Rustock Takedown Has Reduced Spam by 1/3, Study Says

MOUNTAIN VIEW, Calif. — A new intelligence report by Symantec says that the volume of spam across the world has been cut by one third after the Rustock botnet takedown.

Last year, the botnet was responsible for sending out 44 billion spam messages per day or more than 47 percent of the world’s total output. Symantec reported that prior to its takedown, Rustock sent out 13 billion daily spam emails.

Raids by federal officials and legal action by Microsoft managed to cut off the network a couple of weeks ago, dropping the overall global spam messages to around 33 billion per day, compared with 52 billion the prior week, according to

But Symantec said it can’t be certain whether Rustock will be able to come back.

"It remains to be seen whether the criminals behind Rustock will be able to recover from this coordinated effort against what has become one of the most technically sophisticated botnets in recent years," said Paul Wood, a senior analyst at MessageLabs.

"Rustock has been a significant part of the botnet and malware landscape since January 2006, much longer than many of its contemporaries."

The report pointed out that even if one botnet goes down, another one usually surfaces such as Bagle, which has now become the most active spambot this year so far. Bagle has been sending out more than eight billion junk emails per day since the end of last year.

 Other botnets such as Festi and Cutwail also account for a significant amount of overall spam. More than 83 percent of all global spam was triggered by botnets in March, a gain of six percent since the end of last year.

"Botnets have been and remain a destructive resource for cybercriminals and through the years have become the spammers' air supply, without which it would be very difficult for them to operate," Wood said.

"Botnets are also used for other purposes such as launching distributed denial-of-service attacks, hosting illegal website content on infected computers [known as bots], harvesting personal data from them and installing spyware to track the activities of their users."