Eerie silence from Rustock botnet. Microsoft reported to have co-ordinated take down.
Spam levels have taken a nose dive over the last 24 hours – apparently as a result of a take down operation by unknown anti-spam activists.
The Rustock botnet has been responsible for enormous amounts of spam over the last few years – in 2010, the botnet sent out an average of 44 billion spam messages each day, with the average rising to around 80 billion per day more recently. But yesterday the botnet’s output dropped suddenly from a peak of over 250,000 emails per second to nothing.
Graphs produced by the CBL (Composite Blocking List) give a dramatic visual illustration of the drop off
here
.
Before getting too excited about the apparent shut down, however, experts warn that Rustock was silenced for several days once before – in December 2010 – before returning to full flow in mid-January 2011, and that there could be any number of reasons for a halt to the spamming which may yet prove only temporary.
The Rustock botnet is estimated to consist of 815,000 compromised
Windows
PCs, controlled via a network of around 26 servers and typically it has been responsible for 50-70% of the total spam on the Internet.
More commentary is available from Brian Krebs
here
and from
The Register
here
.
Update:
According to an article in the
Wall Street Journal
the take down of the botnet has been the result of a joint effort between
Microsoft
‘s digital crimes unit and US law enforcement agents who together seized equipment from hosting facilities across the US. According to the report, equipment was confiscated from ISPs located in Kansas City, Mo.; Scranton, Pa; Denver; Dallas; Chicago; Seattle and Columbus, Ohio.
Microsoft
officials had obtained a federal court order granting them permission to take computers believed to be Rustock command-and-control machines. The full story can be read
here
.
Posted on 17 March 2011 by
Virus Bulletin
Leave a Reply