RIP Rustock botnet! Today marks exactly one week since Rustock, one of the largest spam generator botnets, was taken down by the Microsoft digital crime unit and US federal law enforcement agents.
Rustock had more than 250,000 bots approximately, and until last Wednesday was one of the biggest known bot networks. The bot's author was implementing certain stealth techniques to hide his invention as deep as possible in victims' Windows systems and to make it undetectable by various AV engines. One of the techniques used was to not send spam emails for a certain amount of time after infection took place.
Rustock was not the first botnet to be taken down. The same fate befell ex-botnets like Srizbi in 2008, and Waledac in 2010. In this particular case, several third parties were involved and worked with Microsoft to take down this botnet, as it was affecting their businesses. Typical Rustock spam emails advertised fake pharmaceuticals products.
The graph below shows a significant/steep drop in connections to one of the Websense servers on Wednesday 16th and in the following days, coinciding with Microsoft's annihilation of the botnet a week ago.
At the same time Microsoft applied proactive measures to prevent the reregistration of domains for C&C. The corporation is working in cooperation with CN-CERT to block the registration of domains in China which they think could be generated by Rustock.
As seen from history, it is not the first and won't be the last botnet to be taken down. Websense Security Labs continues to monitor the global spam situation and to provide the best protection for our customers.
Related Posts
- Botnet Rustock is no longer
As you may have read on several news sites, the botnet Rustock, one of the world’s most active spam-generating networks, is no longer since last week (R.I.P. ) on March 16th, 2011.
The Microsoft Digi... - Rustock down?
A story emerged today on KrebsonSecurity about the Rustock botnet being disabled, and spam volumes from this rogue spammer plummeting.
A brief look at at our spam traps today confirmed that output fro... - Intel Proclaims End of Zero Days
In a stunning and confusing interview with Computerworld, Intel's CTO Justin Rattner says that the company is working on "...security technology that will stop all zero-day attacks." No deta... - Waledac wakes up after 7 days of sleep
Waledac appeared in a new version in the last days of 2010, sending out big amounts of New Year related spam messages. It then stopped spamming in the evening of January 4th.
On Tuesday morning a new... - Operation:Payback Yielded 37 Days of Total Downtime
After two months of constant attacks against various media authorities around the world, the United States Pirate Party has stepped in to ask the attackers to stop and focus their time on productive ... - Sarah Palin’s email hacker sentenced to 366 days in custody
The student who broke into Sarah Palin's personal Yahoo email account, as she was running her campaign to become the US Vice President, has been sentenced to a year and one day in custody.
In Septemb... - Busy Four Months of Zero Days
Reflecting on the past few months, it has been very busy with zero-day flaws affecting popular products. Last Tuesday, Adobe issued a patch for the SING table parsing exploit that affects Ad... - Silent Rustock
There has been a significant observed drop in worldwide SPAM levels during the last month or so. M86 thinks it's due to Rustock, the world's largest spam botnet, suddenly stopped sending spam for unkn... - Microsoft Reveals Stuxnet Worm Exploits Multiple Zero Days (PC World)
PC World - Microsoft released nine new security bulletins--four with an overall rating of Critical this week for the September Patch Tuesday. The big news of the month, though, is the Stuxnet worm. Mi... - India Delays BlackBerry Ban for 60 Days
India has agreed not to block BlackBerry services for at least 60 days while it reviews a proposal submitted by Research in Motion, the country's Ministry of Home Affairs announced Monday.
...
Posted on 24 March 2011. Tags: Day's, later, Rustock
The above information is reprinted from and copyrighted © by Websense.
