A story emerged today on KrebsonSecurity about the Rustock botnet being disabled, and spam volumes from this rogue spammer plummeting.
A brief look at at our spam traps today confirmed that output from Rustock did indeed dry up today. The chart below shows an index of daily spam volume changes from Rustock over the last few weeks:
Today, Rustock spam completely stopped (16 March, 3pm GMT). We can also confirm that the Rustock control servers that we know about are not responding. It is unclear yet who or what caused the shutdown. Its also possible it has been abandoned. Over the past three years, Rustock has been responsible for a huge amount of spam, at times representing half of all spam caught in our spam traps. But since September last year, when Spamit.com was shut down, its output diminished significantly, and its spam templates hardly changed.
Whatever the reason, lets hope this one sticks. Previous attempts at botnet shutdowns have tended to be short lived as the botnet herders simply regroup and start again. Its too early to say bye bye Rustock, but the thought is certainly nice.
Update: According to a Wall Street Journal report here it looks like Microsoft, in conjunction with US Federal authorities, was responsible for the takedown of Rustock.