Microsoft offers $250,000 Rustock botnet bounty

The company has offered a bounty for information leading to the arrest and conviction of the controllers of the Rustock botnet

Microsoft has put up a quarter of a million dollars in an attempt to catch the controllers of the Rustock spamming botnet.

Microsoft offered the $250,000 (£155,000) bounty for information leading to the arrest and criminal conviction of botnet controllers on Monday.

"While the primary goal for our legal and technical operation has been to stop and disrupt the threat that Rustock has posed for everyone affected by it, we also believe the Rustock bot herders should be held accountable for their actions," Richard Boscovich, senior attorney in the Microsoft Digital Crimes Unit, said in a blog post.

Microsoft published two notices in Russian newspapers in June notifying the Rustock administrators of civil action.

Microsoft said it had taken down the Rustock botnet following legal action and raids targeting the botnet's command and control servers in March. This action had disrupted the operations of the botnet, said the company, although hundreds of thousands of computers around the world remain infected with the botnet malware.

The action against Rustock has had an impact on the volume of spam coming from the botnet, antispam organisation Spamhaus told ZDNet UK on Tuesday.

Microsoft has made a fairly significant dent in Rustock.

– Richard Cox, Spamhaus

"Microsoft has made a fairly significant dent in Rustock," Spamhaus chief information officer Richard Cox said. Nevertheless, the problem of spam can only be solved completely by focusing on the effects of the botnet, or by arresting its operators, said Cox.

Rustock was one of the most prolific spam-sending botnets before its takedown, sending around 30 million spam emails per day. There are larger botnets in terms of number of bots, including TDL4, Bredolab, and Conficker.

Microsoft has offered and paid bounties on malware authors and propagators in the past. In February 2009, the company offered $250,000 for the arrest and conviction of those responsible for launching Conficker. In July 2005 it paid two informers $250,000 for help in finding the originator of the Sasser Worm.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.