Rustock Author May Be Former Google Hopeful

As Microsoft’s crusade against the Rustock botnet continues, a new article from Brian Krebs claims the formerly prolific botnet’s author may be a self-described mathematician and software engineer who once sought employment from Google.

BotnetAs Microsoft’s crusade against the Rustock botnet continues, a new article from Brian Krebs claims the formerly prolific botnet’s author may be a self-described mathematician and software engineer who once sought employment from Google.

According to Krebs, who cites court documents filed by the Redmond, Wa.-based software giant, Microsoft is still on the hunt for the man behind the bot, believed to be one Vladimir Alexandrovich Shergin. Shergin’s n ame was connected with an online payment account that was used to rent Rustock control servers, Krebs said.

Another potential Rustock controller operating under the pseudonym “Cosma2k,” which may belong to man named Dmitri A. Sergeev, Artem Sergeev, or Sergey Vladomirovich Sergeev, Krebs reports.

Krebs has been investigating the true identity of “Cosma2k” for almost a year. Using Spamit.com data acquired in August of last year and information from a Web hosting reseller in Eastern Europe who admittedly rented out servers to an apparent Rustock operator, Krebs managed to draw similar connections between “Cosma2k,” a spammit.com affiliate account, and a Vladimir Shergin. He also discovered an email address connected with the “Cosma2k” Spamit.com affiliate account, ger-mes@ger-mes.com. The ger-mes.com site itself was still active at the time and contained the resume of a man claiming to be a Dmitri A. Sergeev. The resume included a picture of a young man with the following message, “I want to work in Google.”

Krebs claims to have contacted Google back in August of 2010 with this man’s picture and resume. He asked the company whether or not they had ever received Sergeev’s resume and whether or not they ever considered flying the man out to Mountain View, Ca. for an interview. He received no response.

Micosoft, in cooperation with authorities and the firm FireEye, launched a coordinated takedown of the Rustock infrastructure in March.  Many of the servers hosting the botnet were found to be located in the U.S. The coordinated action led to a temporary, 40 percent drop in spam volume 

Suggested articles

Discussion

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.