Microsoft Offers $250K Bounty for Spambot Gang

Dennis Faas's picture

Microsoft is offering a $250,000 reward for information regarding the owners of the Rustock spam botnet, despite the fact the it has already been neutralized.

Rustock at one point infected an estimated one million computers. Those behind it used the network to send as many as 30 million spam messages a day, most commonly selling counterfeit drugs. (Source:

Although the botnet has been brought under control, there's still a threat because its creators remain at large. As a result, Microsoft has issued a bounty.

The reward is $250,000 and will be paid to anyone who provides "new information that results in the identification, arrest and criminal conviction of whoever is responsible for the control of the Rustock bot-net." Information can be e-mailed to avreward[at] and the reward is open to anyone in the world, subject to the prevailing laws in their country. (Source:

Bounty Relates to Both Criminal, Civil Cases

The aim of the bounty is not just to bring the offenders to justice in criminal courts, but also to get the names of those responsible added to civil action taken by Microsoft.

At the moment that action, which made a takedown of Rustock possible, is a "John Doe" case, meaning the names of the defendants can't be identified. Because it was not possible to serve notice on the defendants personally, Microsoft was forced to issue notice of the lawsuit through advertisements in newspapers in Russia, the country that appears most likely to be the current location of those responsible.

A senior Microsoft attorney, Richard Boscovich, said "While the primary goal for our legal and technical operation has been to stop and disrupt the threat that Rustock has posed for everyone affected by it, we also believe the Rustock bot-herders should be held accountable for their actions."

The response to Rustock was one of several examples of a new tactic by legal authorities. It was based on the fact that infected computers in a botnet must contact servers regularly to receive instructions.

Botnet Bosses Make Russian Getaway

In 2008, two Internet providers closed down access to a Californian client, McColo, which offered web hosting.

It turned out this customer base included the command and control servers for many leading botnets, of which Rustock appeared to be the largest. The closure led to a temporary reduction in worldwide spam of around 75 per cent, only for Rustock to regain much of its original strength. Analysis of Internet traffic suggested it was likely the operators had switched to servers in Russia.

Law enforcement officials later successfully applied for court permission to take control of servers known to be part of the network. They then carried out a co-ordinated international takedown in March. That put a temporary halt to the instruction transmissions and allowed time to begin a campaign to identify infected machines and help victims remove the virus before the perpetrators were able to establish new lines of communications.

Microsoft says it's already cut the number of infected machines by half.

Rate this article: 
No votes yet