Botnets: Trouble From A To Zbot


Rustock

Rustock has also come out of the shadows to pummel users with spam -- about 39 percent of global spam according to Symantec reports.

Rustock is most famous for its spam campaigns soliciting cheap and bogus medications through the Canadian Pharmacy, an internet pharmacy soliciting Viagra, Cialis, Lipitor and other commonly prescribed medications.

But unlike its counterparts, this botnet has a secret survival mechanism -- the spam its sends is encrypted. Rustock’s encrypts up to 77 percent of its spam with now the Transport Layer Security, a successor of the Secure Socket Layer, usually reserved for emails.

Some experts think that Rustock's latest encryption feature is meant to protect the botnet’s command and control layer from being shut down. The spam botnet was knocked offline when McColo was shut down in 2008. The botnet eventually returned, albeit weakened, and at a great price to bot herders.