Rustock botnet goes quiet again

The botnet, the source of up to 70 percent of all spam, has stopped sending out emails in a repeat of events at Christmas
Written by Tom Espiner, Contributor

Rustock, one of the world's most prolific spam-sending botnets, has gone offline for the second time in three months.

The Rustock botnet stopped sending out email on Wednesday, the Composite Blocking List (CBL) said on its web page.

Rustock is the largest botnet we see, but there's a possibility it's a bit flaky. Maybe the person who controls it has holidays.
– Martin Lee, Symantec Hosted Services

"At at approximately 2:45pm GMT (10:45am Eastern Daylight time), the Rustock spambot appears to have been taken down," the spam blacklist provider said. "Typically representing 50 to 70 percent of all spam, Rustock has been the largest emitter of spam on the internet."

From a peak of over 250,000 emails per second just after 2:30pm on Wednesday, Rustock's output dropped to nothing, according to graphs provided by the CBL.

In the previous outage, Rustock started to go offline on 24 December, and its activity gradually decreased before stopping completely on 26 December.

The botnet resurfaced on 9 January, and on average pumped out almost double the amount of spam, until falling away on Wednesday, according to Symantec Hosted Services.

"Rustock is still offline," Martin Lee, a senior software engineer at the security company, told ZDNet UK on Thursday. "Spam volumes have dropped."

In 2010, the botnet sent out an average of 44 billion spam emails per day, and this year, the average has been 80 billion, according to Lee.

The botnet's lack of activity is good news for IT professionals, he said, but noted that they should be cautious, as the botnet works "in fits and starts".

"Rustock is the largest botnet we see, but there's a possibility it's a bit flaky," said Lee. "Maybe the person who controls it has holidays — or it could be because of action by law enforcement or anti-spam groups."

In 2008, Rustock had to stop sending out spam after its then-host, McColo, was shut down, but restarted two weeks later via a different domain.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.
Editorial standards