Forgot your password?
typodupeerror
Botnet Security Spam IT

Spam Drops 1/3 After Rustock Botnet Gets Crushed 199

Posted by CmdrTaco
from the eggs-bacon-sausage-and dept.
wiredmikey writes "The Rustock Botnet was sending as many as 13.82 billion spam emails each day before being taken down early this month by an effort headed by Microsoft in cooperation with authorities and the legal system. According to Symantec's March 2011 MessageLabs Intelligence Report, the Rustock botnet had been responsible for an average of 28.5% of global spam sent from all botnets in March. Following the takedown, when the Rustock botnet was no longer cranking out spam by the billions, global spam volumes fell by one-third. For reference, toward the end of 2010, Rustock had been responsible for as much as 47.5% of all spam, sending approximately 44.1 billion e-mails per day, according to MessageLabs stats. Since then, Bagle, a botnet that wasn't even on MessageLabs' top ten spam-sending botnets at the end of 2010, has taken over from Rustock as the most active spam-sending botnet this year."
This discussion has been archived. No new comments can be posted.

Spam Drops 1/3 After Rustock Botnet Gets Crushed

Comments Filter:
  • Impressive (Score:5, Insightful)

    by disopaos (2029158) on Tuesday March 29, 2011 @11:46AM (#35653682)
    It's really impressive Microsoft was able to do this. They've dropped 33% of the worlds spam and they did it all alone. Microsoft deserves kudos to this. Good job MS!
    • Re:Impressive (Score:5, Informative)

      by Joce640k (829181) on Tuesday March 29, 2011 @11:51AM (#35653786) Homepage

      "Spam will be a thing of the past in two years' time" - Bill Gates, 24 January 2004.

      • He failed to factor in the Hawaiians...they love that stuff.
      • by Stunky (323500)

        He was right. Gmail was launched April 1st, 2004.

      • In fairness, he also said that 660 ppm ought to be enough for anyone.

        • by Quirkz (1206400)
          Parts per million? Pages per minute? Parachutes per metronome?
          • Parts per million. "A reduction to 66% [660 parts per million] ought to be enough for anyone."

            my joke = phail

            • by Dahan (130247)
              66% is 66 parts per hundred. 660 parts per million is 660/1000000, or 0.066%.
              • Bah! I meant to put 660 K (thousand) ppm, thereby completing the similarity to "640 K ought to be ...".

                Double phail.

                • by Quirkz (1206400)
                  I was wondering if that was a 640k joke, but then I thought I was being crazy and didn't want to ask.
      • by jdpars (1480913)
        Have you SEEN email spam lately? It's entirely non-sensical. Anyone who clicks on something in one (assuming it makes it past a spam blocker) is an idiot. Spam might as well be gone.
      • by gad_zuki! (70830)

        Actually, he turned out to be right. I don't think he or MS was claiming to stop all SMTP traffic that you might call spam, but to have filtering technologies that worked well enough where it wasn't a problem for the end user.

        I remember the late 90s and early 00's. Spam was a big issue. You could randomly get 100+ spam emails in an hour. No one had good filters. It was all client-side and big mess. By the mid 00's it was just this thing to worry about when you checked your quarantine and only the occasiona

    • Re:Impressive (Score:4, Insightful)

      by Evtim (1022085) on Tuesday March 29, 2011 @11:52AM (#35653802)

      Excellent! So they can drop all attempts to regulate the bandwidth. After all we just got 30% wider pipe, did we not?

      For those oh so bandwidth hungry mobile devices......

      • by dmomo (256005)

        "Regulation of Bandwidth" and "Having More Available Bandwidth" are two separate concerns. Arguments for or against the prior should stand regardless of the latter. If only this were so.

      • by AJH16 (940784) *

        Unfortunately no, since spam didn't take 100% of the pipe.

