Skip to main content

Rustock botnet mysteriously goes dark

Image used with permission by copyright holder

The shady world of botnets and malware distribution is always full of surprises, and few of them are pleasant. However, a recent development might just fall into that category: security researchers have noted that the command-and-control servers that manage the infamous Rustock botnet have gone offline. Rustock is one of the largest sources of email spam on the Internet, and its newfound silence has created a significant decline in the amount of spam in circulation. Some estimates have says Rustock is responsible for as much as 40 percent of the world’s spam.

The silence was first noted by security reporter Brian Krebs. At this point, there is no consensus amongst security researchers about why the network has gone silent: it’s possible that security researchers managed to take it down, that it got into a dispute with connectivity providers, or that it had simply been abandoned by its operators. It’s also possible Rustock’s operators are simply retooling the system, or perhaps have just taken an extended holiday: Rustock has had quiet periods before, only to roar back as strong as ever.

“Whatever the reason, lets hope this one sticks,” wrote M86’s Phil Hay. “Previous attempts at botnet shutdowns have tended to be short lived as the botnet herders simply regroup and start again. It’s too early to say bye bye Rustock, but the thought is certainly nice.”

Rustock had been linked to, a Russian operator known for hosting services heavily promoted in spam messages, such as the company behind many of the “Canadian pharmacy” spam campaigns, GlavMed. shut down in October 2010.

In the last year, security researchers have struck some major blows against botnets and spammers, including the Waledac, Pushdo, and Bredolab botnets. However, botnets tend to re-emerge as operators take over old code and make modifications to bring new botnets online. For instance, Microsoft helped coordinate an unusual court-authorized action to take out Waledac back in early 2010…and a year later, Waledac was back on the move.

Editors' Recommendations

Geoff Duncan
Former Digital Trends Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
You’ll never guess what hackers are using Microsoft Calculator for
A depiction of a hacker breaking into a system via the use of code.

Hackers have found an unusual and unconventional method to infect PCs with malware: distributing dangerous code with Windows Calculator.

The individuals behind the well-known QBot malware have managed to find a way to use the program to side-load malicious code on infected systems.

Read more
This dangerous Mac malware can infiltrate your entire system
A depiction of a hacker breaking into a system via the use of code.

A newly uncovered malware designed to target Macs has been effective in obtaining access to systems and stealing sensitive data.

The discovery was detailed by internet security company ESET, which named the malware CloudMensis because of its reliance on cloud storage services.

Read more
Destructive hacking group REvil could be back from the dead
Person typing on a computer keyboard.

There was a period in 2021 when the computing world was gripped by fear of a dizzyingly effective hacking group fittingly named REvil -- until its website was seized by the FBI and its members arrested by Russia’s security services, that is. Yet like a malevolent curse that just can’t be dispelled, it now seems the group’s websites are back online. Has the group returned to spread discord and wreak havoc once again?

In case you missed them the first time around, REvil came to global attention by hacking into various high-profile targets, pilfering secret documents, then threatening their release unless a ransom was paid. In a notable case, the group stole and published files from Apple supplier Quanta Computer, including some that spilled the beans on unreleased product designs.

Read more