The takedown relied on legal and technical "measures": Microsoft obtained a court order which enabled it to work with the U.S. Marshals Service "to physically capture evidence" and remove affected servers from hosting companies. The company said that servers were removed from hosters in Kansas City, Scranton, Denver, Dallas, Chicago, Seattle, and Columbus. Upstream providers helped Microsoft to "sever" the I addressed that controlled the botnet, cutting off the communication between the servers and those who operated the botnet. The evidence gathered is now investigated in the hope that Microsoft and government officials learn more how botnets are operated.
In addition, Microsoft filed suit against the anonymous operators of the botnet , based in part on the abuse of Microsoft's trademark in the botnet. Rustock is estimated to have infected well more than 1 million client PCs that are capable of sending billions of spam emails every day. The botnet was known for sending Microsoft lottery scams and fake offers as well as prescription drug spam.
" Although Rustock’s primary use appears to have been to send spam, it’s important to note that a large botnet can be used for almost any cybercrime a bot-herder can dream up. Botnets are powerful and, with a simple command, can be switched from a spambot to a password thief or DDOS attacker," Microsoft said.