Rustock botnet downed in coordinated cyber op

Posted by Trent Nouveau

Unknown cyber activists have managed to temporarily down the nefarious spam-spewing Rustock botnet.

As security analyst Brian Krebs notes, the takedown had an immediate affect on the global volume of junk e-mail.

"For years, Rustock has been the most prolific purveyor of spam - mainly junk messages touting online pharmacies and male enhancement pills," Krebs confirmed.

Rustock botnet downed in coordinated cyber op"But late Wednesday morning Eastern Time, dozens of Internet servers used to coordinate these spam campaigns ceased operating, apparently almost simultaneously."

According to Krebs, the coordinated operation suggests anti-spam activists have succeeded in executing possibly the largest botnet takedown in the history of the Internet.

"This is a truly dramatic drop," an anti-spam activist from Ottawa, Canada,  told Krebs.

"Normally, Rustock is sending between one to two thousands e-mails per second. Today, we saw infected systems take an abrupt dive to sending about one to two emails per second."



Nevertheless, the security analyst emphasized it was likely way "too soon to celebrate" Rustock's demise. 

"For one thing, PCs infected with Rustock prior to this action remain infected, only they are now somewhat lost, like sheep without a shepherd. In previous takedowns, such as those executed against the Srizbi botnet, the botmasters have been able to regain control over their herds of infected PCs using a complex algorithm built into the malware.

"[The alogrithm] generates a random but unique Web site domain name that the bots would be instructed to check for new instructions and software updates from its authors. Using such a system, the botmaster needs only to register one of these Web site names in order to resume sending updates to and controlling the herd of infected computers," he added.