Tag Archives: Rustock

Spam Volumes: Past & Present, Global & Local

January 15, 2013

Last week, National Public Radio aired a story on my Pharma Wars series, which chronicles an epic battle between men who ran two competing cybercrime empires that used spam to pimp online pharmacy sites. As I was working with the NPR reporter on the story, I was struck by how much spam has decreased over the past couple of years. Below is a graphic that’s based on spam data collected by Symantec’s MessageLabs. It shows that global spam volumes fell and spiked fairly regularly, from highs of 6 trillion messages sent per month to just below 1 trillion. I produced this graph based on Symantec’s raw spam data.

A Closer Look at Two Bigtime Botmasters

December 11, 2012

Over the past 18 months, I’ve published a series of posts that provide clues about the possible real-life identities of the men responsible for building some of the largest and most disruptive spam botnets on the planet. I’ve since done a bit more digging into the backgrounds of the individuals thought to be responsible for the Rustock and Waledac spam botnets, which has produced some additional fascinating and corroborating details about these two characters.

PharmaLeaks: Rogue Pharmacy Economics 101

June 22, 2012

Consumer demand for cheap prescription drugs sold through spam-advertised Web sites shows no sign of abating, according to a new analysis of bookeeping records maintained by three of the world’s largest rogue pharmacy operations.

Researchers at the University of California, San Diego, the International Computer Science Institute and George Mason University examined caches of data showing the day-to-day finances of GlavMed, SpamIt, and Rx-Promotion, shadowy affiliate programs that over a four-year period processed more than $170 million worth of orders from customers seeking cheaper, more accessible and more discretely available drugs. The result is is perhaps the most detailed analysis yet of the business case for the malicious software and spam epidemics that persist to this day.

Microsoft Responds to Critics Over Botnet Bruhaha

April 16, 2012

Microsoft’s most recent anti-botnet campaign — a legal sneak attack against dozens of ZeuS botnets — seems to have ruffled the feathers of many in security community. Their chief criticism is that the Microsoft operation exposed sensitive information that a handful of researchers shared in confidence, and that countless law enforcement investigations may have been delayed or derailed as a result. In this post, I interview a key Microsoft attorney about these allegations.

Pharma Wars: Mr. Srizbi vs. Mr. Cutwail

January 5, 2012

The last post in this series introduced the world to “Google,” an alias chosen by the hacker in charge of Cutwail — currently the world’s largest spam botnet. Google rented his crime machine to members of SpamIt, an organization that paid spammers to promote rogue Internet pharmacy sites. This made Google a top dog, but also a primary target of other botmasters selling software to SpamIt, particularly the hacker known as “SPM,” the guy behind the infamous Srizbi botnet.

Flashy Cars Got Spam Kingpin Mugged

August 22, 2011

A Russian spammer suspected of being the man behind the infamous Rustock spam botnet earned millions of dollars blasting junk email for counterfeit Internet pharmacies. Those ill-gotten riches allowed him to buy flashy sports cars, but new information suggests they also attracted the attention of common street thugs who targeted and ultimately mugged the spammer, stealing two of his prized rides.

Where Have All the Spambots Gone?

July 1, 2011

First, the good news: The past year has witnessed the decimation of spam volume, the arrests of several key hackers, and the high-profile takedowns of some of the Web’s most notorious botnets. The bad news? The crooks behind these huge… Read More »

Microsoft Hunting Rustock Controllers

March 28, 2011

Who controlled the Rustock botnet? The question remains unanswered: Microsoft’s recent takedown of the world’s largest spam engine offered tantalizing new clues to the identity and earnings of the Rustock botmasters. The data shows that Rustock’s curators made millions by pimping rogue Internet pharmacies, but also highlights the challenges that investigators still face in tracking down those responsible for building and profiting from this complex crime machine.

Homegrown: Rustock Botnet Fed by U.S. Firms

March 21, 2011

Aaron Wendel opened the doors of his business to some unexpected visitors on the morning of Mar. 16, 2011. The chief technology officer of Kansas City based hosting provider Wholesale Internet found that two U.S. marshals, a pair of computer forensics experts and a Microsoft lawyer had come calling, armed with papers allowing them to enter the facility and to commandeer computer hard drives and portions of the hosting firm’s network. Anyone attempting to interfere would be subject to arrest and prosecution.