Microsoft Offers $250K Bounty for Rustock Author

Microsoft Offers $250K Bounty for Rustock Author – Krebs on Security

Microsoft said today that it is offering a $250,000 reward for new information leading to the arrest and conviction of the individual(s) responsible for the Rustock botnet, a now-defunct crime machine that was once responsible for sending 40 percent of all junk email.

The bounty is the software giant’s latest salvo in its war on Rustock; Microsoft secured a major victory in March, when it worked with ISPs and security firms to launch a successful sneak attack against the botnet, knocking out its support infrastructure. Richard Boscovich, senior attorney for Microsoft’s digital crimes unit, said that although spam from Rustock-infected PCs has ceased, there are still hundreds of thousands of infected computers around the world to be cleaned of the botnet malware.

“This reward offer stems from Microsoft’s recognition that the Rustock botnet is responsible for a number of criminal activities and serves to underscore our commitment to tracking down those behind it,” Boscovich wrote in a post on the official Microsoft blog. “While the primary goal for our legal and technical operation has been to stop and disrupt the threat that Rustock has posed for everyone affected by it, we also believe the Rustock bot-herders should be held accountable for their actions.”

Microsoft recently ran advertisements in major newspapers in Moscow and St. Petersburg, as part of a deal the company struck with a U.S. court to help dismantle Rustock; the court granted Microsoft dominion over the Rustock control servers and domains as long as the company made a “good faith” effort to notify the unidentified owners.

This is the fourth reward of $250,000 that Microsoft has offered in its anti-virus reward program. It has paid a reward only once: For information leading to the arrest and conviction of the author of the Sasser worm. The person who provided the tip in that case was a classmate of the Sasser worm author.

The catch with Microsoft’s offer is that they are soliciting offers of “new” information on the Rustock author(s). My own follow-the-money sleuthing on the individual who paid for the hosting that supported the Rustock control servers traced back to a very specific person — a Russian man that Microsoft later named in its public filings with the court. Prior to their publication of that information, I had shared with Microsoft everything I’d uncovered; the company claimed at the time that it had already obtained the same information on its own.