• United States



by Senior Editor

Rustock awakens, spam volume back up

Jan 11, 20112 mins
BotnetsCybercrimeData and Information Security

After a brief period of low spam levels, top-dog spam botnet Rustock appears to be back in business

Earlier this month, researchers with Symantec’s MessageLabs noted spam volumes had dropped dramatically as Rustock, the largest of the spam botnets, went quiet. Researchers aren’t sure why this happened — only that global spam levels dropped massively as a result. Not surprisingly as Rustock is responsible for 88 percent of all global spam.

More about botnets

The quiet period was short lived. It appears Rustock has sprang to life again because levels of spam have increased. MessageLabs Intelligence honeypot servers saw an increase of roughly 98 percent in spam traffic between 00:00 and 10:00 on January 10th compared to the same period on January 9th. More spam is expected.

“While levels of Rustock output appears marginally lower than before Christmas, we see no reason they won’t reach those previous levels again, bringing global spam levels back up to the approximately 90 percent levels we had become so used to,” Symantec’s Marissa Vicario said in a blog post.

Despite the spam drop, researchers found Rustock continued to exercise click fraud, a profitable activity of using the botnet to simulate a ‘click’ on a web page advertisement, during the spam lull, MessageLabs officials said.

Rustock is now spewing mostly pharma spam. The Xarvester botnet, which also went quiet for awhile, has also returned. However it is sending significantly less spam than Rustock.

“It is too early to say what effect this will have on global spam levels, or if this return is permanent, but at the moment it certainly seems as if the holiday is over and it’s now back to business as usual,” Vicario said.