One company working alongside Microsoft in locating command and control centres was FireEye. The two would check in with each other every couple of weeks to share information, which was eventually used to get hold of the server locations before sending in the troops to seize them.
"When we were pretty satisfied that we had all the command and control servers, I think there were 96 in total, we started filing briefs with the court and started doing the legal angle," FireEye senior security researcher Alex Lanstein told IT PRO.
Furthermore, the legal process Microsoft and its partners had to go through could open up some fresh avenues for companies looking to join the botnet fight.
"There was no real precedence for this legal case," Lanstein said.
"Microsoft was able to show a lot of damages both by brand - the spam messages being sent out were using the Microsoft brand along with damages done to the Hotmail service. The actual Hotmail service was receiving millions of spam messages from the Rustock bot."
Microsoft was able to determine what additional processing power it needed to deal with the botnet. This was then used as evidence of damages to the courts.
The court then decided to hand seized hard drives over to Microsoft temporarily for the purpose of forensically copying the data to analyse. The tech giant can now do forensics on the drives and potentially determine who was connecting into them and perhaps even locate the bot master.
"That's a pretty unique legal perspective," Lanstein added.
Given the various successes seen last year in making actual arrests, notably in the case of Mariposa, can we expect more here?
"If I were to put odds of 50/50 chance that there is an arrest made, or at least the intel is used to collaborate with other information and shared with a different case," Lanstein added.
"All that'll be forthcoming once they get hold of the hard drives and are able to do the forensics on them."
As for a possible resurrection of the Rustock botnet, Lanstein believes that given the amount of money the bot master/masters would have made, and the pressure they will be under from Microsoft's legal team, it's unlikely the botnet will make a comeback.
So whilst the takedown might not make much of a dent to spamming in the long term, the collaborative and legal process that led to Rustock's demise could set a precedent and spur on others to come together to fight those massive botnets that cause so much bother to web users across the world.
If you can take down the biggest spamming botnet ever, why can't you put an end to others?
