Client Login
 Quick Contact
Rustock botnet largely responsible for worldwide spam
Category : General 25 Aug 2010 10:04 AM | Industry News
Rustock currently has 1.3 million infected computers under its control, which actually represents a decrease in size from April, when the botnet was 2.5 million computers strong.
However, instead of diminishing its impact, Rustock responded to the shrinkage of its army by picking up the slack. Rustock was actually responsible for 9 percent more spam this month than in April.
“Rustock has shrunk in size perhaps as a result of infected computers being cleaned or replaced,” speculates Paul Wood, MessageLabs Intelligence senior analyst for Symantec Hosted Services. “It is likely that a new variant of the Rustock botnet has been created to replace the bots that it has lost. This usually involves a new version of the Trojan code being deployed, which at first appears as a new, unknown botnet. I would expect the botnet to grow again over the coming weeks and months.”
In the meantime, Rustock has turned off its use of TLS (Transport Layer Security ) encryption because of the large amount of computing resources it consumes, Wood said. By turning off TLS encryption, the botnet can send great volumes of spam—in this case, 192 spam e-mails per minute instead of 96.
By August, Rustock has been sending a staggering 46.2 billion spam messages every day, by Symantec's calculation around 41 percent of all spam detected by the company.
If the benefits of using TLS were marginal, the change in tack could be related to the need to send more spam. After the switch off, Rustock's spam rate per bot doubled from 96 per minute to 196 per minute.
"The drop in TLS encrypted spam will come as a welcome relief to many IT managers who were worried about the resource that this type of spam had been consuming on their networks."