Rustock Botnet: Dead Or Just Reloading?

Reports indicate that the massive drop in spam levels are linked to the sudden disappearance of the Rustock botnet. However, recent history suggests the interruption may only be temporary.

Spamhaus’s Composite Spam Blocklist (CBL) claims that dozens of Rustock’s internet servers, which for years have been pumping spam messages and slinging faux pharmaceutical ads, stopped operating Wednesday morning in near simultaneity.

While there's agreement that Rustock is offline - at least for now- its not clear if the interrpution in spam is the result of a take-down or of Rustock reloading.

CBL’s data suggests that Rustock’s spam levels have been surging and plummeting on a daily basis. At times, the botnet accounted for as much as 75 percent of global spam, only to drop back to zero percent the next day. Such has been the case for the last week, for every significant peak, the following day brings subsequent drop to zero percent of global levels, only to rise and fall again. That was the case in December, 2010, when Rustock disappeared for a period of time, only to re-emerge.

Thus far, Rustock interruptions have been sporadic and short-lived, creating a statistical ebb and flow where its volume has hit and hovered around zero, but never staying there for any significant period of time. Not so with the latest interruption in service, which shows Rustock flat lining since 10:54 am EST Wednesday.

Rustock has been the leading source of spam for some time, generating between 50% and 70% of worldwide spam volumes. While no firm data is available on the numbers of e-mail messages sent out through Rustock, the number is likely to be staggering. ,which is impressive considering Threatpost reported yesterday that the relatively smaller Pushdo botnet has generated some 1.7 trillion spam messages. This, despite efforts to limit the impact of botnets by using blacklists to block traffic from infected systems.

Commenting on this Article is closed.