Microsoft pursues botnet herders via Russian newspapers

LONDON — Microsoft Corp. has placed quarter-page notifications in two Russian newspapers, a legal formality required as part of its ongoing lawsuit in the U.S. against operators of Rustock, a defunct botnet used to send prolific amounts of pharmaceutical spam.

The advertisements serve to notify unnamed defendants in the legal suit and give them an opportunity to make their case, although it is extremely unlikely that anyone associated with Rustock would step forward. Microsoft believes Rustock’s operators are located in Russia.

After being granted a seizure order by a court in March, law enforcement raided hosting providers in the U.S. that had infrastructure supporting Rustock. In tandem, Microsoft filed a lawsuit in U.S. District Court for the Western District of Washington against 11 unnamed defendants whom they are still trying to identify.

The advertisements will run for 30 days in the Delovoy Petersburg newspaper, located in St. Petersburg, and in The Moscow News, a daily newspaper, wrote Richard Boscovich, a senior attorney with Microsoft’s Digital Crimes Unit.

“Although history suggests that the people associated with the IP (Internet protocol) addresses and domain names connected with the Rustock botnet are unlikely to come forward in response to a court summons, we hope the defendants in this case will present themselves,” Boscovich wrote. “If they do not, however, we will continue to pursue this case, including possibly within the Russian judicial system, if necessary.”

Microsoft has continued to post case documents on It has also sent documents to the postal addresses and e-mail addresses that the defendants used to sign up for IP addresses and domains, Boscovich wrote.

No one has been prosecuted yet for running Rustock. But Boscovich wrote that Rustock remains nonfunctional, and the numbers of computers infected with its code continue to fall.

“Our technical countermeasures have worked effectively to prevent the bot’s self-defense mechanisms from reanimating it,” he wrote.

According to the latest status report filed in the case on May 23, Microsoft has served subpoenas to domain name registrars and e-mail providers with the intent to uncover real names. Microsoft is still waiting for a response to those subpoenas, the report said.

But the company has identified a Webmoney account that was used to fund some of Rustock’s command-and-control infrastructure. The owner of the account was identified as Vladimir Alexandrovich Shergin of Khimki, a city near Moscow. Microsoft is trying to determine if that information is accurate.

Company investigators are also looking into an individual who went by the nickname “Cosma2k,” according to the status report. The person is also believed to have signed up for equipment used for command-and-control servers. Cosma2k also used the names Dmitri A. Sergeev, Artem Sergeev and Sergey Vladomirovich Sergeev, the report said.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now