Spam volumes drop as Rustock, other botnets go quiet

The infamous Rustock botnet, responsible for almost half of all spam sent last year through its command-and-control system exploiting over a million compromised PCs, has suddenly slowed to a crawl, Symantec said today, noting the unexplained event has led to a substantial drop in spam.

Also read: Rustock responsible for over 40% of spam

One of the oldest and most successful spam-producing botnets, Rustock typically would send about 44.1 billion spams per day but that volume suddenly dropped on Dec. 25 to about 500 million per day, according to Symantec. There's no clear explanation for the decrease, which may be temporary, says Paul Wood, senior analyst with Symantec hosted services. But he notes that the Web site for the Rustock spam-promoting affiliate organization called SPAMIT, was shut down last October. To add to the mystery, other spam-producing botnets are suddenly going silent, including one called Lethic on Dec. 28 and Xarvester on Dec. 31.

"We've got blackbirds falling out of the sky and botnets going silent for the moment," says Wood, alluding to the mysterious spectacle of birds mysteriously raining down dead by the thousands in Arkansas on New Year's Eve.

Rustock in years past has shown irregular patterns of sending spam by going into prolonged quiet periods before a major ramp-up. The Rustock botnet still appears to retain the ability to initiate other actions, including click fraud, Wood adds, noting it's not known who controls Rustock. Some believe it has roots in Russia.

Since Rustock accounts for about half of the world's spam each day (most of it the so-called "pharmaceutical spam" trying to lure people to Web sites via promotions of illicitly-sold medications or simply malware) it has resulted in a dramatic decrease in spam volumes for the current period.

"Did the people in charge of these botnets suddenly go on vacation?" asks Symantec researcher Eric Park in a blog post. "Currently there are no explanations on why these botnets stopped spamming."

Read more about wide area network in Network World's Wide Area Network section.

Join the CSO newsletter!

Error: Please check your email address.

Tags antispamsymantecspam; Rustock; Symantec; Xarvestersecurityanti-malware

More about LANMITSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts