Rustock botnet goes quiet, reason for takedown unclear

Spam-sending botnet Rustock has suddenly ceased activity, but it's having a small effect of spam levels.

Notorious spam botnet Rustock has gone quiet and security analysts aren't sure why.

Researchers with Symantec's MessageLabs Intelligence, citing a Brian Krebs post on KrebsonSecurity, said the botnet ceased sending spam around 15:30 UTC, on March 16th.

Late last year Rustock still remained the most dominant botnet on the spam scene, with spam output that more than doubled in one year, according to MessageLabs Intelligence. In 2010, Rustock was responsible for more than 44 billion spam emails per day and had more than one million bots under its control and accounted for as much as 47.5 percent of all spam.

More about botnets

"At its peak it was responsible for more than half of all global spam," said MessageLabs Researcher Paul Wood. "However, in the last few months, other botnets have been steadily increasing their output to match, or even exceed, that of Rustock."

The increase from other botnets means that so far, this recent takedown of Rustock hasn't had much noticeable effect on the overall amount of spam tracked by MessageLabs Intelligence, said Woods.

"So far, in fact, traffic looks normal," he said.

Woods said it's unclear if the takedown or closure will be permanent. Rustock has gone quiet before, over the last holiday season it stopped spamming for several days but came back as strong as ever, he noted. If this current stoppage is the result of a coordinated takedown it would be the largest take down of a bot network to date.

Join the discussion
Be the first to comment on this article. Our Commenting Policies