Feeds

Spam levels plummet as Rustock botnet taken down... for now

815,000 zombies with no master...

Seven Steps to Software Security

Spam volumes shrank on Wednesday after the prolific Rustock botnet fell silent, reportedly as a result of a takedown action.

Rustock, which is made up of a network of compromised (malware-infected) Windows PCs, turns an illicit income for its unknown controllers by being the biggest single source of global spam. The botnet is particularly active in advertising unlicensed net pharmacies, or at least it was until Wednesday afternoon, when its junk mail deluge ran dry.

Security blogger Bryan Krebs, who broke the story of the sudden drop-off, suggests the respite of spam from Rustock is the possible result of a takedown action against the zombie network's command and control system. "Dozens of internet servers used to coordinate these spam campaigns ceased operating, apparently almost simultaneously," he writes. "Such an action suggests that anti-spam activists have succeeded in executing possibly the largest botnet takedown in the history of the internet."

Details of who took this action are unclear at present, though security firms were able to confirm that Krebs is spot on in attributing a sharp drop in spam levels to the shut-down (at least temporarily) of Rustock.

M86 Security Labs, for example, said that Rustock control servers it monitors are unreachable. "It is unclear yet who or what caused the shutdown," the security firm said in a blog post on the Rustock shutdown that includes a graph of the botnet's junk mail output. "It's also possible it has been abandoned."

The Rustock botnet is made up of an estimated 815,000 compromised Windows PCs, controlled via a network of around 26 servers.

Infected machines are still pox-ridden but without instructions to act on and spam templates to drawn upon they have been rendered inert, at least for now. Rustock has been around for around three years and, at its peak, was to blame for half the spam in circulation.

Spam from Rustock previously fell away to almost nothing over the Christmas and New Year holiday before returning in mid-January, possibly as the result of a temporary break by the botherders controlling the network, so it would be unwise to write up Rustock's obituary just yet. Even if Rustock is properly dead, the business of using junk mail messages to spamvertise sites offered unlicensed pharmaceuticals is simply too lucrative to disappear anytime soon. Economic logic dictates that someone will move in and pick up the slack. ®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.