    • Re:Impressive (Score:4, Insightful)

      by cpghost (719344) on Tuesday March 29, 2011 @12:09PM (#35654070) Homepage
      Since most of those botnet machines are running MS, I'd say, it's about time MS became involved in the fight against spam. The delivery mechanism for all this spam wouldn't exist if it weren't for Microsoft's poor record at building a somewhat secure operating system.
      • Can't Fix Stupid (Score:3, Informative)

        by Anonymous Coward

        Actually, MS is a highly secure OS. It is the users that are not secure. I have hundred of windows servers and been running them for years on the internet. So have many others. They don't turn into zombies. I have had several PC's, all windows none of them zombies. I have a sister who has to have every toolbar she comes across and any free software that tells her the weather or what ever. She turns a PC into a zombie in usually a weeks time. I have a neighbor, running a mac, little old lady. Found hers to b

        • by rsborg (111459)

          Actually, MS is a highly secure OS. It is the users that are not secure.

          Typical blame-the-victim (btw MS is a company, not an OS).
          Years of Microsoft's poor security practices in the service of extraction of greater profits and margins has led to this situation.

          I have a neighbor, running a mac, little old lady. Found hers to be running as a zombie.

          Let me match your anecdotal evidence with some of mine (equally valuable):
          I have numerous (dozen or more) relatives that have migrated to Mac who prior to the migration would always have some spyware or virus on their Windows system, even a botnet client or two. Post migration, I have yet to hear of any slowdowns, erra

          • have numerous (dozen or more) relatives that have migrated to Mac who prior to the migration would always have some spyware or virus on their Windows system, even a botnet client or two. Post migration, I have yet to hear of any slowdowns, erratic behavior or even systems problems (aside from meatspace issues like wrist pain from computer use, etc)

            See that, even the malware on OS X is better written!

          • by mjwx (966435)

            The fact that Vista/7 is more secure than XP does little to counteract the habits and ecosystem of malware that exists to exploit people.

            You think that Mac's do?

            You've proven the GP's point. Bad user habits are the cause of spam, not MS's operating system and I dislike Winblows as much as the next person with half a brain.

            However bad Windows is at supporting bad user habits, OS X actively fosters them. The Mac advertising gives people a false sense of security by telling them that they are magically secure. In actual fact the same kind of malware that is so prevalent on Windows systems also exists on OS X, the only difference is that M

        • by sjames (1099)

          Until Microsoft made email and documents executable against the advise of every security expert, the very idea of an email virus was nothing more than an in joke/urban legend. Then, they trained millions of users to click OK without reading or thinking about it. That's not what I would call a good security record.

      • by Kalriath (849904)

        I'm inclined to disagree. A botnet really doesn't have to live in kernelspace - userspace is more than good enough to spew out thousands of spam messages an hour. Jest all you like about drive-by downloads and the like, but the majority of botnet software is executed by the user, deliberately because it claims to give them cool smilies in MSN, or a little monkey hiding by the clock (or Jessica Alba). Even Linux, BSD and OS X do nothing to stop that sort of behaviour (and they don't claim to try). If the

      • Well to be fair, probably like 90% of those are pirated versions of Windows XP and as such never got any security updates. Not sure MS is responsible for large number of people around the world ripping off their software and not paying for it...

        Just sayin'

        Don't worry MS is still evil. Just that these botnets are predominately made up of pirated software to begin with.

    • Good job! Especially since worm-riddled broadband-connected home computers running Microsoft operating systems were the cause of the spam problem in the first place. An unreasonable man like me would view this as a problem of Microsoft's causing, and by default their responsibility to clean up. Seems as if Microsoft's shoddy programming job allowed the holes to exist in the first place, and they cynically passed the cost on to the rest of us. Sort of like how an amoral oil company should be forced to cl

      • by Belial6 (794905)
        You use sarcasm, but MS really didn't create the problem. If the SMTP protocol had security from the start, spam wouldn't be much of a problem. I'm sure MS could have been more helpful sooner, but the spam problem certainly doesn't fall on their feet.
        • So it's the problem of the Protocol that it gets billions of emails from millions of hijacked machines?
          • by Belial6 (794905)
            Simple answer: Yes.

