In its next legal step, the software giant will publish information on the suspected masterminds behind the Rustock botnet. Microsoft plans to take its next step against the operators of the Rustock botnet in coming weeks, revealing information about cybercriminals’ identities.In March, federal marshals and a third-party forensics firm served legal court orders to hosting providers in seven U.S. cities, allowing them to seize the computers suspected of managing and controlling the Rustock botnet. Since the March takedown, the investigators have analyzed the hard drives for information identifying the operators of the criminal network.Also see: “The Botnet Hunters“We are close to “filing a certain notice, which is a requirement of U.S. law, for the people that we believe are involved in Rustock, that there will be a hearing and that they should be present,” said Richard Boscovich, senior attorney for Microsoft’s Digital Crimes Unit. “Obviously, we don’t expect anybody to go, but it is a constitutional requirement under U.S. law.” The takedown of the Rustock botnet is the latest attack on cybercriminals under the auspices of Microsoft’s Active Response for Security (MARS) program, which tasks the software giant’s legal and technical teams to create a framework with which to combat cybercrime.The takedown caused spam to drop by a third, but also left surviving botnets jockeying to absorb the demand for spam services. The latest move by Microsoft is part of the requirement of the special court order allowing the company to arrange the takedown of the botnet servers without first notifying the owners. Known as an ex parte temporary restraining order (TRO), the judgement also requires the company to attempt to notify the owners of the botnet. As such, the company will publish legal statements in two newspapers in the country in which the company believes the bot operators reside, Boscovich said.“Microsoft must now make a good faith effort to contact the domain and server owners notifying them of the severance as well as the date, time and location of the hearing where they will have an opportunity to make their case,” Boscovich said.Microsoft did not discuss to what extent the company’s researchers had been able to identify the operators. The hard drives could very likely have recorded the Internet addresses of the operators’ computer systems. Yet, attribution is a thorny problem on the Internet, says Mark Rasch, a former cybercrime prosecutor and director of cybersecurity and privacy consulting at CSC.Also see the interactive graphic “What a Botnet Looks Like““You can bet that they have done a lot of formal forensics, so they have a pretty good idea that this is the last step in turning IP addresses into actual identities,” Rasch says. “But they could be wrong. They could have traced it back eleven steps out of 15.” Related content news Is China waging a cyber war with Taiwan? Nation-state hacking groups based in China have sharply ramped up cyberattacks against Taiwan this year, according to multiple reports. By Gagandeep Kaur Dec 01, 2023 4 mins Cyberattacks Government news Apple patches info-stealing, zero day bugs in iPads and Macs The vulnerabilities that can allow the leaking of sensitive information and enable arbitrary code execution have had exploitations in the wild. By Shweta Sharma Dec 01, 2023 3 mins Zero-day vulnerability feature The CSO guide to top security conferences Tracking postponements, cancellations, and conferences gone virtual — CSO Online’s calendar of upcoming security conferences makes it easy to find the events that matter the most to you. By CSO Staff Dec 01, 2023 6 mins Technology Industry IT Skills Events news Conti-linked ransomware takes in $107 million in ransoms: Report A ransomware campaign linked to the ostensibly defunct Conti malware group has targeted mostly US businesses, in a costly series of attacks. By Jon Gold Nov 30, 2023 4 mins Ransomware Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe