Rustock botnet responsible for 39 percent of all spam

Botnets are now responsible for sending 95 percent of all spam, up from 84 percent in April, and almost half of that spam comes from a single botnet, Rustock.Rustock sent 41 percent of the world’s botnet spam in August, up from 32 percent in April. This is despite the network actually shrinking in size from 2.5 million to 1.3 million bots over the same period, security company Symantec said on Tuesday. This means Rustock is currently responsible for 39 percent of all the world’s spam emails. see:Spam botnet sends 43bn emails per day
More than 40 percent of the world’s spam is coming from a single network of computers that computer security experts continue to battle, according to new statistics from Symantec’s MessageLabs’ division.The Rustock botnet has shrunk since April, when about 2.5 million computers were infected with its malicious software that sent about 43 billion spam emails per day. Much of it is pharmaceutical spam. botnets tighten stranglehold on UK PCs
The UK jumped into the top four spam sending countries globally in August as volumes of spam sent from infected PCs in the region almost doubled, according to the latest report from Symantec Hosted Services.The firm’s monthly MessageLabs Intelligence report found that in August, the UK was responsible for 4.5 per cent of the world’s spam, more than double the percentage in April, with UK PCs appearing more frequently in prolific spam botnets such as Rustock. Spam Exploits Fake Celebrity Deaths
Miley Cyrus is fine. Beyoncé did not perish in a plane crash. Brad Pitt did not meet an untimely demise. Everyone take a deep breath and–whatever you do–do NOT click on any file or link that arrives as a part of a sensational e-mail declaring a celebrity death.A Symantec spokesperson reported via e-mail that Symantec is “currently tracking an eruption on the spam ring of stories of celebrities dying in plane crashes or car accidents.” The strategy of exploiting hyperbolic news headlines–whether fiction or reality–is part of the standard malware playbook. Gullible users continue to fall for the oldest spam trick in the book, though, which is why it is still used so frequently. Announces August 2010 MessageLabs Intelligence Report [news release]
Symantec Corp. today (24/8) announced the publication of its August 2010 MessageLabs Intelligence Report. Analysis reveals that the percentage of spam sent from botnets has increased to 95 percent of all spam up from 84 percent in April. Rustock remained the most dominant spam-sending botnet responsible for the majority of botnet spam, 41 percent in August up from 32 percent in April, but shrinking in the number of bots under its control from 2.5 million in April to 1.3 million in August.”Overall, the total amount of spam in circulation is down slightly from the previous quarters as most botnets have reduced their number of bots,” said Paul Wood, MessageLabs Intelligence Senior Analyst, Symantec Hosted Services. “One exception is Rustock which has decreased its number of bots but increased its volume, more than doubling the amount of spam sent from each bot per minute resulting in a 6 percent increase in spam emails per day.”One factor in the increased throughput from Rustock is that the botnet has stopped using TLS encryption to send spam, thus speeding up connections. At its peak in March, TLS encrypted spam accounted for 30 percent of spam from all sources and as much as 70 percent of spam from Rustock. Now that the use of TLS in spam-sending has declined, it accounts for less than 0.5 percent of all spam.”It is likely that because TLS slow connections due to the additional encryption processing required to send a spam email, the botnet controllers realized that this tactic impeded their spam-sending capabilities,” Wood said. “As a result, Rustock’s dominance has never looked better as its spam-per-bot-per-minute rate more than doubled from 96 spam emails to 192.”Also in August, the UK was responsible for 4.5 percent of the world’s spam, more than double the percentage in April, and the UK is now the fourth most frequent source of spam behind the US, India and Brazil. With similar increases in Germany, France and Italy, four of the top 10 spam sending countries are now found in Western Europe.However, the US is home to the greatest number of bots, most notably Rustock, Storm and Asprox. In April 2010, seven percent of Rustock bots were located in the US. This number had doubled to 14 percent by August.In August there were a significant number of yet-to-be classified botnets responsible for spending 17.6 percent of all spam.”We have seen impressive activity from the usual botnet suspects,” Wood said, “and in many cases there are likely to be newer incarnations of existing botnets that have been updated and there are also likely to be some brand new botnets that are now beginning to emerge.”Other report highlights:Spam: In August 2010, the global ratio of spam in email traffic from new and previously unknown bad sources was 92.2 percent (1 in 1.08 emails), an increase of 3.3 percentage points since July.Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 327.6 emails (0.31 percent) in August, a decrease of 0.02 percentage points since July. In August, 21.2 percent of email-borne malware contained links to malicious websites, an increase of 4.1 percentage points since July.Endpoint Threats: Threats against endpoint devices such as laptops, PCs and servers may penetrate an organization in a number of ways, including drive-by attacks from compromised websites, Trojan horses and worms that spread by copying themselves to removable drives. Analysis of the most frequently blocked malware for the last month revealed that the Sality.AE virus was the most prevalent. Sality.AE spreads by infecting executable files and attempts to download potentially malicious files from the Internet.Phishing: In August, phishing activity was 1 in 363.1 emails (0.275 percent) an increase of 0.10 percentage points since July.Web security: Analysis of web security activity shows that 34.3 percent of malicious domains blocked were new in August, an increase of 3.8 percentage points since July. Additionally, 12.9% of all web-based malware blocked was new in August; a decrease of 0.2 percentage points since last month. MessageLabs Intelligence also identified an average of 3.360 new websites per day harboring malware and other potentially unwanted programs such as spyware and adware, a decrease of 24.1percent since July.Geographical Trends:

