The shady world of botnets and malware distribution is always full of surprises, and few of them are pleasant. However, a recent development might just fall into that category: security researchers have noted that the command-and-control servers that manage the infamous Rustock botnet have gone offline. Rustock is one of the largest sources of email spam on the Internet, and its newfound silence has created a significant decline in the amount of spam in circulation. Some estimates have says Rustock is responsible for as much as 40 percent of the world’s spam.
The silence was first noted by security reporter Brian Krebs. At this point, there is no consensus amongst security researchers about why the network has gone silent: it’s possible that security researchers managed to take it down, that it got into a dispute with connectivity providers, or that it had simply been abandoned by its operators. It’s also possible Rustock’s operators are simply retooling the system, or perhaps have just taken an extended holiday: Rustock has had quiet periods before, only to roar back as strong as ever.
“Whatever the reason, lets hope this one sticks,” wrote M86’s Phil Hay. “Previous attempts at botnet shutdowns have tended to be short lived as the botnet herders simply regroup and start again. It’s too early to say bye bye Rustock, but the thought is certainly nice.”
Rustock had been linked to Spamit.com, a Russian operator known for hosting services heavily promoted in spam messages, such as the company behind many of the “Canadian pharmacy” spam campaigns, GlavMed. Spamit.com shut down in October 2010.
In the last year, security researchers have struck some major blows against botnets and spammers, including the Waledac, Pushdo, and Bredolab botnets. However, botnets tend to re-emerge as operators take over old code and make modifications to bring new botnets online. For instance, Microsoft helped coordinate an unusual court-authorized action to take out Waledac back in early 2010…and a year later, Waledac was back on the move.
