Rustock Takedown Lowers Spam Count

Sue Marquette Poremba

Fortinet came out with its April threat landscape report, and one of the big findings was that the recent takedown of Rustock seems to have had an effect on spam levels. However, the report also found that the number of spamming machines has remained the same. According to the report:

Slide Show

Tackling Outbound Spam

Too many Internet service providers are relying on anti-spam software primarily designed to fight inbound, rather than outbound, spam.

Spam rates continue to remain lower than average at about 30% following the takedown of the Rustock botnet in March. While rates remain low, the number of spamming IP's (machines) has not taken a large drop. Often times machines are infected with multiple viruses/botnets that can continue to send spam and siphon data, despite one threat being mitigated. Most spamming IP addresses we observed were geolocated to machines in the USA, India and Brazil. Top spammed domains for this report were and Russian top level domains which resolved to different servers in China.

Not surprisingly, even though Rustock isn't a problem, another botnet has been energized:

We saw many new instances of the Torpig botnet emerge, accounting for 30% of new botnet activity this report. Most command and control detections for Torpig originated from machines in Russia and Sudan. By comparison, the Hiloti botnet accounted for roughly 15% of new botnet traffic-the majority in Australia and Sweden.

Fortinet explained that the Torpig botnet has been around for years. It typically spreads through infected webpages-installed with a rootkit (mebroot) that infects a system right from the master boot record.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.