The ‘takedown’ of the world’s biggest botnet Rustock could have a marked effect on global spam levels for months to come despite rivals trying to move onto its patch, new figures from Symantec show. The ‘takedown’ of the world’s biggest botnet Rustock could have a marked effect on global spam levels for months to come despite rivals trying to move onto its patch, new figures from Symantec show.The Symantec-MessageLabs report for March only covers a period of days after Rustock stopped spamming on 16 March, but the closing of its command and control servers has so far been almost as dramatic as the closure in early 2009 of spam ISP, McColo.In the days after, spam dropped to 33 billion per day compared to the previous average of 52 billion per day, a fall of roughly a third. This puts the drop in second place only to the dramatic 50 percent shed from spam volumes worldwide after McColo’s closure.As well as relieving the load on email servers, that also means that means to up to 700,000 infected PCs around the world that will not be wasting cycles sending the bot’s spam unless it is somehow reconstituted. But spam is a global economy and the loss of one distribution mechanism will offer commercial opportunities to rivals, with the Bagle botnet a prime contender to take over some of its traffic, Symantec said.Precisely what happened to the previously long-lived Rustock is still shrouded in some mystery. Although Microsoft plausibly claimed a big slice of the credit for acting against its server hosting – the company was also at the centre of successful action against McColo – Rustock has been exhibiting instability for months before that. Last April, Rustock suddenly stopped using TLS encryption to hide its activity, presumably in an attempt to ramp up volumes. Not long after that, an unaccountable fluctuation in spam being sent by Rustock was part of the reason why spam volumes dropped in the second half of 2010 to levels last seen as long ago as 2008. Rustock has not been in good health for some time.One bizarre finding of the March report – the company spotted its first ever 419 scam email written in the Welsh language, understood by only half a million people in the UK. In all likelihood this was simply a scam message run through an automatic online translator, the company said. Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe