It consisted of computers running Microsoft Windows, and was capable of sending up to 25,000 spam messages per hour from an infected PC.
[10][11] On March 16, 2011, the botnet was taken down through what was initially reported as a coordinated effort by Internet service providers and software vendors.
[12] It was revealed the next day that the take-down, called Operation b107,[13][14] was the action of Microsoft, U.S. federal law enforcement agents, FireEye, and the University of Washington.
In order to hide its presence from the user and anti-virus software, the Rustock botnet employed rootkit technology.
[20] When sending spam the botnet uses TLS encryption in around 35 percent of the cases as an extra layer of protection to hide its presence.