Market Sectors

block 10


Pharma spam dries up after Rustock takedown

Jack Walsh

Email messages hawking pharmaceutical products have precipitously declined since Microsoft and federal marshals staged a series of raids last week against a spam network known as Rustock.

That trend was apparent when the "honeypot" operated by ICSA Labs was checked by its Network IPS and Anti-Spam Program Manager Jack Walsh.

"Just searching on Viagra and Cialis during the first 22 days of March reveals that since the Rustock botnet takedown, spam with those products in the subject line is down almost exactly 75 percent," he told Government Security News. "So, we think it is fair to conclude that pharmaceutical spam has diminished following the Rustock botnet takedown."

Duplicate messages in the spam snare have also decreased. That, too, could be a result of the raids. Rustock had a tendency to send out lots of messages that were duplicates or near-duplicates, Walsh explained. More than half the messages in the honeypot were duplicates leading up to the March 18 raid. That dropped to 33 percent after it.

A similar finding was reported by cyber security software maker Sophos. "One week after the much publicized Rustock botnet command and control take down, and subsequent drop in spam volumes, SophosLabs can confirm Rustock has not come back from the dead," Brett Cove wrote at the company's Naked Security blog.

The takedown of the Rustock botnet was the result of months of investigation by Microsoft's Digital Crimes Unit (DCU), a successful pleading in a federal district court in Seattle and the seizure by U.S. Marshals of the network's command and control servers in Kansas City, Scranton, Denver, Dallas, Chicago, Seattle and Columbus.

It's estimated that Rustock had from 800,000 to one million captive computers under its control gushing billions of spam emails a day into the Internet.

While the hit on Rustock may have put a dent in current spam levels, that reprieve, if history is any indicator of the future, will be temporary. "We have seen in the past that as botnets go down, they come back to life," Walsh observed.


Recent Videos

IntraLogic's official release of the "One Button" Lockdown system on CBS 2 News.
HID Global is opening the door to a new era of security and convenience.  Powered by Seos technology, the HID Mobile Access solution delivers a more secure and convenient way to open doors and gates, access networks and services, and make cashless payments using phones and other mobile devices. ...
Mobile device forensics can make a difference in many investigations, but you need training that teaches you how to get the most out of your mobile forensics hardware and software, and certifies you to testify in court. Read this white paper to learn how to evaluate mobile forensics training...
PureTech Systems is a software company that develops and markets PureActiv, its geospatial analytics solution designed to protect critical perimeters and infrastructure.  Its patented video analytics leverage thermal cameras, radars and other perimeter sensors to detect, geo-locate, classify, and...