Zero Day

Ryan Naraine and Dancho Danchev

Rustock botnet's operations disrupted

By Dancho Danchev | March 17, 2011, 9:36am PDT

Summary: According to Symantec and M86 Security, an unknown team of researchers managed to successfully disrupt the spamming operations of one of the most prolific spam botnets - Rustock.

UPDATE: Microsoft claims credit for disrupting Rustock’s operations.

According to Symantec and M86 Security, an unknown team of researchers managed to successfully disrupt the spamming operations of one of the most prolific spam botnets - Rustock. As of 15:30 UTC, on 16 March, none of its command and control servers were responding, resulting in the immediate decline of spam originating from the botnet.

SecureWorks Joe Stewart comments:

“This looks like a widespread campaign to have either these [Internet addresses] null-routed or the abuse contacts at various ISPs have shut them down uniformly,” Stewart said. “It looks to me like someone has gone and methodically tracked these [addresses] and had them taken out one way or another.”

Is this a permanent disruption or a temporary glitch? According to Symantec, the botnet has gone quiet before when it stopped spamming for several days, but returned as strong as ever, with M86 Security speculating that it’s too early to say goodbye to the botnet.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Spamvertised FedEx notifications lead to malware

Malicious Japan quake spam leads to scareware

Topics

Botnet, Malware, Rustock, Spam, Symantec Corp., Researcher, Security, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.