A Day in the Life of the Rustock Botnet

1 of 7

A Day in the Life of the Rustock Botnet

by Brian Prince

2 of 7

Evolution of Rustock

This is a picture of the early evolution of the Rustock backdoor Trojan. Totmau is a Trojan Symantec found a few months before Rustock was discovered. Researchers there suspect the malware authors may be the same or connected, but that has not been established.

3 of 7

Rustock Code

This is the actual code Rustock uses to target victims.

4 of 7

Cracking Rustocks Code

Here is a flowchart of a Rustock sample using a method to make things difficult for analysts. The malware author twists the code on purpose in an attempt to obfuscate the real intention.

5 of 7

How It Happens

In this diagram, researchers outlined how the botnet works to infect users and spread spam.

6 of 7

A Side of Spam

Rustock is a sophisticated and prolific spamming machine. The individual spambots are among the fastest at sending spam that we have observed—we clocked one individual bot at 25,000 messages per hour from a standard desktop PC.

7 of 7

Communication Is Key

This image shows the flow of information a bot goes through when it queries the C&C server.