[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] FireEye: Botnet Busters
From: InfoSec News <alerts () infosecnews ! org>
Date: 2011-06-29 7:04:31
Message-ID: alpine.DEB.2.02.1106290004130.22046 () infosecnews ! org
[Download RAW message or body]
Forwarded from: Simon Taplin <simon (at) simontaplin.net>
http://www.businessweek.com/magazine/content/11_26/b4234072712001.htm
By Christopher S. Stewart
Businessweek
June 16, 2011
Alex Lanstein stared at the 65-inch computer monitor in the living room of his
Boston apartment. Streaming data lit up the screen, the actions of a cyberlord
giving orders to his botnet, a zombie army of hijacked computers controlled
from an unknown location . It was early in the morning of Mar.16. The
25-year-old cybersecurity analyst had spent months preparing for the events
soon to unfold. His reddish hair still matted down from sleep, Lanstein stood
up and poured another cup of coffee. Suddenly, the data stream flickering on
the monitor became dark, and a smile curled across Lanstein's stubbly face.
Operation Rustock had begun.
Lanstein's employer, FireEye, is a Silicon Valley company that defends
corporations and governments against targeted malicious software, or malware.
FireEye's clients include Fortune 500 companies—Yahoo! (YHOO), EBay (EBAY), and
Adobe Systems (ADBE), among them—and members of the U.S. intelligence
community. The company had recently shut down some of the highest-profile
spam-blasting organizations, winning recognition for imposing order on a
generally disordered and unpoliced world.
Now, Lanstein and FireEye were chasing their mightiest target to date, the
Web's most sprawling and advanced spam machine, called Rustock—pusher of fake
pills, online pharmacies, and Russian stocks, the inspiration for its name.
Over the past five years, Rustock had quietly—and illicitly—taken control of
over a million computers around the world, directing them to do its bidding. On
some days, Rustock generated as many as 44 billion digital come-ons, about 47.5
percent of all the junk e-mails sent, according to Symantec (SYMC), the
computer security giant based in Mountain View, Calif. Although those behind
Rustock had yet to be identified, profits from it were thought to be in the
millions. "The bad guys," is what Lanstein had taken to calling them.
For months, FireEye plotted a counterattack, along with Microsoft (MSFT) and
Pfizer (PFE)—Rustock was peddling fake Viagra, as well as sham lotteries
stamped with the Microsoft logo. Working from FireEye's intelligence, U.S.
Marshals stormed seven Internet data centers across the country, where Rustock
had hidden its 96 command servers. Microsoft lawyers and technicians were
there, too, along with forensics experts. Another team had been deployed in the
Netherlands to destroy two other servers.
The sting was executed flawlessly, with everyone pouncing at once. And yet
Rustock somehow fought back. From an unknown location, perhaps in Eastern
Europe, the botmaster remotely sneaked back into its spam network, locked out
Microsoft's technicians, and began to erase files. Clearly, those behind
Rustock didn't want anyone seeing what was inside those hard drives.
After a struggle lasting about half an hour, the technicians finally wrested
back control of the server. Lanstein's cell rang. T.J. Campana, senior manager
for investigations for Microsoft's Digital Crimes Unit, told him it was over.
"The bad guys lost."
[...]
___________________________________________________________
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic