Microsoft Shuts Down Giant Rustock Spamming Network

[LaoPo]

Microsoft shuts down giant Rustock spamming network

http://blog.seattlep...amming-network/

AND:

Rustock Botnet Flatlined, Spam Volumes Plummet

The global volume of junk e-mail sent worldwide took a massive nosedive today following what appears to be a coordinated takedown of the Rustock botnet, one of the world's most active spam-generating machines.

See image in link!!

Rustock spam volumes, from M86 Security Labs

For years, Rustock has been the most prolific purveyor of spam — mainly junk messages touting online pharmacies and male enhancement pills. But late Wednesday morning Eastern Time, dozens of Internet servers used to coordinate these spam campaigns ceased operating, apparently almost simultaneously.

Such an action suggests that anti-spam activists have succeeded in executing possibly the largest botnet takedown in the history of the Internet. Spam data compiled by the Composite Spam Blocklist, the entity that monitors global junk e-mail volumes for the anti-spam outfit Spamhaus.org, shows that at around 2:45 p.m. GMT (10:45 a.m. EDT) spam sent via the Rustock botnet virtually disappeared. The CBL estimates that at least 815,000 Windows computers are currently infected with Rustock, although that number is more than likely a conservative estimate.

"This is a truly dramatic drop," said one anti-spam activist from Ottawa, Canada, who asked not to be named because he did not have permission from his employer to speak publicly about the spam activity spike. "Normally, Rustock is sending between one to two thousands e-mails per second. Today, we saw infected systems take an abrupt dive to sending about one to two emails per second."

MORE:

http://m.krebsonsecu...mmet/#more-8670

LaoPo

[nikster]

Only a matter of time until this comes back better, and stronger. It's weird these networks would have only 5 c&c servers; so an educated guess is that the next gen botnets ditch that for a completely decentralized architecture.

Another observation is the asymmetry in the botnet shutdown - one small ring of hackers vs the enormous legal and professional effort required to shut it down. Those hackers can install their next botnet just now, learning from the weaknesses of the previous one, with comparatively very little effort.

[RKASA]

" infected machines" Is this not the real problem - what type PC is infected? Stop using them.

[james24]

Is this to do with the guy from Russia.... there was one who was ousted a couple of months ago but was never caught...?