Microsoft finds over 400,000 email addresses on Rustock C&C server

Microsoft investigators have found over 420,000 email addresses on just one hard drive of a botnet command and control (C&C) server in a criminal case it is bringing against the masterminds of the infamous Rustock botnets.

Court documents outlining Microsoft's second ‘status report' reveal that initial forensic analyses were performed on 20 of the defendants' hard drives.

"Initial analysis on one of the drives indicated that the system associated with the drive used an email template and the Bing, Viagra, Vicodin and Valium trademarks," the report noted.

"Additional evidence of the system's role in spam dissemination was also uncovered, including custom-written software relating to the assembly of spam emails and text files containing thousands of email addresses and username/password combinations."

Microsoft's Digital Crimes Unit pulled off something of a coup in March when it succeeded in obtaining a court warrant which enabled it to seize C&C servers in multiple hosting locations, escorted by the US Marshals Service.

The botnet was responsible at one point for sending out more than half of the world's spam and, although volumes have since increased slightly, spam levels fell by a third after the shutdown.

The investigation has also revealed that the alleged Rustock masterminds used stolen credit cards to purchase the domain registry and email services needed to set up and run the botnet through its C&C servers.

In addition, by tracing a Webmoney account used to pay for one of the C&C servers, Microsoft identified one of the alleged suspects as Vladimir Alexandrovich Shergin of Khimki, a city near Moscow.

Microsoft has sent copies of the complaint and court summons to all of the email addresses it has identified and is awaiting a response.