125:
in around 35 percent of the cases as an extra layer of protection to hide its presence. Whether detected or not, this creates additional overhead for the mail servers handling the spam. Some experts pointed out that this extra load could negatively impact the mail infrastructure of the
Internet, as
45:
messages per hour from an infected PC. At the height of its activities, it sent an average of 192 spam messages per compromised machine per minute. Reported estimates on its size vary greatly across different sources, with claims that the botnet may have comprised anywhere between 150,000 and
92:
To capture the individuals involved with the
Rustock botnet, on July 18, 2011, Microsoft is offering "a monetary reward in the amount of US$ 250,000 for new information that results in the identification, arrest and criminal conviction of such individual(s)."
76:
On March 16, 2011, the botnet was taken down through what was initially reported as a coordinated effort by
Internet service providers and software vendors. It was revealed the next day that the take-down, called Operation b107, was the action of
73:. While these actions temporarily reduced global spam levels by around 75%, the effect did not last long: spam levels increased by 60% between January and June 2009, 40% of which was attributed to the Rustock botnet.
46:
2,400,000 machines. The size of the botnet was increased and maintained mostly through self-propagation, where the botnet sent many malicious e-mails intended to infect machines opening them with a
275:
996:
250:
1187:
1022:
1117:
608:
225:
308:
1588:
1075:
1727:
480:"Grum and Rustock botnets drive spam to new levels > Botnet > Vulnerabilities & Exploits > News > SC Magazine Australia/NZ"
287:
458:
544:
479:
989:
1199:
1127:
719:
1459:
1298:
588:
523:
368:
393:
101:
Botnets are composed of infected computers used by unwitting
Internet users. In order to hide its presence from the user and
1027:
1017:
982:
118:
1091:
681:
415:
254:
638:
121:(DDoS) attacks. Ninety-six servers were in operation at the time of the takedown. When sending spam the botnet uses
1722:
1214:
1194:
627:
Microsoft
Amended Application for Temporary Restraining Order. Case 11CV00222, US Fed. Ct. W.D. Wash., Feb 28 2011
1390:
160:
1464:
1224:
963:
122:
86:
47:
501:
229:
1531:
1490:
1239:
566:
1557:
1552:
1143:
1122:
322:
200:
1547:
1521:
1262:
757:
712:
185:
436:
1583:
1096:
958:
150:
437:"Dead network provider arms Rustock botnet from the hereafter - McColo dials Russia as world sleeps"
343:
61:
which was responsible for hosting most of the botnet's command and control servers. McColo regained
1288:
110:
102:
1354:
1059:
948:
283:
1380:
1375:
1732:
1412:
1370:
1272:
1182:
1112:
938:
897:
190:
42:
41:
It consisted of computers running
Microsoft Windows, and was capable of sending up to 25,000
1737:
1267:
1148:
953:
918:
705:
113:
at a number of IP addresses and any of 2,500 domains and backup domains that may direct the
1204:
1671:
1333:
1313:
1293:
1283:
832:
822:
767:
195:
114:
69:
a second of traffic was observed, likely indicating a transfer of command and control to
1697:
1640:
1400:
1219:
923:
902:
892:
837:
802:
772:
318:
205:
372:
1716:
1661:
1443:
1308:
1234:
928:
862:
827:
817:
812:
782:
752:
175:
155:
1635:
1406:
1323:
1318:
1169:
933:
867:
842:
787:
180:
140:
663:
1645:
1609:
1506:
1328:
1257:
1177:
792:
1614:
1229:
1154:
1053:
1687:
1666:
887:
777:
170:
78:
117:
in the botnet to perform various tasks such as sending spam or executing
1692:
1619:
1578:
1526:
1438:
1338:
1209:
857:
807:
762:
313:
62:
1511:
1423:
974:
943:
797:
165:
106:
82:
17:
1562:
1303:
1249:
877:
852:
728:
145:
135:
109:
technology. Once a computer was infected, it would seek contact with
70:
54:
35:
1516:
1469:
882:
872:
747:
642:
1474:
309:"Symantec Announces August 2010 MessageLabs Intelligence Report"
66:
978:
701:
742:
58:
65:
connectivity for several hours, and in those hours up to 15
276:"Marshal8e6 Releases New Insight and Analysis into Botnets"
251:"Real Viagra sales power global spam flood - Techworld.com"
697:
459:"Rustock botnet leads spam surge up 60 percent in 2009"
50:
which would incorporate the machine into the botnet.
609:"Microsoft Offers Reward for Information on Rustock"
1680:
1654:
1628:
1597:
1571:
1540:
1499:
1483:
1452:
1431:
1422:
1389:
1363:
1347:
1248:
1168:
1136:
1105:
1084:
1068:
1046:
1039:
911:
735:
639:"Security: A Day in the Life of the Rustock Botnet"
545:"How Operation b107 decapitated the Rustock botnet"
394:"Rustock botnet responsible for 40 percent of spam"
371:. Securityinfowatch.com. 2009-02-06. Archived from
53:The botnet took a hit after the 2008 takedown of
38:that operated from around 2006 until March 2011.
126:most of the e-mails sent these days are spam.
