Rustock botnet goes quiet, reason for takedown unclear

Rustock has gone quiet and security analysts aren't sure why

Notorious spam botnet Rustock has gone quiet and security analysts aren't sure why.

Researchers with Symantec's MessageLabs Intelligence, citing a Brian Krebs post on KrebsonSecurity, said the botnet ceased sending spam around 15:30 UTC, on March 16th.

Late last year Rustock still remained the most dominant botnet on the spam scene, with spam output that more than doubled in one year, according to MessageLabs Intelligence. In 2010, Rustock was responsible for more than 44 billion spam emails per day and had more than one million bots under its control and accounted for as much as 47.5 percent of all spam.

More about botnets

"At its peak it was responsible for more than half of all global spam," said MessageLabs Researcher Paul Wood. "However, in the last few months, other botnets have been steadily increasing their output to match, or even exceed, that of Rustock."

The increase from other botnets means that so far, this recent takedown of Rustock hasn't had much noticeable effect on the overall amount of spam tracked by MessageLabs Intelligence, said Woods.

"So far, in fact, traffic looks normal," he said.

Woods said it's unclear if the takedown or closure will be permanent. Rustock has gone quiet before, over the last holiday season it stopped spamming for several days but came back as strong as ever, he noted. If this current stoppage is the result of a coordinated takedown it would be the largest take down of a bot network to date.

Read more about data protection in CSOonline's Data Protection section.