and SPAM by offering a $250,000 reward for information about the Rustock Botnet.
What is the Rustock Botnet? A "botnet" is a system made up of computers that are used for malicious purposes, such as hacking, spreading SPAM, and so on. The Russian-based Rustock Botnet is responsible for a lot of those messages you get trying to sell you Viagra or suspicious-sounding drugs, pirated copies of software, fake designer goods and other SPAM. According to ZDNet, it can send out 30 billion SPAM emails every day.
Last month, Microsoft posted notices in two Russian newspapers to let Rustock know they were out to get them by starting a civil lawsuit. Now, they've stepped things up by offering the $250,000 reward to anyone who can give information leading to the identification and arrest of the operators behind the Rustock Botnet.

Microsoft has already helped cut the Rostock operation by over half. The company deserves praise for taking this stand and targeting this evil company on behalf of computer users worldwide.
At its Official Blog, Microsoft gives a lot of technical information about the Rustock Botnet and their efforts to take it down. Users can help, too, by making sure their computers are not vulnerable. Keep your software up to date, install anti-virus software, and use firewalls, even though they are annoying. They will help protect you and stop these ruthless botnets like Rustock.

And, hey, if you happen to have some information about who's behind Rustock, maybe you can grab $250,000.

-News Source (TG)

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Microsoft is Offering Reward to Fight Against Cyber Crime & SPAM"https://www.voiceofgreyhat.com/2011/07/microsoft-is-offering-reward-to-fight.html</a>

Attackers target applications

Software applications rather than operating systems or web browsers were the favoured target of cyber attackers last year, although the total number of application vulnerabilities was significantly down compared to 2009, a new report from Microsoft has shown.

Microsoft’s latest Security Intelligence Report found that overall, the industry’s disclosure of vulnerabilities – holes in software that bad guys can exploit – has been declining since 2006. Microsoft attributed this to better development practices and quality control on the part of developers, which it said results in more secure software.
Attacks exploiting weaknesses in Java rose sharply during the third quarter of 2010, beating every other kind of exploitation tracked by Microsoft’s Malware Protection Centre. Exploits using HTML and JavaScript increased steadily throughout the year and continue to represent a large portion of exploits, the report said.
In the third quarter, the number of Java attacks increased to fourteen times the number recorded in the previous quarter, following the discovery of two vulnerabilities in the Java Virtual Machine. These flaws alone accounted for 85pc of the Java exploits detected in the second half of 2010. By the end of the year Java exploits far outnumbered all other types of software vulnerabilities such as HTML/Script, operating systems, document readers and even Adobe Flash.

Drop-offs in flow of spam

The flow of spam also saw two massive drop-offs during last year, in September and December, which Microsoft said was due to the elimination of two sources – the Cutwail Spambot and Rustock. While Cutwail was taken out as part of an operation by security researchers, Rustock re-emerged in January and has begun sending spam again.
Now in its tenth year, Microsoft’s Security Intelligence Report provides in-depth perspectives on software vulnerabilities, exploits, malicious and potentially unwanted software and security breaches in both Microsoft and third party software.
The full report can be downloaded here.  

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Attackers target applications"https://www.voiceofgreyhat.com/2011/05/attackers-target-applications.html</a>

