Symantec: Spam Botnets Regroup After Rustock Takedown

According to a new report from Symantec, global spam levels fell a whopping 33 percent when Rustock was taken down in mid-March. However, the criminals behind the Bagle botnet were quick to step in the void, joining a number of botnets that stepped up their activities.

According to Symantec, Bagle has now taken the throne of most active spam-sending botnet. Previously, it was Rustock that wore the crown, spamming out as many as 13.82 billion e-mails daily this month. Following a Microsoft-led operation that included researchers from FireEye and the University of Washington, Rustock spam fell 33.6 percent between March 15 and 17.

For the month, the global ratio of spam in e-mail traffic fell two percent. Eighty-three percent of global spam came from botnets, up from 77 percent at the end of 2010.

“Botnets have been and remain a destructive resource for cyber criminals and through the years have become the spammers’ air-supply, without which it would be very difficult for them to operate,” the report states. “In addition to anonymous spam-sending, many botnets can be used for a number of other purposes, such as launching distributed denial of service attacks, hosting illegal web site content on infected computers (known as bots), harvesting personal data from them and installing spyware to track the activities of their users.”

With Rustock out of the way, the top spamming botnets include Bagle, Festi, Cutwail and Lethic -- four botnets that combined to send out more than 16 billion spam messages a day. But perhaps even more important than the amount of overall spam is the number of e-mails with viruses or malicious links that are blasted to user inboxes.

According to Symantec, during March, the global ratio of e-mail borne viruses in e-mail traffic was one in 208.9 e-mails. In addition, 63.4 percent of malicious e-mails contained links to sites hosting malicious content, a decrease of .1 percentage points since February.

“Botnets have been and remain a destructive resource for cyber criminals and through the years have become the spammers’ air-supply, without which it would be very difficult for them to operate,” said Paul Wood, MessageLabs Intelligence senior analyst, Symantec.cloud, in a statement. “Botnets are also used for other purposes such as launching distributed denial of service attacks, hosting illegal web site content on infected computers (known as bots), harvesting personal data from them and installing spyware to track the activities of their users.”