Major Spam Botnet Takes Unexplained Xmas Vacation

Dennis Faas's picture

Security experts are trying to work out why the amount of spam (unsolicited bulk email) distributed worldwide fell dramatically towards the end of 2010. That said, they also suspect it's a situation that won't last long.

Post-Christmas Spam a Fraction of Summer Totals

Security firm Symantec estimates that in August the number of bogus emails sent daily was around 200 billion. Surprisingly, that number slipped dramatically to 110 billion by October, was just 70 billion in late December, and collapsed after Christmas to around 30 billion. (Source:

If you're staggered by talk of tens or hundreds of billions, it's worth noting this isn't the number of messages that people actually receive. The vast majority of spam is filtered by email service providers, though the small percentage of spam that actually does get through certainly makes for a lot of junk email.

It's not likely the drop has to do with spammers taking time off to celebrate the holidays. And although it may make sense to avoid sending messages to businesses when they are shut down for seasonal breaks, that wouldn't seem a big enough factor to explain the pattern.

Email Spam Botnet May Be The Key

Instead, the answer appears to lie with the Rustock botnet, a worldwide network of PCs that are infected with a virus and are remotely instructed (by the botnet owner) to send billions of email spam messages to others.

The Rustock network, which is responsible for around half of all email spam and which specializes in advertisements for bogus pharmaceuticals, appears to have suddenly dropped to just a fraction of its normal activity levels. Money generated from the scams are purposely designed to defraud credit card holders.

Meanwhile, two other major botnets have shown a notable decline.

It's not unheard of for a botnet's activity to drop after security researchers carry out a successful takedown scheme. This involves tracking down the websites that the infected computers contact for instructions, then working with the relevant legal authorities to block or remove the sites.

However, there's no record of anyone carrying out such an operation. That leaves two possibilities: one, which appears less likely, is that the spammers have taken a temporary break, perhaps in preparation for a major organizational or tactical change.

The other, which is more plausible, is that the Rustock botnet has suffered an unexplained technical error that hasn't yet been fixed. (Source:

Rate this article: 
No votes yet