A new report from Symantec put the Rustock botnet at the top of the heap for spamming despite the fact that the number of infected computers under its control was slashed nearly in half.
Rustock retained the top
spot as the busiest spam-sending botnet on the Web this
month despite the fact the number of bots under its control
According to Symantec's
August 2010 MessageLabs Intelligence Report, Rustock increased its output from
32 percent of botnet spam in April to 41 percent in August. Ironically,
this happened even though the number of Rustock bots dropped from 2.5
million to 1.3 million during that same period, researchers found.
"Rustock has shrunk in size
perhaps as a result
of infected computers
being cleaned or replaced," speculates Paul Wood,
MessageLabs Intelligence senior analyst for Symantec Hosted Services. "It is
likely that a new variant of the Rustock botnet has been created to replace the
bots that it has lost. This usually involves a new version of the Trojan code
being deployed, which at first appears as a new, unknown botnet. I would expect
the botnet to grow again over the coming weeks and months."
In the meantime, Rustock
has turned off its use of TLS (Transport Layer Security
) encryption because of the large
amount of computing resources it consumes, Wood said. By turning off TLS encryption, the botnet can send
great volumes of spam-in this case, 192 spam e-mails per minute instead of 96.
At its peak in March, TLS-encrypted spam accounted for 30
percent of spam from all sources and as much as 70 percent of spam from
Rustock. That percentage of TLS-encrypted spam has declined to less than 0.5 percent
of all spam.
Outside of Rustock, the
Grum and Cutwail botnets were responsible for 16.36 and 6.99 percent of all
spam, respectively. First identified in 2007, Cutwail sends more malware than
any other botnet, usually in the form of a zip file attachment, the report notes
Geographically, the United Kingdom was
responsible for 4.5 percent of the world's spam during March
, more than double its April percentage.
It is now the fourth most frequent source of spam behind the United States
(number one), India and Brazil, respectively.
The United States is home
to the highest number of bots, with most belonging to the Rustock, Storm
and Asprox botnets. Some 14 percent of the Rustock bots are in the United States, up from 7 percent in April.
The global ratio of spam to
e-mail traffic was one in every 1.08 e-mails (92.2
%), the researchers found. Nearly 18
percent of spam came from yet-to-be-classified botnets. Phishing activity also
inched up by .1 percent, to one in every 363.1 e-mails.
"Computers are not like
washing machines or televisions-they need constant maintenance, upgrading and
patching," Wood says. "Security is often left to the end user, and the growth
or social networking and user generated content has also made it easier for the
criminals to take advantage of people's willingness to be open and share