Global spam volumes dropped by a third following the takedown of the infamous Rustock botnet earlier this month, according to MessageLabs. Prior to the dismantling of its command and control servers on a takedown operation led by Microsoft, Rustock accounted for 13.82 billion spam emails daily, the majority of which advertised …
Follow the money?
While taking down the CC servers and cleaning up the zombies is a good thing, there is always going to be another spam service to take it's place while there is a profit to be made. Tracking down the target sites, prosecuting them and taking their profits is the next stage.
prosecuting them and taking their profits?
Funny how we're happy to throw $1m cruise missiles at an unpleasant dictator just to help some rebels overthrow him, yet seem so reluctant to do the same at people who are clearly doing economic damage on a world scale?
A couple of well-targeted missiles on the homes of the people who run these networks might give the rest of them pause for thought, yet we'd never be able to sell it to the UN.
It's a funny old world.
Id say your world views a little skewed...
Dictator - killing, torturing and maiming his own citizens. Botnet - sending some annoying emails.
Priorities? I know where i would prefer those cruise missiles to be being spent...
you could even call it a mail bomb. "Oops, sorry about the house and all, we were actually aiming for your mailbox. But anyway, just click this link and we'll remove you from our recipient list in the future. *snicker*"
Well there's a revelation
"However, other botnets have since stepped up to fill the spam void. Bagle has already taken over from Rustock as the single biggest source of junk mail."
If you remove the largest item from a set another member of the set becomes the new largest. Thanks Reg, I'd never have predicted that.
Or has Bagle increased by more than it's previous growth trend? It can't have much because you've already told us spam is still down by a third. If Bagle is on the up there's a point to this article which you have utterly failed to convey.
I'd say the truth is somewhere in between...
The level of spam we get has increased since the Rustock botnet was taken down, so from that I'd imagine other botnets are taking over.
Tellingly (is that a word?) the spam is all for users that have been with the company for 4 years or more, whereas up until last week if we got any spam at all it was to common mailing lists etc. It seems the different botnets are using different email address lists.
I have seen no drop in spam volume with the disappearance of Rustock. When an spammer-harboring ISP was taken down the other year, I did see a substantial drop that persisted for months.
The Real Problem
Isn't the real problem that it is impossible to secure computers running Windows?
Wake me when OS X, BSD, UNIX, Linux, et al experience similar problems.
Stupid users the real problem..,
The real problem is that the whole internet model was built on trust, and while this helped to facilitate its explosive growth 15 years ago, it became mainstream enough for 'normal' (ie, tech ignorant) people to use, and exploitable toeholds appeared (largely though MS ignorance and naivety). It was not nipped in the bud then as it should have been, and now we have a raging bot epidemic beyond anyone's ability to disinfect.
The result is that stupid users have the freedom to install stupid stuff on their machines and give the criminals their machines on a plate too easily.
People should have to right to install stupid stuff if they really want to, but education of them (exams?) and rapid response of ISPs as well as improved OS security models is a way to go.
Any non-windows OS is no different, anyone could install a malware app on Mac or Linux too, if the user agreed, thinking that they need it. Just that in general Linux users are much more in tune with their systems than average, and can recognize malware if they come across any. Teaching new Linux users the importance of strong passwords is also recommended. I get many ssh brute force attacks from badly configured linux systems that have been compromised.
It would not hurt if ISPs banned port 25 and 587 and opened on request for their users, if a user doesn't know what port 25 is, then they don't need it!
ISPs operate on such rock bottom margins by overcompeting with each other that they don't have budgets to manage security, and having a bot infested network doesn't not significantly affect their bottom lines at present.
If big web content providers, news sites, facebook et al got ballsy and started to ban bot-infested ISPs with poor reputations then something would be done bloody quickly, as the users would complain and migrate to other providers instead, taking their infected machines with them, and hopefully get some education in keeping their machines clean.
AFAIK there are no laws in the free world that require ISPs to obey a set of simple guidelines, provide abuse reporting addresses and act on them, nor even the whois registry to require an ISP to provide such information.
Something should be done!
My spam is down
I did some analysis of our logs. Not direct spam/ham comparison but more just counting the logs.
Between Mon 28th Feb and Thur 10th March our server averaged 75,000 lines per working day.
Something happened that dropped that average by 5,000 lines on Fri 11th March.
Then since Friday 18th March our average has been 50,000 lines per working day.
That means our overall logs are down by 1/3. All along, our legitimate mail has produced approxiamtely 40,000 lines a day - though this is a different logfile so it only serves to show our ham levels have stayed constant.
We used to see statistics of 85% bad mail in our spam filtering software, now it seems to be reporting 70% which implies a consistent 15% decrease since Rustock fell.
I can also say that our bandwidth stats are down too, which means less costs from the data centre.
Someone commented that spam had a massive economic cost. Unfortunately there is also an economic contribution from all the businesses that charge because of it. Companies providing spam filtering (us) and network providers being two examples.
Spam sharply up today
Rustock going down dropped our delivered spam levels _slightly_ but there's been a sharp uptick in 419 mails today.
DNSBLs are pretty good weapons against most botnets if used correctly.
The real problem is spam going through the "too big to block" mailservers like Yahoo, Gmail, Hotmail, and various Telco-owned ISPs across the EU.
The way to really stop spam is to filter OUTBOUND mail, not inbound but that has no ROI so the large outfits won't do it.