Rustock Botnet Shutdown Cut Spam Volume by a Third

According to the release of the MessageLabs Intelligence Report yesterday by security company Symantec, the shutdown of the Rustock botnet in March has caused the global monthly total of spam sent to drop by a third.

Prior to its shutdown, Rustock had been sending out "as many as 13.82 billion spam emails daily," says the report. Immediately following its shutdown, MessageLabs measured a dip of 33.6 percent in global spam volume, from March 15 to 17. However, other botnets have since stepped into its place, filling in that gap. Bagle has reportedly taken over as the most active spam-sending botnet for 2011.

Rustock was shut down via legal action against the command and control hosts used by the botnet.

"It remains to be seen whether the criminals behind Rustock will be able to recover from this coordinated effort against what has become one of the most technically sophisticated botnets in recent years," said MessageLabs intelligence senior analyst Paul Wood, quoted in the report. "Rustock has been a significant part of the botnet and malware landscape since January 2006, much longer than many of its contemporaries."

At the end of 2010, says MessageLabs, Rustock accounted for 47.5 percent of all spam, sending 44.1 emails per day. Interestingly, as of the MessageLabs 2010 Annual Security Report, Bagle did not appear in the top 10 spam-sending botnets.

Since the end of 2010, Bagle has become considerably more active, sending approximately 8.32 billion spam messages per day, delivering spam on a smaller scale, but more consistently than Rustock.

In March, says the report, 83.1 percent of global spam was sent from botnets, an increase of 6.1 percentage points over the 77 percent reported at the end of 2010.

"Botnets have been and remain a destructive resource for cyber criminals and through the years have become the spammers' air-supply, without which it would be very difficult for them to operate. Botnets are also used for other purposes such as launching distributed denial of service attacks, hosting illegal web site content on infected computers (known as bots), harvesting personal data from them and installing spyware to track the activities of their users," Wood said.

The complete report is available at the Symantec website.

print this article

Return to security news headlines
View Security News Archive

Share with: