Microsoft to crack open Rustock's servers

Microsoft will press a Washington District Court for permission to crack open the servers it seized in raids on the Rustock botnet's control centres. 

The Redmond company will make the request after the operators of the now decapitated spam giant failed to show up at court last week.

“As expected, given the nature of the case, the defendants did not appear in court yesterday, meaning that the case will go on,” said Microsoft Digital Crimes Unit senior attorney, Richard Bozcovich, last Thursday.

The hearing formed part of Microsoft's legal strategy which allowed it to sieze the botnet's hardware without informing them of its intentions. Bozcovich said the element of surprise was necessary to thwart an attempt by the botnet operarors to move its domains and IP addresses, which would have put it "back to square one".   

“We will now move the court to allow us due discovery of the evidence gathered from the seizures, including dozens of server hard drives, to learn what we can about the identity of those behind Rustock.”

The botnet remained inactive, but Microsoft still fears that the million odd Rustock-infected Windows machines could still be wrangled by the unknown operators. 

Within the first week of its seizure, 1.7 million unique IP addresses reached out for routine instructions from Rustock’s controllers, Bozcovich said.  

“Unfortunately, as long as a computer is infected with Rustock malware, it remains at risk for being under the control of a botherder – whether that’s via other botnet malware on the computer or the potential that the Rustock botherders regain control of the botnet for whatever reason."