Massive Botnet Virus Halted Mid-Campaign

By Erin Harrison March 17, 2011

A botnet spam virus said to comprise close to a million infected computers has been disrupted, according to a report issued Thursday by the BBC.

Security researchers said that would make it the largest ever take down of a cyber crime network. It was not clear whether the Rustock botnet was intentionally dismantled. When a botnet is disabled, it can be back up and running in days, according to security experts.

“In 2010, the Rustock botnet – a collection of infected machines – was the most prolific producer of spam on the Internet, at its peak accounting for nearly half of all spam sent globally – some 200 billion messages a day,” the BBC report said. “And new types of malware are proliferating rapidly, making it harder for computer users to ensure their systems are fully protected.”

A report issued this week by Panda Security found that in the first three months of 2011, an average of 73,000 new malware strains were identified, most of which were Trojans. There was a 26 percent increase of new threats compared to the same period last year.

“The proliferation of online tools that enable non-technical people to create Trojans in minutes and quickly set up illegal business – especially when it can provide access to banking details – is responsible for Trojans’ impressive growth,” said Luis Corrons, technical director of PandaLabs.

According to research from Symantec in its annual MessageLabs Intelligence 2010 Security Report, Rustock was responsible for more than 44 billion spam emails per day and had more than one million bots under its control. Botnets Grum and Cutwail are the second and third largest respectively, the report said.

Symantec officials predicted that in 2011 botnet controllers will resort to employing steganography techniques to control their computers. This means hiding their commands in plain view – perhaps within images or music files distributed through file sharing or social networking websites. This approach will allow criminals to surreptitiously issue instructions to their botnets without relying on an ISP to host their infrastructure—thus minimizing the chances of discovery.


Erin Harrison is Executive Editor, Strategic Initiatives, for TMC, where she oversees the company's strategic editorial initiatives, including the launch of several new print and online initiatives. She plays an active role in the print publications and TechZone360, covering IP communications, information technology and other related topics. To read more of Erin's articles, please visit her columnist page.

Edited by Janice McDuffee

Executive Editor, Strategic Initiatives

SHARE THIS ARTICLE
Related Articles

GENBAND & Sonus Go Dutch for Merger

By: Maurice Nagle    5/23/2017

Mergers and acquisitions are the norm in business. However, it's not every day that two major cloud communications players with highly complementary o…

Read More

The Killer App for VR: The Ability to Meet Yourself

By: Rob Enderle    5/23/2017

I was at a VR event this week, and I'm sure the speaker misspoke when he said that one of the benefits of VR is the ability to meet yourself. But the …

Read More

WannaCry Ransomware Holds Files Hostage: Best Practices to Avoid Being a Victim

By: Special Guest    5/23/2017

More than 200,000 computers in more than 150 countries were crippled by a massive ransomware attack, dubbed WannaCry, and security experts warned that…

Read More

LeoSat Secures Japanese Investment for Enterprise Broadband Satellite Network

By: Doug Mohney    5/23/2017

Another broadband satellite cloud network moved closer to reality this month, with LeoSat securing an investment from SKY Perfect JSAT (SJC) Corporati…

Read More

Organizations Can Combat WannaCry & Jaff Ransomware With Well Instrumented DNS

By: Special Guest    5/22/2017

The Infoblox Intelligence Unit observed two global malware outbreaks on Friday, May 12. Although there is no indication that the two attacks were rela…

Read More