Takedown of the Rustock botnet caused a major drop in spam this month

Global spam volumes fell by one-third following the takedown of the Rustock botnet.

The botnet was disabled earlier this month by a collection of companies named Project MARS, with an estimation made that it had around one million computers under its control. The March 2011 MessageLabs Intelligence report from Symantec.cloud said that prior to its takedown, the Rustock botnet had been sending as many as 13.82 billion spam emails daily, accounting for an average of 28.5 per cent of global spam sent from all botnets in March.

When the botnet was taken down, global spam volumes fell by 33.6 per cent between 15th and 17th March and in the days following, spam accounted for approximately 33 billion emails per day, compared with an average of 52 billion per day in the previous week.

Paul Wood, MessageLabs Intelligence senior analyst at Symantec.cloud, said: “It remains to be seen whether the criminals behind Rustock will be able to recover from this coordinated effort against what has become one of the most technically sophisticated botnets in recent years. Rustock has been a significant part of the botnet and malware landscape since January 2006, much longer than many of its contemporaries.”

The Bagle botnet has now taken over from Rustock as the most active spam-sending botnet in 2011 after it did not appear in the top ten spam-sending botnets for 2010. By the end of 2010, it claimed that Rustock had been responsible for as much as 47.5 per cent of all spam, sending approximately 44.1 billion emails per day.

The report also claimed that the global ratio of spam in email traffic from new and previously unknown bad sources decreased by two per cent in March 2011.

Sign up to our newsletters