Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
threatpostBrian DonohueTHREATPOST:7B4CE6FDF03ECA855910F94ADDFACCA9
HistoryJun 02, 2011 - 5:14 p.m.

Rustock Author May Be Former Google Hopeful

2011-06-0217:14:38
Brian Donohue
threatpost.com
9
JSON

BotnetAs Microsoft’s crusade against the Rustock botnet continues, a new article from Brian Krebs claims the formerly prolific botnet’s author may be a self-described mathematician and software engineer who once sought employment from Google.

According to Krebs, who cites court documents filed by the Redmond, Wa.-based software giant, Microsoft is still on the hunt for the man behind the bot, believed to be one Vladimir Alexandrovich Shergin. Shergin’s n ame was connected with an online payment account that was used to rent Rustock control servers, Krebs said.

Another potential Rustock controller operating under the pseudonym “Cosma2k,” which may belong to man named Dmitri A. Sergeev, Artem Sergeev, or Sergey Vladomirovich Sergeev, Krebs reports.

Krebs has been investigating the true identity of “Cosma2k” for almost a year. Using Spamit.com data acquired in August of last year and information from a Web hosting reseller in Eastern Europe who admittedly rented out servers to an apparent Rustock operator, Krebs managed to draw similar connections between “Cosma2k,” a spammit.com affiliate account, and a Vladimir Shergin. He also discovered an email address connected with the “Cosma2k” Spamit.com affiliate account, [email protected]. The ger-mes.com site itself was still active at the time and contained the resume of a man claiming to be a Dmitri A. Sergeev. The resume included a picture of a young man with the following message, “I want to work in Google.”

Krebs claims to have contacted Google back in August of 2010 with this man’s picture and resume. He asked the company whether or not they had ever received Sergeev’s resume and whether or not they ever considered flying the man out to Mountain View, Ca. for an interview. He received no response.

Micosoft, in cooperation with authorities and the firm FireEye, launched a coordinated takedown of the Rustock infrastructure in March. Many of the servers hosting the botnet were found to be located in the U.S. The coordinated action led to a temporary, 40 percent drop in spam volume

JSON