原文:Rustock network offline, cleanup continues msft-mmpc
5 Jul 2011 7:54 AM
In an effort to continue raising awareness about the Rustock botnet that was successfully taken down on March 16th, the Microsoft Digital Crimes Unit (DCU), the Microsoft Malware Protection Center (MMPC) and Trustworthy Computing released a new Special Edition Security Intelligence Report (SIR) today titled " Battling the Rustock Threat". Our telemetry indicates that the bot network is now less than half the size it was prior to being taken offline. However, although our global detection results show a sharp decline in Rustock-related activity, we are still working with our partners to clean the remaining, infected machines of this threat. There are still infected machines out there, orphaned from the now-offline Win32/Rustock command and control infrastructure - and the malware authors are still at large. However, through our partnerships with CERTs and ISPs worldwide, we're making strides to identify and remove the Rustock threat from these orphaned systems and have had considerable success in the early parts of this work.
翻译:
继续清理脱机 Rustock 网络
为了继续提高对3 月 16 日成功拿下的Rustock僵尸网络的认识,微软数字犯罪单位(DCU)、Microsoft 恶意软件保护中心(MMPC) 和可信赖计算机机构今天新公布了 标题为"作战 Rustock 威胁"的Rustock 僵尸网络特别版安全情报报告 (SIR)。我们的遥测指示僵尸网络现在是它在已经脱机之前的一半大小。不过,虽然我们全球的检测结果显示与 Rustock相关的活动在急剧下降,但是我们仍然正与我们的合作伙伴清除剩余的受这种威胁感染的机器。现在仍有受感染的机器,从现在脱机的Win32/Rustock命令中孤立出来并控制基础设施,而且恶意软件作者仍然在逃。但是,我们通过证书及与世界各地的供货商合作,我们正在努力确定和从这些孤立的系统中删除 Rustock 威胁,并在这项工作的最初阶段取得了相当大的成功。
本报告概述了Win32/Rustock家族的 rootkit 启用后门特洛伊木马程序的功能以及它如何工作。它还显示了直接关闭操作的影响。ISR还验证了我们一直相信的东西:被 Rustock 感染的计算机也是很有可能被其他恶意软件感染。例如,DCU 和 MMPC 进行实验,他们用Win32/Harnig(这是已知能与 Rustock一起感染感染计算机恶意软件)来感染电脑,以查看哪些其他恶意软件一并安装在了这台电脑。在安装后五分钟内,各种其他恶意软件和潜在有害的软件已经下载并安装到感染病毒的计算机中 ,并且许多这种威胁都是自己设计的来最终下载更多的恶意软件。ISR也从运作的法律和执法方面的详细信息方面提供许多以前没有透露具体的有关我们如何打败 Rustock细节。
| 
发表于 2011-7-6 13:38:25
楼主
发表于 2011-7-6 16:57:32
