Rustock botnet's operations disrupted

Summary:According to Symantec and M86 Security, an unknown team of researchers managed to successfully disrupt the spamming operations of one of the most prolific spam botnets - Rustock.

UPDATE: Microsoft claims credit for disrupting Rustock's operations.

According to Symantec and M86 Security, an unknown team of researchers managed to successfully disrupt the spamming operations of one of the most prolific spam botnets - Rustock. As of 15:30 UTC, on 16 March, none of its command and control servers were responding, resulting in the immediate decline of spam originating from the botnet.

SecureWorks Joe Stewart comments:

“This looks like a widespread campaign to have either these [Internet addresses] null-routed or the abuse contacts at various ISPs have shut them down uniformly,” Stewart said. “It looks to me like someone has gone and methodically tracked these [addresses] and had them taken out one way or another.”

Is this a permanent disruption or a temporary glitch? According to Symantec, the botnet has gone quiet before when it stopped spamming for several days, but returned as strong as ever, with M86 Security speculating that it's too early to say goodbye to the botnet.

Topics: Security, Malware

About

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.