The infamous Rustock botnet, responsible for almost half of all spam sent last year through its command-and-control system exploiting over a million compromised PCs, has suddenly slowed to a crawl, Symantec said today, noting the unexplained event has led to a substantial drop in spam.
Also read: Rustock responsible for over 40% of spam
One of the oldest and most successful spam-producing botnets, Rustock typically would send about 44.1 billion spams per day but that volume suddenly dropped on Dec. 25 to about 500 million per day, according to Symantec. There's no clear explanation for the decrease, which may be temporary, says Paul Wood, senior analyst with Symantec hosted services. But he notes that the Web site for the Rustock spam-promoting affiliate organization called SPAMIT, was shut down last October. To add to the mystery, other spam-producing botnets are suddenly going silent, including one called Lethic on Dec. 28 and Xarvester on Dec. 31.
"We've got blackbirds falling out of the sky and botnets going silent for the moment," says Wood, alluding to the mysterious spectacle of birds mysteriously raining down dead by the thousands in Arkansas on New Year's Eve.
Rustock in years past has shown irregular patterns of sending spam by going into prolonged quiet periods before a major ramp-up. The Rustock botnet still appears to retain the ability to initiate other actions, including click fraud, Wood adds, noting it's not known who controls Rustock. Some believe it has roots in Russia.
Since Rustock accounts for about half of the world's spam each day (most of it the so-called "pharmaceutical spam" trying to lure people to Web sites via promotions of illicitly-sold medications or simply malware) it has resulted in a dramatic decrease in spam volumes for the current period.
"Did the people in charge of these botnets suddenly go on vacation?" asks Symantec researcher Eric Park in a blog post. "Currently there are no explanations on why these botnets stopped spamming."
Read more about wide area network in Network World's Wide Area Network section.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.