Rustock botnet back in action

By on

Poised to return to pre-Christmas spam output levels.

The Rustock botnet, dubbed the largest source of global spam, has resumed activity after a two-week hiatus during which time spam amounts drastically fell, according to security researchers at Symantec.

On Christmas Day, the botnet went quiet, but this week the botnet resumed operations and once again began distributing pharmaceutical spam. According to security firm NetWitness, the messages are attempting to push Viagra from "shady" sites ending in the .ru domain.

The messages are being sent with subject lines such as "Dear [username] -80% now," security researchers from Symantec Hosted Services wrote in a blog post. The messages direct users to click on a link that takes them to a fraudulent website called "Pharmacy Express."

Researchers believe the botnet is poised to quickly return to pre-Christmas spam output levels.

“While levels of Rustock output appear marginally lower than before Christmas, we see no reason they won't reach those previous levels again, bringing global spam levels back up to the approximately 90 percent levels [off all emails] we had become so used to,” Symantec researchers said.

Meanwhile, spam output from two other major botnets, Xarvester and Lethic, also declined during the holiday season. Xarvester also since resumed delivering junk mail after its short break, which began on December 31.

This article originally appeared at

Copyright © SC Magazine, US edition

Most Read Articles

Log In

|  Forgot your password?