View All Spam

Rustock down?

By Phil Hay  •  March 16th, 2011  •   Spam

A story emerged today on KrebsonSecurity about the Rustock botnet being disabled, and spam volumes from this rogue spammer plummeting.

A brief look at at our spam traps today confirmed that output from Rustock did indeed dry up today. The chart below shows an index of daily spam volume changes from Rustock over the last few weeks:


Today, Rustock spam completely stopped (16 March, 3pm GMT).  We can also confirm that the Rustock control servers that we know about are not responding.  It is unclear yet who or what caused the shutdown.  Its also possible it has been abandoned. Over the past three years, Rustock has been responsible for a huge amount of spam, at times representing half of all spam caught in our spam traps. But since September last year, when was shut down, its output diminished significantly, and its spam templates hardly changed.

Whatever the reason, lets hope this one sticks. Previous attempts at botnet shutdowns have tended to be short lived as the botnet herders simply regroup and start again.  Its too early to say bye bye Rustock, but the thought is certainly nice.

Update: According to a Wall Street Journal report here it looks like Microsoft, in conjunction with US Federal authorities, was responsible for the takedown of Rustock.

Tags:    |    |    |  

3 Responses to “Rustock down?”

  1. [...] the reason, lets hope this one sticks,” wrote M86′s Phil Hay. “Previous attempts at botnet shutdowns have tended to be short lived as the botnet herders [...]

  2. [...] to Symantec and M86 Security, an unknown team of researchers managed to successfully disrupt the spamming operations of one of [...]

  3. [...] me a note privately.Update, March 17, 1:47 p.m., ET: Add the graphic from M86 Security labs, which said on its blog that it also has seen a Rustock spam dry up, and that the botnet’s controllers are not [...]