Rustock botnet's operations disrupted

Rustock botnet's operations disrupted

Summary: According to Symantec and M86 Security, an unknown team of researchers managed to successfully disrupt the spamming operations of one of the most prolific spam botnets - Rustock.

SHARE:
TOPICS: Security, Malware
0

UPDATE: Microsoft claims credit for disrupting Rustock's operations.

According to Symantec and M86 Security, an unknown team of researchers managed to successfully disrupt the spamming operations of one of the most prolific spam botnets - Rustock. As of 15:30 UTC, on 16 March, none of its command and control servers were responding, resulting in the immediate decline of spam originating from the botnet.

SecureWorks Joe Stewart comments:

“This looks like a widespread campaign to have either these [Internet addresses] null-routed or the abuse contacts at various ISPs have shut them down uniformly,” Stewart said. “It looks to me like someone has gone and methodically tracked these [addresses] and had them taken out one way or another.”

Is this a permanent disruption or a temporary glitch? According to Symantec, the botnet has gone quiet before when it stopped spamming for several days, but returned as strong as ever, with M86 Security speculating that it's too early to say goodbye to the botnet.

Topics: Security, Malware

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion