The global volume of junk e-mail sent worldwide took a massive nosedive today following what appears to be a coordinated takedown of the Rustock botnet, one of the world’s most active spam-generating machines.
For years, Rustock has been the most prolific purveyor of spam — mainly junk messages touting online pharmacies and male enhancement pills. But late Wednesday morning Eastern Time, dozens of Internet servers used to coordinate these spam campaigns ceased operating, apparently almost simultaneously.
Such an action suggests that anti-spam activists have succeeded in executing possibly the largest botnet takedown in the history of the Internet. Spam data compiled by the Composite Spam Blocklist, the entity that monitors global junk e-mail volumes for the anti-spam outfit Spamhaus.org, shows that at around 2:45 p.m. GMT (10:45 a.m. EDT) spam sent via the Rustock botnet virtually disappeared. The CBL estimates that at least 815,000 Windows computers are currently infected with Rustock, although that number is more than likely a conservative estimate.
“This is a truly dramatic drop,” said one anti-spam activist from Ottawa, Canada, who asked not to be named because he did not have permission from his employer to speak publicly about the spam activity spike. “Normally, Rustock is sending between one to two thousands e-mails per second. Today, we saw infected systems take an abrupt dive to sending about one to two emails per second.”
Joe Stewart, director of malware research with Atlanta-based Dell SecureWorks, said none of the 26 Rustock command and control networks he’s been monitoring were responding as of Wednesday afternoon.
“This looks like a widespread campaign to have either these [Internet addresses] null-routed or the abuse contacts at various ISPs have shut them down uniformly,” Stewart said. “It looks to me like someone has gone and methodically tracked these [addresses] and had them taken out one way or another.”
Update, Mar. 18, 10:04 a.m. ET: As many readers have pointed out, the Wall Street Journal is reporting that the takedown of Rustock was engineered by Microsoft, which used the legal process to shutter the botnet’s control networks at various U.S.-based hosting providers. For more on how Microsoft did that, check out my latest story, Homegrown: Rustock Botnet Fed by U.S. Firms.