RustockL was a botnet that consisted of infected Windows machines around the world.
At its peak, the botnet was capable of pushing out a staggering 30 billion spam messages each day. The botnet comprised of about 1 million infected PCs around the world.
Computers were hijacked when their users visited crafted malicious websites. Updates were pushed out regularly using custom written encryption. Updates were disguised to look like genuine discussion forum messages to evade detection by security firms scouring the web.
Unlike other botnets, the command and control servers for Rustock were found to be located in the United States. Investigators estimated that it would have cost about $10,000 per month for the hosting required to keep a grip on the widespread botnet.
Raids that took down the command and control servers resulted from investigative work done by Microsoft, security firm FireEye, and pharmaceutical company Pfizer.
Ninety six command and control servers in total were seized in March 2011. After the actions, there was a considerable reduction in the amount of spam messages being delivered to people around the world.
Investigators are looking for the individuals who were in control of the botnet, using hard drives from the seizures to hunt for clues. It is thought that a small team of about three individuals was responsible for the botnet, which would have brought them considerable financial rewards.