Microsoft finds 427K email addresses on knocked-out Rustock server
Microsoft investigators uncovered a cache of more than 400,000 email addresses on one hard drive it seized in March when it led an organized takedown of the Rustock botnet, according to court documents.
Along with the email addresses, Microsoft's forensics experts also uncovered evidence that the cyber criminals used stolen credit cards to purchase hosting and email services.
Microsoft traced payments for the hosting of some of Rustock's C&C servers to a specific Webmoney account, and after asking the Russian online payment service for help, identified the owner of that account as one Vladimir Alexandrovich Shergin of Khimki, a city 14 miles northwest of Moscow.
Eighteen of the 20 drives obtained under the court order had been used as Tor nodes to provide the attackers with anonymous access to both the Internet as a whole, and to the hijacked Windows PCs that made up the Rustock botnet.