Rustock botnet responsible for 40 percent of spam

Firewalls, routers, servers, switches, SANs, PBXes, security and related topics
Locked
User avatar
Red Squirrel
Posts: 29193
Joined: Wed Dec 18, 2002 12:14 am
Location: Northern Ontario
Contact:
Contact Red Squirrel

Rustock botnet responsible for 40 percent of spam

Post by Red Squirrel »

http://www.goodgearguide.com.au/article/35...0_percent_spam/

More than 40 percent of the world's spam is coming from a single network of computers that computer security experts continue to battle, according to new statistics from Symantec's MessageLabs' division.

The Rustock botnet has shrunk since April, when about 2.5 million computers were infected with its malicious software that sent about 43 billion spam e-mails per day. Much of it is pharmaceutical spam.

Now, about 1.3 million computers are infected with Rustock, and the botnet is making up for its decreased size with increased volume, said Paul Wood, a MessageLabs intelligence analyst with Symantec. Those infected computers -- most of which are in North America and Western Europe -- are collectively sending around 46 billion spam e-mails per day.

The reason for the drop in infected computers could be due to a number of factors, Wood said. Those computers' antivirus programs may have detected the infections or the people controlling Rustock could have lost the connection to those computers for various reasons.

The computers infected with Rustock have also stopped using TLS (Transport Layer Security), an encryption protocol used to securely send e-mail. Spammers were believed to encrypt their spam using TLS because it was harder for other network equipment to inspect the traffic and figure out if it was spam, Wood said.

But sending e-mail using TLS required more resources and was slower. "It would seem that the botnet controllers, especially those behind Rustock, have perhaps realized that the use of TLS gave them little or no discernible benefits and instead impeded their sending capacity owing to the additional bandwidth and processing overhead needed for TLS," the report said.

Rustock has proved to be a robust botnet. It was nearly killed off when McColo, an ISP in San Jose, California, was cut off from the Internet in November 2008 by its upstream providers. McColo had hosted the command-and-control servers for several botnets, including Rustock.

But Rustock's operators were able to switch the command-and-control servers when McColo briefly regained connectivity again before finally being shut off, which has allowed it to run for nearly four years now.



---------------------------------


Personally I say owners of infected computers should be responsible for this. Their ISPs should shut them down until they learn how to secure their crap. It's insane a botnet is allowed to be online for this long, costing billions of dollars to companies.

Archived topic from Iceteks, old topic ID:5195, old post ID:39509
Honk if you love Jesus, text if you want to meet Him!
Top
Locked

Return to “Networking and Security”