Skip to main content

Rustock spam botnet shuts down

One of the world's biggest spam botnets has stopped sending out unsolicited junk email messages - leaving security experts scratching their heads as to why.

Rustock , which responsible for 47.5 per cent of all spam worldwide when figures were released at the end of 2010, ceased operations at around 15:00 GMT yesterday afternoon.

News of the botnet's apparent demise was broken by the blog KrebsonSecurity. Since then, major security vendors including Symantec and M86 have confirmed the findings.

"It is unclear yet who or what caused the shutdown. It's also possible it has been abandoned," wrote Phil Hay, lead security researcher with M86, in a blog post.

Vincent Hanna of anti-spam group Spamhaus said that the shutdown did not appear to be planned, noting "When Rustock stopped yesterday it was in mid-campaign."

This isn't the first time the botnet has appeared to cease spamming, though.

"Rustock has gone quiet before," explained Paul Wood, senior analyst at Symantec's MessageLabs in a blog post. "Over the last holiday season it stopped spamming for several days but came back as strong as ever. Only time will tell if this will happen again."

Rustock's output fell significantly last year after, a partner responsible for sending large amounts of pharmaceutical spam, was smashed. Since then, other botnets have risen to take its place.

"This increase from other botnets means that so far, the takedown of Rustock hasn't had much noticeable effect on the overall amount of spam tracked by MessageLabs Intelligence," said Wood.

According to Symantec's data, average daily spam rose 8.7 per cent in February, making up 80.65 per cent of all e-mail messages sent.