Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cloud
    • Cybersecurity
    • Networking

    Rustock Botnet Flatlined with No Spam Activity

    By
    Fahmida Y. Rashid
    -
    March 17, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Rustock botnet, one of the most active spam-distribution botnets in 2010, appears to have stopped sending out any of its Canadian pharmaceutical spam, again.

      The Rustock botnet ceased sending out spam midmorning of March 16, said Mat Nisbet, malware data analyst at Symantec.cloud. According to graphs posted March 17 on MessageLabs Intelligence Blog, Rustock regularly alternates between high and low volumes, so the spike before it stopped activity was not unusual, according to Nisbet. It’s not clear whether the lack of any activity coming from the botnet is the result of law enforcement or some kind of a hardware issue, according to Nisbet.

      It’s also too early to tell whether Rustock has been taken down or voluntarily closed, because Rustock has gone quiet before. It was quiet over the holiday season when spam activity stopped on Dec. 15. It resumed operations on Jan. 10, according to Symantec’s Marissa Vicario.

      The botnet had some kind of disruption of its command-and-control servers and its spam silence appears to be temporary, Troy Gill, security analyst at AppRiver, told eWEEK.

      Rustock accounted for as much as 47.5 percent of all spam worldwide by the end of 2010. At its peak, it may have been responsible for more than half of all spam, Nisbet said. However, Rustock’s output has been declining over the past few months and other botnets have been increasing their spam volumes. The Bagle botnet, while it doesn’t have the regular spikes and dips that marked Rustock’s performance, has a fairly consistent rate of output and has lately increased its total volume, Nisbet said.

      Before Christmas, Rustock was accountable for as much as 44 billion spam e-mails per day, according to Paul Wood, MessageLabs senior intelligence analyst for Symantec Hosted Services. Within 24 hours of resuming operations in January, it was pumping out 19 percent of global spam, Wood said.

      Even while it wasn’t sending spam, Rustock was still active in other ways, particularly in click-fraud, where the bots simulate a “click” on a Web page advertisement, according to Vicario. Click fraud brings automatic revenue from the advertisers who charge on a “pay-per-click” model to the botmasters, so it stands to reason that the botnet may be engaged in other behaviors during this current downtime.

      Estimates of Rustock’s size vary. Wood said the botnet has between 1.1 million and 1.7 million computers globally. Spamhaus’ Composite Spam Blocklist estimates at least 815,000 Windows computers are currently infected with Rustock but said the number is a conservative estimate. On the other hand, Gunter Ollmann, vice president of research at Damballa, considers those estimates too high. Rustock didn’t even make it into Damballa’s most recent report listing the top 50 largest botnets infecting computers in North America, Ollmann told eWEEK.

      The bad news is that even with this takedown of Rustock, there appears to be no real impact on total spam volumes. MessageLabs Intelligence tracks spam and said traffic looks normal for this time of the year.

      The computers that are already infected with Rustock remain infected, as well. These bots are essentially waiting for new instructions and will continue to wait. The botmaster just needs to register a site name that the individual bot will recognize. Once found, the bot will know where to go to get the latest instructions and software updates and be back in operation almost immediately.

      The computers are still vulnerable to the same tactics and exploits that caused them to join the botnet in the first place, Ollmann said.

      It’s still good news that one of the most prolific botnets that clogged inboxes for almost all of 2010 will be offline at least for a little while.

      Avatar
      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×