US marshals accompanied employees of Microsoft's digital crimes unit into Internet hosting facilities in Kansas City, Scranton, Denver, Dallas, Chicago, Seattle, and Columbus. The Microsoft officials had a federal court order granting them permission to seize command-and-control computers within the facilities alleged to be owned by the operators of the Rustock botnet, which accounted for nearly half of all spam at the end of last year.
Redmond says it confiscated dozens of hard drives and a handful of computers from the hosting providers as part of the raid. Microsoft officials said they had to seize actual computer equipment connected to the botnet because the masterminds behind Rustock designed their infected computers to receive instructions from IP addresses tied to specific command-and-control machines.
"Spam is annoying and it can advertise potentially dangerous or illegal products," a Microsoft spokesperson said in a statement. "It is also significant as a symptom of greater threats to Internet health. Although Rustock's primary use appears to have been to send spam, it's important to note that a large botnet can be used for almost any cybercrime a bot-herder can dream up. Botnets are powerful and, with a simple command, can be switched from a spambot to a password thief or DDOS attacker."
Botnets are created when malware infects hundreds or thousands of computers in a way to allow criminals to control them for distributing enormous volumes of spam. Infected computers are typically owned by people who have no idea their machines are being used by outsiders to send spam. Because Windows is on the majority of computers, the most effective malware specifically exploits vulnerabilities in Microsoft's operating system for PCs.
As a result, Microsoft has become more and more involved in legal actions against any form of mass malware that harms its products and reputation. Spam taxes the servers of its Windows Live Hotmail service, and impacts the Internet experience of Windows users.