While global spam volumes dropped dramatically after Microsoft and the U.S. Marshall Service seized Rustock's C&C servers, other botnets have stepped up to maintain spam volume.
Global spam volumes dropped
by a third immediately after Microsoft and law-enforcement officials shut down
Rustock earlier this month, but other botnets are filling the void.
The volume of junk mail fell
from around 52 billion daily emails to roughly 33 billion emails a week after
botnet ceased operations
, according to the MessageLabs Intelligence Report
for March that Symantec.cloud released March 29. However, despite the dramatic
fall in spam volumes in that one-week period, overall spam volumes for the
month of March dipped only slightly, by about 2 percent, according to the
Overall spam volumes did not
fall as much because other botnets have increased their spam output to close
the gap left behind by Rustock. About 83 percent of global spam was sent from
botnets in March, a 6 percent increase from the end of 2010, when botnets
accounted for 77 percent, Symantec.cloud researchers found.
is filling the pharmaceutical spam gap, sending out 8.31 billion
spam emails daily, according to the report. At the time of its takedown,
Rustock alone accounted for 13.82 billion spam messages daily, or 28.5 percent
of the total. Rustock was also most known for its pharmaceutical spam.
operation between Microsoft
and law-enforcement authorities shut down
Rustock March 16. The ringleaders behind Rustock remain at large at this time.
The hard drives seized from the 96 servers, which had acted as Rustock C&C
(command and control) systems have been handed over to a forensic firm to find
clues to the botnet operators' identities.
"It remains to be seen
whether the criminals behind Rustock will be able to recover from this
coordinated effort against what has become one of the most technically
sophisticated botnets in recent years," said Paul Wood, a MessageLabs
Intelligence senior analyst at Symantec.cloud.
Rustock has been in
operation since January 2006, much longer than most of the other botnets now in
operation, Wood said. As the
largest spam-sending botnet
, Rustock was sending approximately 44.1 billion
emails per day, or 47.5 percent of all spam, by the end of 2010.
Despite not being listed on
the Top 10 list of spam-sending botnets in the MessageLabs Intelligence 2010
Annual Security Report, the Bagle botnet was the most prolific in sending out
spam in March, according to the report. Symantec.cloud researchers noted that
despite not having many zombies under its control, Bagle has been very
consistent in its output volume.
Botnets have become "the
spammers' air supply," said Symantec.cloud's Wood. It would be very
difficult for spammers to operate without botnets, he said.
Symantec.cloud expects to
see an increase in malware attacks in the coming weeks and months as spammers
try to recruit more infected computers into their botnets. The threats can take
the form of malware embedded on legitimate Websites or sending malicious links
The report also noted almost
negligible changes in virus activity in March, with email viruses inching up
0.134 percent and emails with links to malicious Websites decreasing 0.1
percent since February. Phishing declined by 0.065 percent, according to the report.