  • Spam levels in Hungary rose 3.3 percentage points to 96.3 percent in August positioning it as the most spammed country.
  • In the US, 92.5 percent of email was spam and 91.7 percent in Canada. Spam levels in the UK were 91.9 percent.
  • In the Netherlands, spam accounted for 93.5 percent of email traffic, while spam levels reached 93.0 percent in Germany, 94.9 percent in Denmark and 91.7 percent in Australia.
  • Spam levels in Hong Kong reached 93.2 percent and 90.3 percent in Singapore. Spam levels in Japan were at 90.3 percent and 94.1 percent in China.
  • Virus activity in Spain was 1 in 64.1 emails, making it the most targeted for email-borne malware in August.
  • Virus levels for the US were 1 in 417.9 and 1 in 290.8 for Canada. In Germany, virus levels reached 1 in 281.3, 1 in 354.9 in Denmark, 1 in 461.6 for the Netherlands, 1 in 346.3 for Australia, 1 in 264.9 for Hong Kong, 1 in 493.8 for Japan and 1 in 634.6 for Singapore.
  • Oman became the most targeted for phishing attacks in August with 1 in 185.3 emails comprising a phishing attack.

Vertical Trends:

  • In August, the most spammed industry sector with a spam rate of 94.8 percent was the Automotive sector.
  • Spam levels for the Education sector were 92.9 percent, 92.6 percent for the Chemical & Pharmaceutical sector, 92.7 percent for IT Services, 92.8 percent for Retail, 91.7 percent for Public Sector and 91.2 percent for Finance.
  • In August, the Government/Public Sector became the most targeted industry for malware with 1 in 74.6 emails being blocked as malicious.
  • Virus levels for the Chemical & Pharmaceutical sector were 1 in 243.2, 1 in 284.9 for the IT Services sector, 1 in 477.1 for Retail, 1 in 155.7 for Education and 1 in 215.4 for Finance.

The August 2010 MessageLabs Intelligence Report provides greater detail on all of the trends and figures noted above, as well as more detailed geographical and vertical trends. The full report is available at’s MessageLabs Intelligence is a respected source of data and analysis for messaging security issues, trends and statistics. MessageLabs Intelligence provides a range of information on global security threats based on live data feeds from our control towers around the world scanning billions of messages each week.About Symantec: Symantec is a global leader in providing security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. Our software and services protect against more risks at more points, more completely and efficiently, enabling confidence wherever information is used or stored. More information is available at

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.