Page 1 of 2
It’s been a week since the Rustock shutdown, and the world is much quieter on the spam front.
According to stats from leading anti-spam vendors, the successful takedown of the Rustock botnet has so far had a lasting impact on spam levels. Figures from Symantec’s MessageLabs team show the overall amount of spam being blasted out declining by approximately 15 billion during the eight days between March 15 and March 23, when it stood at roughly 30 billion.
“The spam output from Rustock is still flat lined, (and) MessageLabs Intelligence has still seen no activity from this botnet since the 16th March 13:30 GMT,” said Paul Wood, senior analyst at MessageLabs. “Prior to the takedown, Rustock was sending spam in large bursts every two days, so we would have expected a new run to begin on 17th, but nothing happened.”
All this was the result of the well-publicized Operation b107, a project that used the combined efforts of researchers from Microsoft, FireEye and the University of Washington in conjunction with CN-CERT (China’s Computer Emergency Response Team) and various law enforcement agencies. It was the second Microsoft-led takedown of a major botnet in the past year; in 2010, the company claimed victory of Waledac.
But the effect of the takedowns, as perhaps can be expected, is often relatively short-lived, raising the question of whether the anti-spam industry is at the point where takedowns are the only thing that can help vendors inch closer to blocking 100 percent of unwanted mail.
There's not much more that the anti-spam industry can do about targeted spear phishing without running into problems with quarantining legit user emails, Alex Lanstein, senior security engineer at FireEye, told CRN.
“Targeted spear phishes will use personal details and relevant sounding content to bypass spam filters and ultimately fool very savvy users to open the email and attachments,” he said. “That's why our email security appliances use our virtual machine analysis to assess each and every attachment for malicious code."
As an industry, there is still bickering about the subtleties of even defining the term spam, said Adam Wosotowsky, principal engineer at McAfee Labs.
“The anti-spam industry suffers from a general malaise because a lot of industry leaders went right over the cliff following folks who shouted the mantra ‘spam is a solved problem’,” he said. “The spam problem has not been solved…It is an issue which is connected to how we live and how we do business, and until there is no potential for profit, spam will continue to be a significant problem.”