Rustock – a trojan horse that is responsible for one of the largest botnets that ever existed

Rustock is a stealthy backdoor[1] virus that creates users' computers into spam machines. It targeting Windows operating systems and was able to send out as much as 192 spam messages per device per minute, resulting in a staggering amount of infections worldwide – security experts predict that the number may vary from 150,000 to 2,400,000 machines worldwide. The malicious code used TLS[2] encryption in order to hide the presence of malware. The virus operated from 2006 and was finally taken down in 2011 by the what is known to be the Operation b107.
| SUMMARY | |
| Name | Rustock |
|---|---|
| Type | Backdoor trojan |
| Encryption used | TLS |
| First spotted | 2006 |
| Shut down | 2011 |
| Distribution | Malspam, malicious sites |
| Symptoms | Rarely any; users may experience system crashes, slowdown of the PC operation, etc. |
| Detection and elimination | Use FortectIntego or MalwarebytesMalwarebytes |
The backdoor trojan is an extremely stealthy threat which is capable of multiplying itself fast. As soon as Backdoor:Win32/Rustock virus enters the machine, it uses rootkit capabilities and hides its registry entries. Then it seeks the contact with a remote Command & Control server, operated by hackers. Although the parasite does not allow the intruder to control the infected PC, it converts the system to a hidden proxy used for certain malicious purposes.
Users who were infected usually had no idea about it. Thus, Rustock removal was out of the question (that is one of the main reasons why it was able to persist in machines for so long). In some cases, victims could experience the following symptoms:
- High CPU usage
- Program crashes
- Slow internet speed
- Overall sluggish performance of the PC
Because the symptoms, if any, were rather obscure, users usually blamed it on outdated hardware or slow internet, letting the Rustock botnet thrive. Nevertheless, machines that did not have security software installed were extremely vulnerable. Seeing how dangerous trojan horses are, and how difficult it is to detect them, we recommend users to install FortectIntego or MalwarebytesMalwarebytes to keep their machines safe from viruses.
The malware was capable of sending 25,000 spam emails per hour from an infected machine. 40% of global spam traffic was connected to the Rustock botnet. Therefore, US authorities, Microsoft, and other reputable organizations collaborated on what was then called Operation b107 and took it down[3] in 2011. Hackers operated Ninety-six Command & Control servers at the time of the takedown.
The culprits behind the infamous botnet were never caught, although forensic experts pointed at Eastern Europe. Although highly unlikely, cybercriminals might still focus on DDoS or other similar attacks. Nevertheless, in case of the malware returns, users should remove Rustock backdoor using reputable security software.

Malware distribution methods
Initial phishing emails sent by cybercrooks have most likely been done using spam bots. Although there are technologies available to prevent the malware to infiltrate computers (such as built-in scanner used by email providers, or security software installed on the user's PC), there is no fail-proof method. Nevertheless, it is possible to decrease the probability of such unfortunate events happening.
First of all, users should install security software – it is always the best practice to protect yourself from malware. Additionally, opening spam emails is never a good idea. The problem is that some phishing emails may look extremely believable, and many victims can fall for the trick. Thus, check for the “From” address, look for spelling/grammar mistakes, and if the email seems suspicious, DO NOT open any attachments (especially those which ask the macro function to be enabled for MS Office documents) or click on hyperlinks inside.
Way to remove dangerous Rustock malware
If are unlucky enough and got infected with the cyberthreat, there is a way to remove Rustock virus from your computer. Users should never rely on doing it manually, as it is almost impossible. Only well-trained IT professionals can execute such uneasy task.
For regular users, however, security researchers[4] recommend using security software for Rustock removal. FortectIntego, SpyHunterCombo Cleaner or MalwarebytesMalwarebytes is an excellent choice, although you can pick any other reputable anti-malware program. Just make sure that it is up to date, as the virus databases are updated continually.
Was this guide helpful?
Be the first to comment