Multiple security providers see more malicious activity, as botnet operators attempt to grow their networks of compromised computers. In March, Microsoft, the U.S. Federal Marshal service and security firm FireEye took down the Rustock botnet, a network of a million compromised computers surreptitiously managed by a group of criminal bot operators.While the takedown resulted in spam dropping by nearly a third, it netted an unintended side effect: An increase in the volume of email messages with malicious links or attachments. Security experts theorize that the takedown of the Rustock botnet has left a deep pit in the supply of compromised computers and that bot operators are scrambling to build bigger botnets.“Whether they are the Rustock group trying to rebuild or they are rivals to Rustock who are trying to take on the demand that was there previously” is uncertain, says Paul Wood, senior analyst with Symantec.cloud, the online security service arm of Symantec. “Obviously they have customers that wanted to send their spam messages and they can’t, so they will be looking to rival providers.”What a botnet looks like This week, security companies Symantec and Commtouch both noted that malicious email traffic had increased. Symantec found that one out of every 169 emails carried a malicious link or attachment, an increase of 24 percent since March.In its analysis, Commtouch saw a spike in the amount of malicious e-mail in late March and early April. While the dramatic jump in virus-laden spam accounted for as much as 30 percent of total email traffic, it subsided soon after. Yet, the results seem to indicate that the bot masters’ attempt to grow their botnets had worked: On Thursday, the company noted a 71 percent increase in zombies since March. The Rustock botnet, which consists of some 1 million compromised PCs, was capable of sending up to 30 billion spam messages per day. Spam dropped by nearly a third following the takedown, which Microsoft accomplished by convincing a judge to issue a restraining order letting the company seize the servers used to control the botnet. Those servers were hosted in facilities in seven U.S. cities.The botnet huntersThe Rustock group provided a service to other criminals. Since the takedown, the void in spamming capabilities is being filled, says Wood.“Likely, there are other rival criminal gangs out there, who are trying to grow and enhance their existing botnets to take up that slack,” Wood says. “Just like in the real world, if your postal carrier was to go on strike, you would go to someone else to deliver your mail, your parcel, and then it would be very difficult to go back to the original provider, because you have got another reliable service.” Related content news UK government plans 2,500 new tech recruits by 2025 with focus on cybersecurity New apprenticeships and talent programmes will support recruitment for in-demand roles such as cybersecurity technologists and software developers By Michael Hill Sep 29, 2023 4 mins Education Industry Education Industry Education Industry news UK data regulator orders end to spreadsheet FOI requests after serious data breaches The Information Commissioner’s Office says alternative approaches should be used to publish freedom of information data to mitigate risks to personal information By Michael Hill Sep 29, 2023 3 mins Government Cybercrime Data and Information Security feature Cybersecurity startups to watch for in 2023 These startups are jumping in where most established security vendors have yet to go. By CSO Staff Sep 29, 2023 19 mins CSO and CISO Security news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe