Anatomy of the Rustock Botnet

Portal Home > Knowledgebase > Articles Database > Anatomy of the Rustock Botnet

Posted by TechniSmart, 04-07-2011, 09:01 AM
I came across this http://krebsonsecurity.com/2011/03/m...k-controllers/ a very interesting pre-hearing analysis of some of the investigation that took place on this case Microsoft has launched against JOHN DOES. Microsoft has set up a site for service of their legal documents so the John Does are aware of it. http://noticeofpleadings.com As hosts what can we learn from this case? I would love to hear comments.
Posted by Shayan|Evolucix, 04-07-2011, 04:02 PM
As far as anatomical structure goes, the Rustock Botnet isn't/wasn't anything special in the way of other botnets. Effectively, it just happened to be much more stable than other bots currently out there. As a result, the control function of the botnet had to be split up into multiple facettes due to the expansive nature of the spread. In all honesty, there's not a whole lot you can do as a host but make sure your software is 100% up to date. If there's an exploit available for the software you're running, you can almost bet that it will be exploited at some point. And of course, sometimes there's absolutely nothing you can do. You may be the unlucky soul who gets hit by an unreleased 0day before a software update is made available. Ultimately, if you're paranoid, you could monitor all network connections in and out of your nodes, but for a large host, that's impractical. Past that, there's really not a whole lot more we can do as hosts.
Posted by servermanaged, 04-08-2011, 11:24 AM
As hosting company you can learn that you have to pay much attention to network traffic beloging to your company.Seems that Wholesale Internet, that have hosted Rustock's C&C servers has been completely unaware about was happening in its network.