Though Rustock remains down for the count, according to Microsoft, the hunt goes on for the creators of the infamous botnet.
Rustock was taken down this past March by Microsoft and law enforcement officials who used a combination of legal maneuvers and raids to seize control of the servers that ran the notorious spamming network. Since then, Rustock has remained "dead and decaying," said Richard Boscovich, senior attorney for Microsoft Digital Crimes Unit, in a blog published yesterday.
But taking down the network itself is only half the battle in keeping botnets like Rustock offline. Tracking down the culprits who devise such botnets is the other half.
Based on work done through the Digital Crimes Unit, the company believes the creators of Rustock either operated or are still operating out of Russia. As a result, Microsoft is actively pursuing the perpetrators through a series of actions through the Russian press and legal system.
As the first legal step required, the company has placed ads in two large Russian newspapers aimed at the owners of the IP addresses and domain names that were shut off when Rustock was taken down. The ads, which will run for 30 days, inform the owners of the date and time of legal hearings on the matter and where they can appear to defend themselves.
Microsoft has also sent notices of the complaint and court orders to the mailing and e-mail addresses of the defendants who owned the IP addresses and domains used to control Rustock. Though it's unlikely the actual criminals will appear in court, Microsoft said it still plans to pursue the case within the Russian legal system.
Microsoft said that it has seen a drop in the number of PCs infected by Rustock as more users remove the malware.
A report from Symantec found that spam levels overall did fall more than 30 percent after the botnet was taken down. McAfee's Threats Report (PDF) for the first quarter also noted a "significant reduction in spam" since the death of Rustock, although as always, there are other botnets waiting in the wings to take its place.