Insecurity experts working for Microsoft have found hundreds of thousands of compromised e-mail addresses stored in the servers seized as part of the Rustock takedown.
More than 400,000 e-mail addresses from one hard drive have been found. The Rustock gang also nicked credit card numbers.
Volish boffins told the US District Court for the Western District of Washington that they had found “additional evidence” that the seized servers had been part of the botnet’s “spam-dissemination.”
Microsoft said that the hard drives contained custom software that assembled spam messages and text files.
The files had thousands of email addresses and username and password combinations. There is evidence that criminals had used stolen credit card numbers to buy hosting and e-mail services.
According to Eweek, one text file contained more than 427,000 e-mail addresses.
It also found proof that the Rustock owners were based in Russia. Besides the name, which we would have thought was a giveaway, payments for some of the hosting services were traced to a specific Webmoney account.
Webmoney helped Vole trace the account back to a Vladimir Alexandrovich Shergin from Khimki which is near Moscow.
Microsoft said that it is still snooping to find out if the name and contact information are authentic, whether this is a stolen identity and “whether this person is associated with the events in this action,” the company said.
Finding the source of the botnet is a bit of an adventure.
Most of the 20 drives seized in the raid had been used as Tor nodes to anonymise Internet traffic so finding out anything about them proved tricky.