An army of techies waging war on spam

It's a vast, invisible battle, going on all the time - and, unbeknownst to you, your computer may be one of the battlegrounds.
The struggle pits thousands of smart, evil folks, who send out trillions of pieces of spam e-mail, against the people in law enforcement and business guarding against them and trying to shut them down.
On the front lines against spam and cybercrime, some analyze malicious computer code (malware), and others - in the young science of cyberforensics - examine computers and drives confiscated in investigations.
Spam - hated word - is again in the news. A May 3 FBI alert warned of e-mail carrying purported images or videos of Osama bin Laden. "This will leave you speechless)," the spam says. "See picture of bin laden dead!"
Don't even open it, warned the alert. "This malicious software or malware can embed itself in computers and spread to users' contact lists, thereby infecting the systems of associates, friends, and family members."
Pumped out by networks (botnets) of malware-enslaved personal computers, unwanted e-mail - random junk, ads, porn, viruses, Trojan horses, get-rich-quick offers from Nigerian nobility - makes up most of all e-mail sent in the world. By far. Estimates range around 80 percent - but a 2007 Microsoft security report in October put it at 97 percent. It ranges from crud to criminal. As for malware, the United States has about 2.2 million computers (more than any other country) infected, according to Microsoft numbers (likely to be low).
"I guarantee," says FBI Special Agent Brian Herrick, director of the FBI Cyber Crime Squad in Philadelphia, "that thousands of Inquirer readers probably have computers infected with spam or malware, part of a botnet just pumping out spam."
The cyberthugs have an advantage, says Special Agent Cerena Coughlin, also of the Cyber Crime Squad. "We can stop them for a while, but they always come up with ways to circumvent it. And we're more restricted. We have to follow the letter of the law - they don't."
The extent of it is staggering. Before U.S. marshals took it down in March, the Rustock botnet was pumping out an estimated 30 billion spam e-mails a day. The botnets - big names include ZeuS, SpyEye, Dogma, Koobface, and Alureon - are run by criminal groups that use servers and supercomputers in several countries. Tracing their activity is extremely difficult and calls for highly skilled technical workers.
One of 16 such FBI squads in the country, the Philadelphia Cyber Crime Squad has 15 agents working full-time on cybercrime; the national program began in 1996. Working with national and international agencies, the squad studies and traces viruses, junk, and spam. Cases involve computer intrusions (everything from local hackers to international cyberespionage and terrorism), child exploitation (as in pornography), intellectual-property rights (copyright infringement, movies, music, software, proprietary business secrets), Internet fraud, and identity theft.
Coughlin says, "We are insanely busy. This is the third-busiest squad in the country, because of where it is and all the affected business and government concerns nearby. We don't have enough bodies for all the work there is."
In the Philadelphia area, the FBI joins hands with local businesses such as banks, agribusiness, and utilities (enterprises often attacked by spam and cybercrime) in a group called InfraGard. There are more than 1,400 local members - "So many people want to be part of it that we don't even need to solicit members," Coughlin says.
At monthly meetings, members share information, news, and tips. The FBI gives presentations and talks, and individual members speak about the cases they face. "It's a communication channel," Herrick says, "between the U.S. government and people in industry down in the trenches, looking to protect critical infrastructure."
Current president of the local chapter of InfraGard is Brian Schaeffer, chief information officer of Liberty Bell Bank in Marlton. He says, "I get thousands of cyberattacks a day. A lot of them are idiots just wanting to show what they can do. But a lot of them are looking to access banking information."
Like most banks, Liberty Bell has a strong firewall, "so hackers take a back-door approach," sending bank clients "phishing" e-mails - which pretend to be trustworthy communications but hide nasty intentions. "If a client even opens such an e-mail, they can get into their account information, their contacts, the keys to the kingdom."
Such attacks mean that "not only do I have to defend my own system, but also I try to help the customers with theirs. If their computers get infected, their account and credit information could get sold to strangers, and that could hurt us all." Schaeffer tells of an elderly couple who came to his bank one day, and just by coincidence, a bank clerk brought him a suspicious request "to withdraw a huge amount of money from their account - but there they were, sitting with us, so we knew some hackers had got at their information through e-mail."
He says InfraGard "has given me a network of people I can go to if I see things I never saw before. If I have a question, there's likely to be someone with an answer."
The other side of the battle is cyberforensics. Think of it as CSI with computers. It's happening right now, with the cache of computers, flash drives, and other cyberstuff taken from Osama bin Laden's compound in Abbottabad, Pakistan. U.S. agents instantly began to analyze this precious trove for criminal evidence - and links to other al-Qaeda operatives.
Work much like this goes on in Radnor at the FBI's Regional Computer Forensics Laboratory, one of 16 such labs in the country. As with InfraGard, the flavor is distinctly federal/local. Law enforcement agencies - such as the police departments of Philadelphia, Lancaster, Lower Merion, and Lower Providence - send officers to guest-work at the lab and receive training and experience in fighting computer crime.
Supervisory Special Agent J.P. McDonald directs the lab, which has been involved in some of the highest-profile local investigations of recent years, including the 2007 Fort Dix attack plot, the manhunt for the Coatesville arsonists, the case of former State Sen. Vincent J. Fumo, and the 2007-08 "Bonnie and Clyde" case of Jocelyn Kirsch and Edward Anderton, now in prison for fraud and identity theft.
"You can track the growth of cyberforensics along the same timeline as computers," McDonald says. "The FBI's program began in 1999, and, as of the mid-2000s, cyberevidence now has recognition and a firm track record in courts."
The lab is a techie's paradise, with gadgets and screens galore, racks of digital evidence sealed in antistatic wrap, sophisticated hard-drive readers, radiofrequency-shielded spaces, and kiosks for quick analysis of cell phones and thumb drives. "The majority of what we do," McDonald says, "is analysis of what's in a machine, how it got there, and then making a timeline of the history of what got there when."
"People's electronic devices are really an extension of their thoughts," says Philadelphia Police Lt. Edward Monaghan, deputy director of the lab. "If you're into NASCAR, you're likely to have NASCAR stuff in your computer. Thugs who are into drugs and money like to have their pictures taken with drugs, guns, and money. It sounds dumb, but they love it. That's what cyberevidence is all about."
The FBI's Herrick is resigned to a long battle: "There's probably some high school kid someplace in the Midwest - or maybe Europe or Asia someplace - who's cooking up something nobody's ever seen before. You really have to stay on your game with these guys."

