Too early to say if Rustock botnet cutoff is a success

18 Mar 2011

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

Share on FacebookTweet about this on TwitterShare on LinkedInShare on Google+Pin on PinterestShare on RedditEmail this to someone

There has been no discernable reduction in the amount of spam flooding inboxes since Microsoft and the FBI tackled the hosting firms behind the massive Rustock botnet on Wednesday, security analysts say.

Microsoft executives say they’ve dealt an enormous blow to the botnet through their raids that took place on Wednesday. Microsoft’s digital crime unit, accompanied by US federal marshals, struck at internet hosting facilities and data centres in Denver, Colorado; Dallas, Texas; Chicago, Illinois; Seattle, Washington; Ohio and Kansas.

A graph produced by security firm Commtouch indicates there has been no dramatic drop in the average level since the attack. But if we want to be optimistic there is evidence the botnet was stopped mid-attack.

No dramatic drop in spam traffic

There is no dramatic drop in the average level on Wednesday or Thursday this week. Comparing the graph (below) to the takedown of the McColo botnet which resulted in a dramatic drop in spam traffic.

A lone “spike” on Wednesday might be of interest – one report describes the Rustock botnet being “cut off in mid attack”.

According to Commtouch, if Rustock has been taken down there are several possible explanations for the generally stable spam levels. One theory is botnet operators are tending to larger groups of small botnets.

This provides them with multiple alternatives, should a particular botnet be brought down.

 

Spam levels post-Rustock

 

Spam levels post McColo

66

DAYS

4

HOURS

26

MINUTES

Buy your tickets now!

Editor John Kennedy is an award-winning technology journalist.

editorial@siliconrepublic.com