In a detailed report from Symantec's MessageLabs, it emerges that global spam volumes dropped by one-third in the days following the action taken against the Rustock botnet. Rustock seemingly went quite on March 16, prompting security firms and spam monitors to ask questions about its lack of activity.
Rustock is/was one of the most technically sophisticated botnets known, and it still remains to be seen whether its operators can regain control over the million-strong herd again. It has been active since 2006, quite a lifetime for a botnet.
Microsoft-led action against Rustock, with help from Pfizer and FireEye, led to the seizure of 96 command and control servers mid-March. The hard drives have been handed over for forensic analysis in an attempt to identify the operators.
Following the takedown, global spam volume dropped 33.6 percent by the 17th of the month. In the days following the seizures, 33 billion spam e-mails were sent a day, compared to an average of 52 billion beforehand.
During March, 83.1 percent of global e-mail spam was sent from botnets. In 2010, the average share of e-mail spam coming from botnets was 88.2 percent. Prior to its takedown, Rustock was sending out around 13.82 billion spam e-mails every single day, accounting for 28.5 percent of all global spam from botnets in March.
By the end of 2010, Rustock had been responsible for as much as 47.5 percent of all spam. Now that Rustock has gone quiet, the Bagle botnet has become more active and after Rustock it is the most active spam sending botnet in 2011. It's spam levels are at their highest since October 2009, when Bagle accounted for 12.2 percent of global spam.
Botnets are also used to carry out distributed denial of service attacks (dDos attacks), for hosting content (sometimes illegal) and for mining data from the usage of the hijacked computer, which can be anything from logins and passwords to credit card numbers.
According to the MessageLabs report, the main source of spam in March geographically was the Russian Federation, accounting for 12.4 percent of spam, followed by India at 8.8 percent, Brazil at 5.9 percent, the United States at 4.5 percent and Ukraine at 4.4 percent. For the first time in over a year, the top ten list of spam sources did not include a single European country.
Written by: James Delahunty @ 31 Mar 2011 14:56