IT: massive internet "takedown" of spamming system that sent up to 30,000 million e-mails each day.

The Rustock trojan was installed on about a million personal computers in homes and offices over the past three years and took control of part of the operating system, affecting Microsoft Windows machines and gaining access through defects in e-mail and browser programs such as Internet Explorer.

The primary method of delivery, however, was "drive by" installation as web browsers visited web sites with adverts and links that downloaded software onto users' computers in the background.

Investigators say that the system was very clever: once installed, it had the capability to "push" software updates to the machines it controlled. the updates were disguised in such a way that they looked like normal activity and bypassed many malware scanners.

Annoyed that its software was at least instrumental in facilitating the creation of the massive network of slave computers, Microsoft invested in patching both operating systems and browsers and has issued dozens of security updates in the past three years - but only for users of their more recent operating systems. Users of Windows 95 and 98, still widely used in the developing world, have been orphaned as Microsoft has abandoned all updates, including security updates, of their operating system and their browsers before IE6.0. Windows 2000 and XP are slated to be abandoned in a similar way despite - or perhaps because of - massive installed user bases who refused to migrate in some cases to XP and in many more cases to Vista.

Microsoft and other manufacturers pumped large but undisclosed sums into the investigation against Rustock and were rewarded with simultaneous raids on multiple hosting centres around the USA and the seizure of 96 servers.

Investigators say that they have learned that total hosting costs amounted to only USD10,000 per month but that the 30,000 million (average; 200,000 million peak) adverts sent for, amongst other things, fake pharmaceuticals is likely to have made significant profits for the organisers.

There are just two remaining problems: so far the profits have not been traced - and nor have those who set up the system.

The distributed system was in multiple sites in the USA, outside metropolitan areas. This, investigator say, helped the organisers "stay under the radar." How that is so, given the massive percentage of traffic they were generating, is unclear: surely that is best hidden in areas where there is already heavy traffic.

But it is by no means clear that the organisers are in fact in the USA: they could be anywhere. And if they are able to identify and exploit more security holes in the operating systems and browser / e-mail software in use - or to rely on older or unpatched machines - then there is a serious chance that they may simply set up shop somewhere else.

Currently, "the cloud" is mainly based in the USA but as cloud technology spreads, particularly to countries with rudimentary monitoring and legal systems, then the risk of re-introduction or copycats is hugely increased.