Microsoft will press a Washington District Court for permission to crack open the servers it seized in raids on the Rustock botnet's control centres.
The Redmond company will make the request after the operators of the now decapitated spam giant failed to show up at court last week.
“As expected, given the nature of the case, the defendants did not appear in court yesterday, meaning that the case will go on,” said Microsoft Digital Crimes Unit senior attorney, Richard Bozcovich, last Thursday.
The hearing formed part of Microsoft's legal strategy which allowed it to sieze the botnet's hardware without informing them of its intentions. Bozcovich said the element of surprise was necessary to thwart an attempt by the botnet operarors to move its domains and IP addresses, which would have put it "back to square one".
“We will now move the court to allow us due discovery of the evidence gathered from the seizures, including dozens of server hard drives, to learn what we can about the identity of those behind Rustock.”
The botnet remained inactive, but Microsoft still fears that the million odd Rustock-infected Windows machines could still be wrangled by the unknown operators.
Within the first week of its seizure, 1.7 million unique IP addresses reached out for routine instructions from Rustock’s controllers, Bozcovich said.
“Unfortunately, as long as a computer is infected with Rustock malware, it remains at risk for being under the control of a botherder – whether that’s via other botnet malware on the computer or the potential that the Rustock botherders regain control of the botnet for whatever reason."
Copyright © iTnews.com.au . All rights reserved.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.