Feeds

Spam levels plummet as Rustock botnet taken down... for now

815,000 zombies with no master...

3 Big data security analytics techniques

Spam volumes shrank on Wednesday after the prolific Rustock botnet fell silent, reportedly as a result of a takedown action.

Rustock, which is made up of a network of compromised (malware-infected) Windows PCs, turns an illicit income for its unknown controllers by being the biggest single source of global spam. The botnet is particularly active in advertising unlicensed net pharmacies, or at least it was until Wednesday afternoon, when its junk mail deluge ran dry.

Security blogger Bryan Krebs, who broke the story of the sudden drop-off, suggests the respite of spam from Rustock is the possible result of a takedown action against the zombie network's command and control system. "Dozens of internet servers used to coordinate these spam campaigns ceased operating, apparently almost simultaneously," he writes. "Such an action suggests that anti-spam activists have succeeded in executing possibly the largest botnet takedown in the history of the internet."

Details of who took this action are unclear at present, though security firms were able to confirm that Krebs is spot on in attributing a sharp drop in spam levels to the shut-down (at least temporarily) of Rustock.

M86 Security Labs, for example, said that Rustock control servers it monitors are unreachable. "It is unclear yet who or what caused the shutdown," the security firm said in a blog post on the Rustock shutdown that includes a graph of the botnet's junk mail output. "It's also possible it has been abandoned."

The Rustock botnet is made up of an estimated 815,000 compromised Windows PCs, controlled via a network of around 26 servers.

Infected machines are still pox-ridden but without instructions to act on and spam templates to drawn upon they have been rendered inert, at least for now. Rustock has been around for around three years and, at its peak, was to blame for half the spam in circulation.

Spam from Rustock previously fell away to almost nothing over the Christmas and New Year holiday before returning in mid-January, possibly as the result of a temporary break by the botherders controlling the network, so it would be unwise to write up Rustock's obituary just yet. Even if Rustock is properly dead, the business of using junk mail messages to spamvertise sites offered unlicensed pharmaceuticals is simply too lucrative to disappear anytime soon. Economic logic dictates that someone will move in and pick up the slack. ®

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.