Symantec's MessageLabs says Rustock, the largest of the spam botnets, is back with a bang since Monday, and appears set to continue where it left off on Dec. 25 as the biggest source of worldwide spam.
Global spam levels dropped massively on Christmas day. Since Dec. 25, the Rustock botnet has basically disappeared as the amount of spam from it has fallen below 0.5 percent of the global total.
MessageLabs says its Intelligence Honeypot servers have seen a rise of around 98 percent in spam traffic between 00:00 and 10:00 on Monday compared to the same period on Sunday.
As Rustock has now returned, this means the overall level of spam has increased, says Web security services provider MessageLabs in a blog post on behalf of Mathew Nisbet, Malware Analyst with Symantec.
While levels of Rustock output appears marginally lower than before Christmas, MessageLabs says it sees no reason they won't reach those prior levels again, bringing global spam levels back up to about 90 percent.
During the spam lull, Rustock continued to exercise click fraud, a profitable activity of using the botnet to simulate a click on a web page advertisement, bringing automatic revenue from the advertisers to the operators of the botnet.
According to MessageLabs, Rustock is spewing mostly pharma spam with subjects like, Dear [username] -80 percent now The username is taken as whatever is before the @ symbol in the to address. This appears to be the Pharmacy express branding.
It is too early to say what effect this will have on global spam levels, or if this return is permanent, but at the moment it certainly seems as if the holiday is over and it's now back to business as usual, says MessageLabs.
Welcome back Rustock…We can’t say we’ve missed you, says another security firm NetWitness that monitored a number of botnets and checked them occasionally for new information. Sometime this Monday, Rustock begain spamming again, pushing Viagra from shady .ru sites.
Created around 2006, the Rustock botnet consists of an estimated 150,000 computers and is capable of sending around 30 billion spam messages a day -- each infected PC is capable of sending an estimated 25,000 messages a day.
Symantec's internet security predictions for 2011:
In a December 2010 report, Symantec made predictions for 2011 with respect to the spam and phishing threat landscape. Symantec expects three major trends of last year to continue into 2011.
* Use of current events and news as subject lines: 2010 was all about disastrous earthquakes, World Cup Football, auto recalls, and Gulf of Mexico oil spill. In addition to using these real news and events, spammers will continue to use fake news and events to generate interest.
* Exploiting social networks: As social networks continue to grow, Symantec expects that spammers and phishers will con-tinue to leverage popular social networking brands to launch unique attacks that threaten identity and information thefts.
* Lower volume, more targeted attacks: Spammers are getting more sophisticated with their scam and phishing tactics. These targeted attacks will continue in 2011.
* Year of Malware Spam: Symantec expects more malware spam in 2011. Spammers have lost a great part of their infected machines due to recent shutdowns. In order to make up for the loss and rebuild their army of compromised machines, spammers will launch more malware message attacks.
Symantec lists some of best practices users should follow:
* Do not open unknown email attachments. These attachments could infect your computer.
* Do not reply to spam. Typically the sender’s email address is forged, and replying may only result in more spam.
* Do not fill out forms in messages that ask for personal or financial information or passwords. A reputable company is unlikely to ask for your personal details through email. When in doubt, contact the company in question through an independent, trusted mechanism, such as a verified telephone number, or a known Internet address that you type into a new browser window (do not click or cut and paste from a link in the message).
* Do not buy products or services from spam messages.