            If there were no windows boxes, spam would continue. SMTP does not identify the sender. The inability to identify the sender is the single biggest vector for spam. That is a protocol problem. Not an OS problem.
            • by blair1q (305137)

              SMTP is a protocol and has no behaviors. SMTP-formatted email does identify the sender. Unfortunately, such a thing is easily spoofed. So SMTP can be manipulated to hide the true sender and its location on the network. That's the flaw. But fixing that wouldn't be enough. The proximal problem is that people still get trojans on their machines that can act like normal programs, and the server accepting your connection has no way of knowing whether the client sending it data is legitimate or bogus. The w

              • by Belial6 (794905)
                I'm not sure what definition of "behaviors" you are using, but the definition everyone else uses means that SMTP certainly does have behaviors. SMTP does not identify the sender. It allows the sender to offer up their identity if the so choose. Yes, I am splitting hair by saying that securely identifying the sender isn't the same as just taking their word for it, but that is the crux of the problem.

                Stopping spam is a two part problem. The first part is identifying who the mail comes from. Without a
        • by blair1q (305137)

          It doesn't need it from the start. MS's inet stack can be watching for connections to SMTP ports and looking for to-addresses that only exist in spam databases. If the OS detects that, it can phone home, or kill the sending task, or pop up a "You are infected by a spam email botnet program." There's no reason anyone should be hosting one of those any more.

    • umm...you do realize it's their crappy OS that allowed the botnet to be so large in the first place, right?
  • Who cares (Score:5, Insightful)

    by afidel (530433) on Tuesday March 29, 2011 @11:49AM (#35653742)
    The organized criminals who are raking in the money are well protected in their home countries so this is essentially a big game of whack a mole until people better protect their computers (good luck with that).
    • by Jahava (946858)

      The organized criminals who are raking in the money are well protected in their home countries so this is essentially a big game of whack a mole until people better protect their computers (good luck with that).

      Agreed, kind of. Users can only do so much, especially when zero-days are frequent targets of vulnerabilities and vendors do lazy and irresponsible patching and damage control.

      We need well-enforced international criminal penalties for both the spammers themselves, as well as the corporations that hire them. Remove the monetary incentive and both the motive and means drop significantly. This also reduces the overall incentive to infect others' machines as a nice side effect.

      What would also be interesting is

      • by Belial6 (794905)
        It would also destroy the software industy and stagnate it with the few companies that could afford the insurance or were "too large to fail" and making sure that the three companies still producing software didn't do anything new for fear of creating a hole.
    • Re:Who cares (Score:5, Informative)

      by _|()|\| (159991) on Tuesday March 29, 2011 @12:16PM (#35654162)

      this is essentially a big game of whack a mole

      The last couple of times a story like this was posted, I went straight to SpamCop's statistics [spamcop.net] for corroboration. You're right: the touted decrease in spam is real, but temporary. However, the yearly chart does seem to show a downward trend.

      • by Tom (822)

        Why, then, does my own statistics show a very strong upwards trend? Is the volume getting lower, but it bypasses the filters better?

        Seriously. I have as much spam in my inbox now as I used to do 10 years ago, when it started to piss me off enough that I installed spam filters. Except now there's little more I can do. :-(

    • so this is essentially a big game of whack a mole until we do something about the economic forces behind spam

      There, fixed that for 'ya. No amount of patching and filtering will make spam go away - ever. Spam will continue to be sent out as long as spammers can make money by sending out spam. The only way we can ever end spam for good is to either make it too expensive to send (which would not be palatable for most users) or take serious steps to interfere with the money train that keeps the spammers paid.

      Everything else is reactionary, futile, or just a feel-good step (or a combination thereof).

      • by Tom (822)

        And unfortunately, this will not happen for a very, very long time.

        You see, spam is just the ugly part of some deep beliefs of our culture. Tackling spam means asking questions few people really want to have asked seriously.
        For example: Isn't almost all advertisement unsolicited? I certainly didn't opt-in to any of the billboards I encounter every day on the street.
        Or: Where do we draw the line to unethical business practices, and can we really draw it - in an official, as in on-the-book, way - without decl

    • I don't know why we don't start boxing in nations who do not control their spammers and hackers. Telling the USSR, just for an example, to shut down their known, easily-found spamming operations or get blackholed right off the fucking face of the planet would go a long way towards ending this stupidity.

