Rustock zombies halved as clean-up efforts continue
Leaderless undead remotely brain-shot from Redmond
The zombie machines which formerly powered the infamous Rustock botnet are down to half their original number, according to Microsoft.
Redmond ran a successful takedown operation back in March that effectively knocked out Rustock's command and control nodes. That meant that infected PCs were no longer being sent spam templates or other instructions while doing nothing to alter the fact that they were contaminated with malware.
Subsequent efforts, including the addition of Rustock botnet disinfection agents to the Microsoft Malicious Software Removal tool, have reduced the number of infected hosts by more than half.
Worldwide Rustock infection rates are down from a zombie count of 1.6 million in the middle of March to 703,000 in the week ending 18 June, the latest available figures. India, the US and Turkey are the most infected countries, but the malware itself remains widely spread across the world, as explained in a blog post here.
Microsoft has pledged to continue its clean-up efforts. In the meantime it is chasing leads on the owners and operators of the botnet. The Rustock control servers were rented by two Russians - Vladimir Alexandrovich Shergin and Dmitri A Sergeev - who have each become key suspects in the case.
Rustock began operation in 2006 and, at its peak, accounted for more than 13.8 billion spam emails daily, most of which punted unlicensed pharmaceutical websites. The take down operation was the second of its type. Microsoft was also heavily involved in the takedown of the Waledac botnet in March 2010.
A Special Edition of Microsoft's Security Intelligence Report provides more information on the Rustock threat and can be found here. ®
For a long time, my domain name had email set up so that *@domain were forwarded to my actual email address. I generally only received spams at a username on that domain which I'd been stupid enough to put online somewhere (probably a forum system which was stupid enough to put your email address on a public profile page). Blocked that one from receiving anything and forgot about it. Back then, it looked like they mainly harvested email addresses from websites and Usenet posts.
One morning somewhere around 2003 or thereabouts, I woke up to several thousand spams in my inbox, and more arriving as fast as I could download them. They were addressed to all kinds of usernames@mydomain, looked like they went through a long list of names and appended the domain to the end. Since then, I no longer receive mail to anything other than legit usernames. It helped, a lot.
These days I get a couple of hundred spam mails per day, but GMail for all it's other faults does a near-perfect job of dispatching them. I doubt that having an email address on a web page would make much difference now and I tend not to worry much about spam. Still, it's good to see active effort being made to take these scumbags down, even if it is just Microsoft clearing up the mess their dog made on the carpet.
Don't hit "unsubscribe"
yup - they do that, and an actived unsubscribe link is just a confirmation that the email is live.
Marketing lists are definitely one way, and then you have:
1. We'll only share your details with carefully selected partners. [Translation: Anyone who'll pay us]
2. We never sell your details. (Unless we go bust and the receiver / new buyer decide there's money to be made.)
3. Remember to send a thank you note to companies and the government for sending (and losing) unencrypted CDs via the postal service.
4. Losing unencrypted laptops or left in back of taxi / bar... ooooops.
5. Compromised websites, where it was vitally important to keep customer data on public facing servers. Play.com and Travel Lodge being the latest.
I'm sure there are lots more ways...