This report provides new data on the Rustock botnet and the impact of the malware on computers around the world. In addition to the report, we have released updated data on computer infection reductions we’ve seen since the takedown and a video which captures infected Internet Protocols (IPs) from all around the world attempting to check into the Waledac and Rustock botnets as recently as two weeks ago.
The SIR report gives an overview of the Win32/Rustock family of rootkit-enabled backdoor Trojans, its functionality and how it works. It also shows the direct impact of the takedown operation. The SIR also verifies something we have long believed: that Rustock-infected computers are also very likely to be infected with other malware. For example, DCU and MMPC conducted an experiment in which they infected a computer with Win32/Harnig, which is known to infect a computer with Rustock, in order to see what additional malware was installed. Within five minutes of installation, a wide variety of additional malware and potentially unwanted software had been downloaded and installed onto the infected computer – and many of these threats are themselves designed to eventually download even more malware.
Source: The Official Microsoft Blog