      I'm sure somewhere in the Wikileaks memos someone could find evidence that all of our world leaders are polishing each others' fucking knobs on this issue . . . sometimes I think the world is run by toddlers

      • by Tom (822)

        sometimes I think the world is run by toddlers who've escaped the daycare.

        It's worse than that. It's run by people with an adult mind and toddler ethics. I'm not kidding, kids have an early phase in their development where they simply can not fathom the concept that there could be a part of the world that does not revolve around them, and can not be easily classified as threat or source-of-food-and-security - or as one of the famous people with that mindset put it "you're either with us..."

      • by sjames (1099)

        It's worse! Toddlers can be taught that cheating and hitting are bad. World leaders are impervious to those lessons.

    • by blair1q (305137)

      How well protected?

      Like, say, if the government advertised their names and addresses, would it be impossible to bribe their nefarious cohorts to impose a little discipline on them?

      • by afidel (530433)
        Yes, that well protected. They are part of well armed organized gangs with protection from local and state police and often the military. The Russian mob makes the guys from Sicily and NYC look like rank amateurs, as do many of the groups in other former eastern block countries. The guys in China could be touched if they pissed off the wrong party boss who wasn't being enough to look the other way.
  • by DriedClexler (814907) on Tuesday March 29, 2011 @11:50AM (#35653762)

    This same old "silver bullet" for spam is yet another lame attempt to solve an intractable problem. Here we go...

    Your post advocates a:

    wait, one third you say??? Holy shit, never mind! Good work!

  • Now I can get my spam-bot service up and running with much less competition in the marketplace. Some penis-enlargement companies just don't want to spread their money around.

    • by cobrausn (1915176)
      Hmmm. Penis Enlargment. Spread. I can't help but feel there is a joke in there somewhere...
      • "Taxes: Redeemable only for Warfare, Welfare, and more Taxes. Offer not valid in Puerto Rico." Some dumbass Randroid Teabagger.

        "I enjoy paying taxes. With them I buy civilization."
        Oliver Wendell Holmes.

        • by cobrausn (1915176)
          You're replying to a sig? What a fucking loser. I'm also pretty sure you're replying with someone elses sig.

          Also, you don't know a fucking thing about me and you failed to really get what the sig is saying. I would gladly pay taxes if I felt that it wasn't going to be used to wage pointless wars (this coming from a military vet) and if I got anything out of the socialist programs they institute. Instead, we get American style welfare, where the successful pay and get nothing and those who don't pay s
          • This. Is. SLASHDOT, Slappy. You drop a sig like that, expect to get called on it.

            I love it when people like you flip out. Shows me that I was dead on target.

            I particularly love the instant resort to obscenities, not to mention the cite of a COMIC STRIP.

            So you're ex-military. So what? I'm to be impressed that you joined the ArmyNavyAirForceMarinesCoastGuard? I'm to be impressed that you became a member of an organization that goes and kills people because some Rear Echelon Mother Fucker in D.C. says so? When

    • by blair1q (305137)

      No, and now that there's less traffic your operation will be more visible, hence more vulnerable. Hence the PECs will be negotiating to pay you less since the risk of losing your services to interdiction just went up.

  • This outcome could have been easily prevented if they had used licensed copies of Windows 7 for their spam net.

  • Not for long... (Score:5, Insightful)

    by damn_registrars (1103043) <damn.registrars@gmail.com> on Tuesday March 29, 2011 @12:13PM (#35654132) Homepage Journal
    Sure the spam volume dropped, but anyone who thinks this is anything but temporary is either crazy or an idiot. Naturally as soon as one botnet goes down another one ramps up to take its place; this is exactly what the prime motivating factor behind spam - money - will do to the situation.
    • by blair1q (305137)

      Prosecution is the prime demotivator behind reducing crime, so it should be done as loudly and crudely as possible.

