back to article Spam volumes double as Rustock botnet wakes

Spam volumes have returned to normal following a holiday lull that saw a drastic reduction of junk mail. The Rustock botnet is out of hibernation and back in business, spewing copious volumes of useless junk mail courtesy of hundreds of thousands of compromised Windows machines. Rustock (which specialises in spamvertising …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward


    Lets ban those people with compromised machines from ever using any type of tech, and publicly flog those which have ever clicked a link from spam email.


    1. william henderson 1


      let's do bugger all about those that write, distribute knowingly or use the malware for their own or others illicit gain.

      no, let's not stop there, let's ban victims of anything.

  2. Avatar of They
    Thumb Down

    Works holidays?

    Surely the armistice would suggest 'works' machines are a massive part of it? People taking holidays simply turned them off over christmas? Afterall many a company laughs at IT spending and even more at anti virus software (slows things down)

    Or is that too obvious a guess

    1. Jimmahh

      Yeah but...

      How come a similar dip wasn't seen in previous years? *shrug*

    2. IglooDude

      Likely not

      It seems logical yes, but the folks who would know say that it isn't an annual dip, and one presumes little statistical variation in how many people are powering off work machines when going on winter/Christmas holiday.

    3. Anonymous Coward


      "Afterall many a company laughs at IT spending and even more at anti virus software (slows things down)"

      I thought most companies had the opposite view. Load the work PCs up with as much anti-virus and monitoring software as possible, and to hell with the performance (hence why my Core2Duo work PC performs about as well as my old Althon XP PC).

    4. This post has been deleted by its author

    5. Merodach

      Kids on holiday from uni too

      Kids on holiday from uni too. I see a drop when that starts and when it ends a spike.

  3. Anonymous Coward

    Simpler solution

    Get the ip ranges of the russiomob-controlled CnC servers out to the more serious ISPs. If authorities can't disconnect those CnC servers (and preferrably their admins!) from the network of living, at least let the more serious ISPs block those CnC servers from connecting to their infested customers.

    1. TeeCee Gold badge

      Re: Simpler solution

      Yes, but. I thought that it had become trendy to avoid using fixed CnC servers to do the job in favour of such mechanisms as Twitter, for precisely this reason.

      The plus side here is that we already know the IPs to block. The minus side is the howls of protest that would ensue from all those deprived of the ability to know instantly whenever their favourite Z-list celeb is taking a dump.....

  4. Cheshire Cat

    Even simpler...

    Why don't the ISPs simply block the port (tcp/25) outbound from clients to anything but their own mail gateway? Maybe grant exceptions when specifically asked. This would at a stroke stop most of the spam flood, and be unlikely to affect 99.9% of normal users who will be using gmail or the ISP's own mail server.

    But this would require work by the ISP for no financial gain, so that's out, then.

    1. Ben 42

      A lot already do

      Most of the major ones in fact. Mine even blocks incoming port 25 because apparently there are a lot of viruses out there that _receive_ large amounts of spam instead of sending it. :-)

  5. Shannon Jacobs

    The answer is at the other end of the rainbow?

    Fighting the spammers upstream has failed for long enough. We need to destroy their economic model. My suggestion is that we make it easy for the large number of people who hate spam to get between the spammers and the small number of people who are stupid enough to send money. There's too much evidence that the spammers are still making a profit, but if we allow the good Samaritans to cut off the money, it will change things. I'm not suggesting the spammers will suddenly become decent human beings. I'm just saying we can encourage them to move under less visible and much smaller rocks.

  6. Doctor_Wibble

    possible explanation

    From around mid/late Oct until around 26th Dec I was getting a lot of 'failed' spams - what looks to have been a spammer template typo was causing spams to fail (relatively) silently with a protocol error.

    This now appears to have been fixed (so I'm not giving anything away here), and people seem to be making up for lost time because levels are back to (somewhat higher than) normal. Nice while it lasted though.

    None of them would have registered as spam anywhere because they weren't getting far enough to be counted.

    OK, so a relatively small sample set (low-volume private mail server) but during that period the number of connections remained at more or less normal levels, while the number of spams received dropped to almost zero. Enlightenment provided by tcpdump.

    I have no idea which botnet these came from but they were all .ru pharma sites being advertised, which may or may not be entirely coincidental.

  7. Freediver

    Spammers are a global public enemy #1 - read on for the reason

    Because spam makes up such a huge percentage of global data traffic it is consuming vast amounts of processor cycles and, hence, is directly responsible for generating truly huge amounts of CO2 and waste heat.

    For this reason alone, governments must shut them down and use both civil and military resources to do so. The spammers are everyone's enemy.

  8. Cameron 2

    why there's spam

    When a kitchen's dirty, it gets cockroaches. That's not the cockroaches' fault, it's the fault of the lazy slob providing the habitat. We have spam because the vast majority of Internet companies are doing as little as they can get away with to keep spammers from using their equipment.

    If Google's so smart, why can't they search out all those dropbox accounts? I see their domain in spam Reply-To more than any other! They could kill those things fast enough to chase the crooks back to Hotmail, but they can't be bothered.

    Try reporting your spam for a while, and you'll notice that the vast majority of domains don't have a working abuse address. They may define it, but they don't bother to except it from content analysis, so "test" one-liners get through but spam reports containing samples don't.

    Try reporting dropboxes, you'll discover abuse@yahoo now requires a format which no known software generates.

    If these companies were serious about stopping spam, spam would stop.

This topic is closed for new posts.

Other stories you might like