Microsoft names Rustock botnet leader suspects

One hoped to work for Google.

Microsoft has named two key suspects in its second status report on the investigation into who was behind one of the world's largest botnets, Rustock. 

Records held by Russian money transfer company Webmoney revealed that Rustock’s command and control servers were paid for by a person identified as Vladimir Alexandrovich Shergin, according to Microsoft’s report published on noticeofpleadings.com.

Microsoft also named another suspect who operated under the handle “Cosma2k”, and was associated with the names Dmitri A. Sergeev, Artem Sergeev and Sergey Vladimirovich Sergeev.

Security blogger Brian Krebs traced Cosma2k’s website to Russian domain ger-mes.ru, which included a resume for one of the aliases identified by Microsoft, “Sergeev, Dmitri A.” (pictured).

The resume contained the header “I want to work in Google” and ended hopefully, “Waiting for your job”. 

Microsoft's efforts to summons the suspects had so far failed, despite attempts via the web, by email, and through its website noticeofpleadings.com. 

Over the next week it also expects to have placed legal notices in newspapers in Moscow and St Petersberg.

A Washington District Court in April gave Microsoft permission to search the botnet infrastructure that was seized in March. 

Authorities and Microsoft gained special permission to seize the equipment from several hosts in the US even though they had been unable to identifty or notify its owners. 

The botnet was capable of sending a billion emails per day and was known for pharmacuetical spam, according to Microsoft.