  • Perhaps by just informing people that their machine may be infected? Perhaps by using another medium like an automated phone call or a note on their bill that says that traffic from their computer conforms to traffic seen by infected computers? Perhaps giving them some stats each month that says: this is how many email were seen to be sent by your Internet connection; hey this is pretty high for a home computer, have you updated your virus scanning?
    I do not necessary suggest that they block port 25 or

    • Does the ISP need to look far enough into the packet to see that it is SMTP traffic, or even that it is TCP?

      It could be an option when you sign up though.

      • by blair1q (305137)

        I've recently discussed with my ISP the sort of thing they could do to identify packets trying to get into my network (lots of extra blinkenlights on the cable modem, occasional access attempts at the router), and their response was basically that it's illegal for them even to tell me the IP addresses in the incoming or outgoing packet headers.

        Yup. They may be routing them, but they're not allowed to log them or even to see them on a screen, and they're certainly not allowed to tell me what they are.

        I'm not

      • by Tom (822)

        You don't need to do any packet inspection. A blackhole server, a tarpit, or just the logs on your own mailserver would be enough to identify customers that have a botnet problem.

  • Hope that M$ continues this great venture into closing down the infected pcs or whatever they did to stop the spam, they could help the price of internet to go down if all spam ceased, and the ISPs did not have to spend extra for all that filtering....might give us cheaper internet???

    • by blair1q (305137)

      Maybe we should start a fund to help MS defray the cost of the effort. In case they have trouble paying...for fixing...the problem they...caused...

  • It's your turn to do something useful.

  • I work at a top 20 email provider and can concur that spam levels are down since the November, 2011. We were rejecting 96% at the perimeter back then, today we're rejecting around 73% with the same % making it to the inbox and getting marked as junk. Not a crazy reduction in spam, just a reduction in spam.
    • by rsborg (111459)

      I work at a top 20 email provider and can concur that spam levels are down since the November, 2011.

      Care to tell me what MSFT and AAPL are trading for in your current time? I'll even be happy with a ballgame score or two.

  • I noticed a drop, but it's back up now with messages telling me how my "business" is an award winner and the usual Nigerian-influenced stuff

    Are people really that stupid?

    • by Tom (822)

      Yes. As every con-man knows: A sucker is born every minute

      • by blair1q (305137)

        A sucker is born every minute

        Said the man selling a get-rich-quick-off-suckers scheme...

  • >Since then, Bagle, a botnet that wasn't even on MessageLabs' top ten spam-sending botnets at the end of 2010, has taken over from Rustock as the most active spam-sending botnet this year."

    Yeah, and guess what?

    Bagle runs spectacularly under Wine. As in, it behaves itself quite nicely and you don't notice it until you receive mail in your mailbox that is coming from yourself.

    Bagle is truly cross-platform malware.

    All it needs to do is attach itself to Gnome's or KDE's startup folder or .bashrc or .login.

    A

    • by PCM2 (4486)

      All it needs to do is attach itself to Gnome's or KDE's startup folder or .bashrc or .login.

      Indeed. From what I've read, Bagle might run under Wine, but only when you run it. Unlike on Windows, it doesn't have any way to make it auto-start after a reboot. To expect a Windows virus to know how to rewrite a .bashrc or .login file on some random version of Linux, which might be running Gnome or might be running KDE, etc., sounds pretty far-fetched.

      • by bmo (77928)

        >it doesn't have any way to make it auto-start after a reboot.

        Didn't I just mention 4 different ways to start at login? Once root status is attained, there's another way - add it to the init scripts. It's not as if local privilege escalation doesn't exist.

        >To expect a Windows virus to know how to rewrite a .bashrc or .login file on some random version of Linux, which might be running Gnome or might be running KDE, etc., sounds pretty far-fetched.

        When I ran Bagle, it was smart enough to fetch my addr

  • The spam-hose has abruptly gone limp. The flow petered out from one spam every 4 seconds to one every 30 minutes. My spam dropped from 226000 in the past month to about a dozen per day since these dicks were cut off. I'm impressed and grateful for the 99.8% improvement.

This screen intentionally left blank.

Working...