Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

FireEye: Botnet Busters

From: InfoSec News <alerts () infosecnews org>
Date: Wed, 29 Jun 2011 00:04:31 -0700 (MST)
Forwarded from: Simon Taplin <simon (at) simontaplin.net>

http://www.businessweek.com/magazine/content/11_26/b4234072712001.htm

By Christopher S. Stewart
Businessweek
June 16, 2011
Alex Lanstein stared at the 65-inch computer monitor in the living room of his Boston apartment. Streaming data lit up the screen, the actions of a cyberlord giving orders to his botnet, a zombie army of hijacked computers controlled from an unknown location . It was early in the morning of Mar.16. The 25-year-old cybersecurity analyst had spent months preparing for the events soon to unfold. His reddish hair still matted down from sleep, Lanstein stood up and poured another cup of coffee. Suddenly, the data stream flickering on the monitor became dark, and a smile curled across Lanstein's stubbly face. Operation Rustock had begun.
Lanstein's employer, FireEye, is a Silicon Valley company that defends corporations and governments against targeted malicious software, or malware. FireEye's clients include Fortune 500 companies—Yahoo! (YHOO), EBay (EBAY), and Adobe Systems (ADBE), among them—and members of the U.S. intelligence community. The company had recently shut down some of the highest-profile spam-blasting organizations, winning recognition for imposing order on a generally disordered and unpoliced world.
Now, Lanstein and FireEye were chasing their mightiest target to date, the Web's most sprawling and advanced spam machine, called Rustock—pusher of fake pills, online pharmacies, and Russian stocks, the inspiration for its name. Over the past five years, Rustock had quietly—and illicitly—taken control of over a million computers around the world, directing them to do its bidding. On some days, Rustock generated as many as 44 billion digital come-ons, about 47.5 percent of all the junk e-mails sent, according to Symantec (SYMC), the computer security giant based in Mountain View, Calif. Although those behind Rustock had yet to be identified, profits from it were thought to be in the millions. "The bad guys," is what Lanstein had taken to calling them.
For months, FireEye plotted a counterattack, along with Microsoft (MSFT) and Pfizer (PFE)—Rustock was peddling fake Viagra, as well as sham lotteries stamped with the Microsoft logo. Working from FireEye's intelligence, U.S. Marshals stormed seven Internet data centers across the country, where Rustock had hidden its 96 command servers. Microsoft lawyers and technicians were there, too, along with forensics experts. Another team had been deployed in the Netherlands to destroy two other servers.
The sting was executed flawlessly, with everyone pouncing at once. And yet Rustock somehow fought back. From an unknown location, perhaps in Eastern Europe, the botmaster remotely sneaked back into its spam network, locked out Microsoft's technicians, and began to erase files. Clearly, those behind Rustock didn't want anyone seeing what was inside those hard drives.
After a struggle lasting about half an hour, the technicians finally wrested back control of the server. Lanstein's cell rang. T.J. Campana, senior manager for investigations for Microsoft's Digital Crimes Unit, told him it was over. "The bad guys lost." 

[...]


___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Previous By Date Next
Previous By Thread Next

Current thread: