According to Marshal8e6, spam levels are up 60 percent between January and June. The vast majority of that spam comes from massive botnets such as Cutwail and Mega-D.
Today, eWEEK is focusing on just one of those botnets—Rustock—which has been spamming users for the past few years. In its latest biannual report, TRACELabs’ Marshal8e6 noted Rustock uses rootkit functionality to hide itself, and changes spam templates often. It typically uses HTML templates from legitimate newsletters and inserts its own images and links to give Rustock spam a mask of respectability. This also allows it to dodge spam filters.
In this slideshow, eWEEK has gathered images of Rustock in action to help illustrate a day in the life a prolific botnet. (Images courtesy of SecureWorks, Symantec, Marshal8e6 and FireEye)
of
A Day in the Life of the Rustock Botnet
by Brian Prince
Evolution of Rustock
This is a picture of the early evolution of the Rustock backdoor Trojan. Totmau is a Trojan Symantec found a few months before Rustock was discovered. Researchers there suspect the malware authors may be the same or connected, but that has not been established.
Rustock Code
This is the actual code Rustock uses to target victims.
Cracking Rustock's Code
Here is a flowchart of a Rustock sample using a method to make things difficult for analysts. The malware author twists the code on purpose in an attempt to obfuscate the real intention.
How It Happens
In this diagram, researchers outlined how the botnet works to infect users and spread spam.
A Side of Spam
Rustock is a sophisticated and prolific spamming machine. The individual spambots are among the fastest at sending spam that we have observed—we clocked one individual bot at 25,000 messages per hour from a standard desktop PC.
Communication Is Key
This image shows the flow of information a bot goes through when it queries the C&C server.
Join us on February 1 for an encore rebroadcast at either 5 am or 12 noon EST and discover how business intelligence (BI) supports companies in uncertain business and economic
climates. Get expert advice on how to create a strategy that fits your organization's needs and budget and see how quickly it can pay for itself.
IT Security & Network Security News & Reviews News & Reviews 
iPad 3: 10 Design Ideas Apple Should Borrow
10 Hot Tech Products Sure to Fire Up the Market in 2012
iOS, Android App Economy Fuel 500K U.S. Jobs: TechNet
Microsoft's Windows 8 Minimized Ribbon, Sensors Among New Feature[..]
NoSQL Database: 5 Ways to Make It Enterprise-Ready
Facebook IPO: 10 Facts You Didn't Know Before the SEC Filing
See All Slideshows
It's a busy time for botnets.
According to Marshal8e6, spam levels are up 60 percent between January and June. The vast majority of that spam comes from massive botnets such as Cutwail and Mega-D.
Today, eWEEK is focusing on just one of those botnets—Rustock—which has been spamming users for the past few years. In its latest biannual report, TRACELabs’ Marshal8e6 noted Rustock uses rootkit functionality to hide itself, and changes spam templates often. It typically uses HTML templates from legitimate newsletters and inserts its own images and links to give Rustock spam a mask of respectability. This also allows it to dodge spam filters.
In this slideshow, eWEEK has gathered images of Rustock in action to help illustrate a day in the life a prolific botnet. (Images courtesy of SecureWorks, Symantec, Marshal8e6 and FireEye)