Spam email messages are one of the main contributors to spreading malware over the Internet. According to Symantec's calculations, the Rustock botnet has now been found to be responsible for up to 40% of all of the world's spam. The network of computers infected with Rustock are controlled by botnet controllers that collectively send about 46 billion spam emails each day.
The Rustock botnet is known as a computer Trojan horse infection that gains control over an infected system. The IP addresses of many of these infected computers are included on a IP blacklist, which is how security researchers are able to trace some of their activities. Once a system is infected with Rustock, it may be unable to perform certain normal functions and later controlled by a remote source to carry out illegal functions.
Rustock botnet, at one time, was able to send spam messages using a TLS (Transport Layer Security), which is a type of encryption protocol used to send secure email messages, to avoid detection or inspection by network equipment. Usually, network systems have filters in addition to software that will detect and block emails identified as spam. Rustock was able to virtually bypass these filters which may have been a contributing factor to why it is responsible for about 40% of the world's spam messages.
Currently, it has been estimated by security analysts that about 1.3 million computers are infected with Rustock. The botnet is still very potent through its ability to increase the volume of spam sent out from mostly infected computers located in North America and Western Europe. Several months ago, the number or Rustock infected systems were over 2.5 million. The recent decline in Rustock infected computers may be due to the people controlling the compromised computers are loosing connection or those infected systems' antivirus applications may have detected the infections.
Rustock remains to be a major contributor to spam messages as it still controls many infected systems around the world. At one time, Rustock was almost put to an end when the ISP McColo was cut off from the Internet in late 2008 because they hosted command-and-control severs for many different botnets including Rustock.
Considering how the Rustock botnet is responsible for such a large portion of spam, do you believe other botnets such as those listed on our Top 10 Botnet Threats in the U.S. list are responsible for how the majority of malware is still spread over the Internet today?