Rustock Back to Spamming in Force

Jack

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 24, 2011
9,377
Security vendors warn that Rustock, the largest spam botnet in the world, which has been inactive since Christmas, suddenly started spamming again in full force.

Rustock is a botnet that dates back several years. It had its ups and downs along the way, but it reached its peak last year after dropping TLS encryption and doubling its output.

According to data from messaging security vendor M86 Security, in August 2010, Rustock accounted for over 60% of the world's daily spam traffic.

This activity began to decline in September when Spamit, the largest rogue pharmacy affiliate program and one of Rustock's biggest clients, announced plans to close on October 1.

Then on around Christmas, the botnet baffled spam analysts when it suddenly went quiet, as far as spam output is concerned.

It was later determined that the botnet switched to a pay-per-click scheme, but it seems this was most likely an unsuccessful test, as Rustock has now returned to its former self.

"Since around 00:00 (UTC) on January 10, Rustock has resumed activity, and appears set to continue where it left off on December 25 as the biggest source of global spam," security researchers from Symantec, announce.

The botnet's output peaked at 28.2% of the world's spam traffic and drove the overall spam volume up. In fact, statistics show that spam volume nearly doubled compared to Sunday.

The new junk emails sent by Rustock stay true to its old habits and consists mostly of pharma spam with subjects of "Dear [name] -80% now.

Read more
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top