A man cannot be too careful in the choice of his enemies - Oscar Wilde
|
|
|
Junk email botnet Rustock stops spouting spam
THERE HAS BEEN a massive drop in spam hitting email inboxes due to the Rustock botnet apparently having been disabled by a person or persons unknown.
M86 Security found that the flood of junk emails generated by the Rustock botnet, which has been considered the world's most active spam botnet, completely stopped from 3pm yesterday. Rustock is infamous due to the sheer volume of spam it generated, usually consisting of online pharmacy and male enhancement pill advertisements.
Nobody truly knows why the Rustock botnet is suddenly offline. But there are rumours that it was due to a coordinated attack from anti-spam activists. It is possible that they managed to shut off the command-and-control servers that infected computers in the botnet need to communicate with.
Of course Rustock might simply have been abandoned, but this seems unlikely. As early as last year Symantec reported spam levels had gone up due to an aggressive campaign to increase the size of the botnet. There's also no way to say whether the Rustock botnet shutdown will be permanent.
Phil Hay of M86 Security said, "Whatever the reason, let's hope this one sticks. Previous attempts at botnet shutdowns have tended to be short lived as the botnet herders simply regroup and start again. It's too early to say bye bye Rustock, but the thought is certainly nice." µ
Tags: Security
Share this:
Share
Well, it would seem Bill's boys (and girls) have done good...
"Microsoft took the help of federal law enforcement agents in the dragnet which is a part of a civil lawsuit filed in federal court in Seattle in early February against unnamed operators of the Rustock "botnet"."
and
"After the raid, Microsoft has claimed that its legal action has effectively shut down the spam network."
See: http://malware.cbronline.com/news/microsoft-police-launch-dragnet-against-botnet-180311
Legally? Impossible.
Tehcnically, however, it's easy; just write a virus that specifically seeks out and disables the botnet virus you're trying to kill. Your virus has to exploit the same security holes that the botnet virus did, and should respond to the same C&C inputs with fake acknowledgements (while reporting the location of the C&C servers back to someone capable of taking *them* out). Your virus removes the botnet virus, and then spreads itself in the same way as the original - while pretending to "be" the original, and doing everything the original did *except* send spam.
And if you're a White Hat, you build in a "kill switch timer" so that your fake botnet goes dark suddenly.
So, not at all difficult - and governments *could* do this if they wanted to. But since politicians take bribes to *not* protect the public from spammers, governments won't do it.