IE 11 is not supported. For an optimal experience visit our site on another browser.

Huge Rustock Spam Network Suddenly Goes Offline

Fighters on the front line against online crime won a big victory yesterday (March 16), as a huge spam network was shut down and spam volume immediately dropped.
/ Source: SecurityNewsDaily

Fighters on the front line against online crime won a big victory yesterday (March 16), as a huge spam network was shut down and spam volume immediately dropped.

Security blogger Brian Krebs was the first to report that the Rustock botnet, the world's largest with between 250,000 and 800,000 “zombie” computers under its control, suddenly ceased to function at about 10:45 a.m. EDT.

“Normally, Rustock is sending between 1,000 to 2,000 e-mails per second,” one anti-spam activist who did not want to be named told Krebs yesterday. “Today, we saw infected systems take an abrupt dive to sending about one to two e-mails per second.”

Rustock specialized in touting unlicensed online pharmacies and male performance-enhancing pills — if you've gotten Viagra-related spam, you've probably been hit by Rustock.

Botnets are hidden networks of computers that have been enslaved by malware, which burrows deep into their operating systems and opens “backdoors” that allow control by remote operators, or “bot herders,” via command-and-control servers.

Computer infection happens when a user opens a compromised e-mail attachment (a Trojan) or visits a compromised website (a drive-by download).

The bots, ordinary machines scattered across the globe whose users have no idea they are infected, are mostly used to send out spam.

Joe Stewart of Atlanta's SecureWorks told Krebs that the 26 Rustock command-and-control servers he'd been monitoring suddenly disappeared Wednesday.

“It looks to me like someone has gone and methodically tracked these [addresses] and had them taken out one way or another,” Stewart told Krebs.

Who that “someone” might be is still unknown. Spam-fighters often operate in the shadows to avoid retaliation from spammers, who have launched online attacks against their adversaries in the past.

“We can also confirm that the Rustock control servers that we know about are not responding,” reported the blog of Orange, Calif.-based M86 Security. “It is unclear yet who or what caused the shutdown. It's also possible it has been abandoned.”

However, this isn't the first time Rustock has abruptly gone quiet.

It took an extended Christmas vacation a few months ago, going quiet in the middle of December and then roaring back to life on Jan. 10.

And its hundreds of thousands of “bots” are still out there, still infected with the command-and-control software. All they need is a new master.

Here are three simple steps to make sure your PC doesn't become part of a botnet:

Don’t open any unrequested e-mail attachments, even those from friends.

Install and constantly update and run antivirus software, even if you’re using a Mac.

Create a separate “admin” account that alone has the power to install software. Make sure your regular accounts, including the ones you and your family members use to surf the Web and check e-mail, do not have those privileges.