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">An army of techies waging war on spam"https://www.voiceofgreyhat.com/2011/05/army-of-techies-waging-war-on-spam.html</a>

19 Million+ UK Households Being Used As Cyber Weapon (Botnets)

You are also a cyber criminal. Don't get panic, we are sorry to say this for that is truth. An exclusive report is saying that more than a million households of UK is either used or misused as cyber weapons meainly Botnets.

Dutch researchers investigating ways to curtail the hijacking of domestic computers for criminal use, found that more than one million UK households’ PCs are linked to criminal networks known as ‘botnets’, which are groups of Internet-connected computers that have been compromised by a third party and put to malicious use. With around 6% of the UK’s 19m Internet households thought to be part of a botnet, this helps criminals spread spam around the Web more effectively, whilst it can also be used to attack websites and even garner bank details from the unsuspecting public.

The data was gathered from a number of different sources, though most emanated from what is known as ‘spam traps’, which are fake email addresses set up for the sole purpose of receiving junk mail. It’s thought that more than 90% of spam is sent through botnets, and it’s the Internet addresses on these botnets which are a good indicator of where the so-called ‘drone’ machines are located. The researchers then used the IP addresses of the machines that were sending the spam, and traced each one to an Internet Service Provider (ISP). And feeding into this was data about the Conficker botnet, which is thought to be one of the biggest examples of such a network, and incident reports from a computer security company called DShield. The UK figure is placed at number 19 in the top 20 nations with the biggest botnet problem, but it’s roughly in-line with the global average which sits at around 5-10% of domestic computers that are thought to be linked to botnets. Greece and Israel were way out on top, though, with around a fifth of all broadband subscribers thought to be unwittingly recruited into botnets. 

It goes without saying that the biggest ISPs have the biggest botnet problem. It has been figured out that the level of spam on BT’s network peaked at the end of July 2010, at which point more than 30m junk email messages were being sent each week.  

Here is a Statistic:- 

The good news, however, is that these figures have fallen sharply since then with a number of anti-cyber crime groups helping to bring down some of the biggest botnets. One takedown earlier this year saw spam fall massively overnight, when just an entire network, called Rustock, stopped sending junk.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">19 Million+ UK Households Being Used As Cyber Weapon (Botnets)"https://www.voiceofgreyhat.com/2011/12/19-million-uk-households-being-used-as.html</a>

