Between March 15th and March 17th, global spam volumes fell by 33.6% according to a Symantec MessageLabs Intelligence report. We can all thank Microsoft for this global improvement.
The Rustock botnet takedown has been a good thing, spam in a single week has reduced from 52 billion to 33 billion. At its peak, Rustock was capable of pumping out 13.82 billion spam emails every day which comprised 29% of the worlds daily spam intake. But how long can it last? thats the all important question.
Paul Wood, senior analyst at MessageLabs Intelligence said “It remains to be seen whether the criminals behind Rustock will be able to recover from this coordinated effort against what has become one of the most technically sophisticated botnets in recent years. Rustock has been a significant part of the botnet and malware landscape since January 2006 — much longer than many of its contemporaries.”
Sadly, other botnets are stepping up to increase spam. Bagle, for instance didn't even rank in the top 10 of botnets in 2010, but has become the new leader. It is generating 8.31 million spam emails every day. Unfortunately, the overall amount of spam from botnets also continues to increase. In March this year, over 83% of all world spam is sourced from botnets.
“Botnets have been and remain a destructive resource for cyber criminals and through the years have become the spammers' air-supply, without which it would be very difficult for them to operate,” said Wood.
The Microsoft takedown of Rustock is serving as a fantastic example of how to take down a botnet. Microsoft's novel takedown strategy, as reported by the Wall Street Journal said that the masterminds behind Rustock were “violating Microsoft trademarks with spam that fraudulently claims Microsoft sponsorships of lotteries and other come-ons.” Thanks to a court order, authorities physically impounded the command and control servers that powered the botnet.
Investigations seem to point that Rustock was only masterminded by a couple of people and by positioning all the Command and Control servers in middle america, and not in major metropolitan areas they have been able to remain undetected. It was strange however that they placed the servers in a country and respects a takedown notice. Many of them for instance are located in Russia or the Ukraine, were the laws are lax. They often use bulletproof hosting services which cost 50% more each month, but ignore takedown notices from authorities.
KitGuru says: Will the battle against spam ever be won?