Rustock Botnet Roars Back to Life

The Rustock botnet has roared back to life after its holiday vacation. Researchers detected the sleeping giant’s return on January 10^th when global spam volumes increased by 98% in just 24 hours.

The botnet, which went through some rough times last fall when its supporting organization shut down, quietly slipped under the radar over the holiday season. This was unusual as it’s usually a highly  lucrative time for spammers, especially those who specialize in designer replica spam.

Rustock has always been known for its pharmaceutical spam and that’s exactly what it resumed sending out when it awoke. However this time instead of the Canadian Pharmacy spam it used to be famous for, it’s now hawking a brand new site called Pharmacy Express, which is presumably an offshoot. Canadian Pharmacy spam took a hit when Spamit, the rogue affiliate group behind it, was shut down. Some researchers believe that some of the spammers left high and dry by the closure got together and startd a new operation.

It appears that Rustock took a working vacation however. While it wasn’t sending spam, it was staying busy by distributing spyware, adware and other goodies, as well as being involved in PPC fraud. Now that it has become a spamming machine again, sending upwards of 200,000 spams a minute, those other activities appear to have ceased.

Experts say that cybercriminals are starting to look at other ways to use botnets to make money and the activity detected from Rustock definitely seems to support that.