Cyber crime gets more personalised

Rajesh, a Bangalore-based software engineer received an e-mail from the Income Tax department saying that the department had reviewed his ‘tax fiscal payments’ for previous months and his ‘returns filed online’, and that he is eligible for a tax refund of Rs 40,135.50. However, what made him curious was the fact that he did not file his IT returns online.
The e-mail also contained a link for further details. He wasn’t convinced and checked the address of the sender; the id was same as that of the I-T department. However, when he clicked on the link he sensed he was the target of a cyber attack.
“I clicked the link, but when I saw some Brazilian ads on the website I got suspicious. Luckily, I didn’t reveal any important information,” says Rajesh.
Rajesh is one of the many tax payers in the country, who are facing such attacks at the beginning of the new financial just at the time of filing I-T returns. According to security experts, cyber criminals with an intention of stealing money and other personal information of netizens are becoming increasingly active. These perpetrators closely monitor netizens’ day to day activities on the Web and plan attacks. “Today’s phishing sites and spam e-mails are sophisticated enough to look identical to a legitimate e-mail and can easily betray you,” said a security expert.
A recent study by security solutions provider Websense says that 93 per cent of emails are spam. Of these, 2.5 per cent are phishing attacks. Another trend emerging is the attack based on search words. The search terms and trends vary based on the geography and seasons. For example, the subject lines of the recent spam mails and phising mails were Egypt revolution, Libyan unrest, and Japan tsunami among others.
Vinoo Thomas, technical product manager, McAfee Labs says: “Spammers and cyber criminals track most searched words and plan an attack accordingly. Earlier, the attacks were based depending upon festive seasons and other occasions, but now they are targeted at the individual level.”
As social media platforms such as twitter, Facebook and Orkut are gaining more acceptance, criminals also track these social networks and gather an individual’s personal information. Spear phishing is a more targeted and dangerous form of phishing attack. The e-mails are targeted at a particular user; the spear phisher thrives on familiarity by knowing the name, email address, etc.
“Criminals follow you on social networks, which gives them details about your location and background. This helps them reach you and send you spam mails,” said Anand Naik, Director, Systems Engineering, Symantec.
These days spam mails also originate with links of malicious sites, and on clicking them malicious content or codes are downloaded to the system. Spammers use URL shortening services to direct users to malicious links without their knowledge.
According to a data from Symantec, in March this year, 83.1 per cent of global spam was sent from botnets. Botnets have been and remain a destructive resource for cyber criminals. In addition to anonymous spam-sending, many botnets can be used for a number of other purposes, such as launching distributed denial of service attacks, hosting illegal website content on infected computers and installing spyware to track the activities of the users.
The study also said that India is among the top three countries for both infections for the five biggest spam-sending botnets — Rustock, Bagle, Festi, Cutwail and Lethic.

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">Cyber crime gets more personalised"https://www.voiceofgreyhat.com/2011/04/cyber-crime-gets-more-personalised.html</a>

C&C Servers of World's Third Largest Spam Botnet "Grum" Been Knocked Down

C&C Servers of World's Third Largest Spam Botnet "Grum" Been Knocked Down

Researcher get another big success by taking down two of the command and control(C&C) servers belong to  the world's largest spam botnet named "Grum". Though  this is not complete victory, as there are still two other C&C servers are currently working actively, but researchers are very much optimistic that the volume of spam will drop this take down. 

Atif Mushtaq, senior staff scientist at security firm FireEye, said in a blog post that the botnet known as Grum drew its last dying breath on Wednesday, after six servers in Ukraine and one in Russia were shut down. In a tense faceoff with whitehats, the botnet operators had deployed those servers following the disconnection earlier this week of separate servers in the Netherlands and Panama. Faced with the threat of losing a 100,000-computer network that generated an estimated 18 billion spam messages a day, the Grum operators were desperately trying to transition to those machines when they stopped working.

"Grum's takedown resulted from the efforts of many individuals," Mushtaq wrote. "This collaboration is sending a strong message to all the spammers: 'Stop sending us spam. We don't need your cheap Viagra or fake Rolex. Do something else, work in a Subway or McDonalds, or sell hotdogs, but don't send us spam." We would also like to give you reminder that, this year Microsoft closed two C&C server of Zeus, another dangerous botnet. Also researcher from different parts of the world have unveiled the mystery of few other botnets like Bredolab, Rustock, Duqu and so on. 

SHARE OUR NEWS DIRECTLY ON SOCIAL NETWORKS:-
<a href=">C&C Servers of World's Third Largest Spam Botnet "Grum" Been Knocked Down"https://www.voiceofgreyhat.com/2012/07/SpamBotnetGrum.html</a>