Microsoft offers $250,000 bounty for Rustock operators
by Steve Ragan - Jul 19 2011, 07:55Microsoft has put a hit out on the operators of the Rustock botnet, to the tune of $250,000 USD. It hopes the huge chunk of change will encourage people that might know Rustock’s controllers to snitch them out for a payday. Running at full steam, Rustock could push some 30 billion junk email messages per day.
“In order to determine the identities of the John Doe defendants principally responsible for the control of the Rustock bot-net, Microsoft Corporation is offering a $250,000.00 dollar reward (USD) for any new information that results in the identification, arrest and criminal conviction of whoever is responsible for the control of the Rustock bot-net,” reads the announcement on noticeofpleadings.com.
This isn’t the first time Microsoft has made such an offer, and no one is sure if it will work. The last time Redmond announced a large monetary reward for information leading to an arrest and prosecution was in 2009.
At the time, the software giant wanted to find the person(s) responsible for the creation and spread of Conficker. Before that, it offered rewards for information on the creators of the Blaster and Sasser worms. The Rustock offer marks the fourth time money from a $5 million USD fund, which was established by Microsoft eight years ago, has been used to gain information.
Of the previous three offers, only one payout has actually occurred. Sven Jaschan was given probation (he was a minor), and a school friend collected the reward for turning him in as the creator of Sasser. German media, covering the local arrest and reward collection, speculated that Jaschan’s friend was actually in on the Malware creation, but no charges were brought against him.
“This reward offer stems from Microsoft’s recognition that the Rustock botnet is responsible for a number of criminal activities and serves to underscore our commitment to tracking down those behind it. While the primary goal for our legal and technical operation has been to stop and disrupt the threat that Rustock has posed for everyone affected by it, we also believe the Rustock bot-herders should be held accountable for their actions,” wrote Richard Boscovich, the Senior Attorney for Microsoft’s Digital Crimes Unit, on the company blog.
Microsoft is looking to gather information on 11 people, but the maximum amount eligible for reward is $250,000 USD, Boscovich explained. Anyone with information on the Rustock botnet or its operators should contact Microsoft at: avreward@microsoft.com.
The key to collecting the reward centers on new information. Microsoft has stated that it has collected a vast amount of data since shutting Rustock down. So unless someone has direct access to one of the 11 'John Doe' defendants named in the civil suit, it’s unlikely there will be a substantial payout anytime soon.
Comment on this Story