Posted by Virus Bulletin on Mar 17, 2011
Eerie silence from Rustock botnet. Microsoft reported to have co-ordinated take down.
Spam levels have taken a nose dive over the last 24 hours - apparently as a result of a take down operation by unknown anti-spam activists.
The Rustock botnet has been responsible for enormous amounts of spam over the last few years - in 2010, the botnet sent out an average of 44 billion spam messages each day, with the average rising to around 80 billion per day more recently. But yesterday the botnet's output dropped suddenly from a peak of over 250,000 emails per second to nothing.
Graphs produced by the CBL (Composite Blocking List) give a dramatic visual illustration of the drop off here.
Before getting too excited about the apparent shut down, however, experts warn that Rustock was silenced for several days once before - in December 2010 - before returning to full flow in mid-January 2011, and that there could be any number of reasons for a halt to the spamming which may yet prove only temporary.
The Rustock botnet is estimated to consist of 815,000 compromised Windows PCs, controlled via a network of around 26 servers and typically it has been responsible for 50-70% of the total spam on the Internet.
More commentary is available from Brian Krebs here and from The Register here.
Update: According to an article in the Wall Street Journal the take down of the botnet has been the result of a joint effort between Microsoft's digital crimes unit and US law enforcement agents who together seized equipment from hosting facilities across the US. According to the report, equipment was confiscated from ISPs located in Kansas City, Mo.; Scranton, Pa; Denver; Dallas; Chicago; Seattle and Columbus, Ohio. Microsoft officials had obtained a federal court order granting them permission to take computers believed to be Rustock command-and-control machines. The full story can be read here.
Posted on 17 March 2011 by Virus Bulletin