Botnets are now responsible for sending 95 percent of all spam, up from 84 percent in April, and almost half of that spam comes from a single botnet, Rustock.
Rustock sent 41 percent of the world's botnet spam in August, up from 32 percent in April. This is despite the network actually shrinking in size from 2.5 million to 1.3 million bots over the same period, security company Symantec said on Tuesday. This means Rustock is currently responsible for 39 percent of all the world's spam emails.
"Overall, the total amount of spam in circulation is down slightly from the previous quarters as most botnets have reduced their number of bots, [but] one exception is Rustock, which has decreased its number of bots, but increased its [spam] volume," according to Paul Wood, a MessageLabs Intelligence senior analyst for Symantec Hosted Services. Rustock has been responsible for a 6-percent increase in spam emails per day, he said in a statement.
The reason for the rise in spam from the botnet is that it has stopped using transport layer security (TLS) encryption, Wood said. By foregoing TLS encryption, Symantec believes, Rustock has been able speed up the rate at which it can send spam email, because it longer takes a performance hit from encrypting messages.
Rustock has a history of surviving adverse conditions. In November 2008, its then-host McColo Corp was shut down, but two weeks later the botnet reappeared and connected through a different domain.