990:
713:
682:"Beware Botnet's Return, Security Firms Warn"
8:
416:"New Rustock Botnet Trying to Expand Itself"
369:"Biggest spammer? The Rustock botnet |"
1428:
1043:
997:
983:
975:
720:
706:
698:
589:"Operation b107 - Rustock Botnet Takedown"
524:"Operation b107 - Rustock Botnet Takedown"
1076:Sony BMG copy protection rootkit scandal
664:"Spammers sought after botnet takedown"
216:
81:, U.S. federal law enforcement agents,
7:
502:"Prolific Spam Network Is Unplugged"
482:. securecomputing.net.au. 2010-03-02
253:. News.techworld.com. Archived from
25:
439:. The Register. 18 November 2008
228:. SC Magazine US. Archived from
226:"The Rustock botnet spams again"
543:Bright, Peter (22 March 2011).
500:Hickins, Michael (2011-03-17).
1728:Distributed computing projects
565:Wingfield, Nick (2011-03-18).
105:, the Rustock botnet employed
1:
119:distributed denial of service
1407:Kaminsky DNS cache poisoning
1151:(findings published in 2010)
637:Prince, Brian (2009-07-28).
321:. 2010-08-24. Archived from
286:. 2009-04-22. Archived from
224:Chuck Miller (2008-07-25).
111:command-and-control servers
1754:
344:"MessageLabs intelligence"
1010:
418:. SPAMfighter. 2008-07-25
349:. MessageLabs. April 2010
161:Zombie (computer science)
567:"Spam Network Shut Down"
87:University of Washington
1128:US military cyberattack
1118:Cyberattacks on Georgia
1092:Cyberattacks on Estonia
1123:Sarah Palin email hack
461:. MX Logic. 2009-07-14
317:. Sunnyvale, CA, USA:
201:Cyberwarfare by Russia
1263:Jeanson James Ancheta
684:. PCWorld. 2010-03-28
569:. Wall Street Journal
504:. Wall Street Journal
186:Bagle (computer worm)
1097:Operation: Bot Roast
1005:Hacking in the 2000s
959:Operation: Bot Roast
282:. Chicago, IL, USA:
151:Operation: Bot Roast
103:anti-virus software
1060:Operation Firewall
949:Man-in-the-browser
325:on August 28, 2010
284:Trustwave Holdings
1723:Internet security
1710:
1709:
1706:
1705:
1188:associated events
1164:
1163:
1113:Project Chanology
1034:
1033:
972:
971:
939:Internet security
396:. Good Gear Guide
191:ZeroAccess botnet
16:(Redirected from
1745:
1429:
1280:str0ke (milw0rm)
1149:Operation Aurora
1044:
1013:
1012:
999:
992:
985:
976:
954:Network security
919:Browser security
722:
715:
708:
699:
693:
692:
690:
689:
678:
672:
671:
660:
654:
653:
651:
649:
634:
628:
625:
619:
618:
616:
615:
605:
599:
598:
596:
595:
587:Williams, Jeff.
584:
578:
577:
575:
574:
562:
556:
555:
553:
552:
540:
534:
533:
531:
530:
522:Williams, Jeff.
519:
513:
512:
510:
509:
497:
491:
490:
488:
487:
476:
470:
469:
467:
466:
455:
449:
448:
446:
444:
433:
427:
426:
424:
423:
412:
406:
405:
403:
401:
390:
384:
383:
381:
380:
365:
359:
358:
356:
354:
348:
340:
334:
333:
331:
330:
305:
299:
298:
296:
295:
272:
266:
265:
263:
262:
247:
241:
240:
238:
237:
221:
21:
1753:
1752:
1748:
1747:
1746:
1744:
1743:
1742:
1713:
1712:
1711:
1702:
1676:
1650:
1624:
1593:
1567:
1536:
1495:
1479:
1460:Anna Kournikova
1448:
1418:
1393:
1391:Vulnerabilities
1385:
1359:
1343:
1334:Dmitry Sklyarov
1314:Albert Gonzalez
1244:
1160:
1132:
1101:
1080:
1064:
1035:
1006:
1003:
973:
968:
907:
736:Notable botnets
731:
726:
696:
687:
685:
680:
679:
675:
662:
661:
657:
647:
645:
636:
635:
631:
626:
622:
613:
611:
607:
606:
602:
593:
591:
586:
585:
581:
572:
570:
564:
563:
559:
550:
548:
542:
541:
537:
528:
526:
521:
520:
516:
507:
505:
499:
498:
494:
485:
483:
478:
477:
473:
464:
462:
457:
456:
452:
442:
440:
435:
434:
430:
421:
419:
414:
413:
409:
399:
397:
392:
391:
387:
378:
376:
367:
366:
362:
352:
350:
346:
342:
341:
337:
328:
326:
307:
306:
302:
293:
291:
274:
273:
269:
260:
258:
249:
248:
244:
235:
233:
223:
222:
218:
214:
196:Regin (malware)
132:
99:
28:
23:
22:
15:
12:
11:
5:
1751:
1749:
1741:
1740:
1735:
1730:
1725:
1715:
1714:
1708:
1707:
1704:
1703:
1701:
1700:
1695:
1690:
1684:
1682:
1678:
1677:
1675:
1674:
1669:
1664:
1658:
1656:
1652:
1651:
1649:
1648:
1646:Black Energy 1
1643:
1638:
1632:
1630:
1626:
1625:
1623:
1622:
1617:
1612:
1607:
1601:
1599:
1595:
1594:
1592:
1591:
1586:
1581:
1575:
1573:
1569:
1568:
1566:
1565:
1560:
1555:
1550:
1544:
1542:
1538:
1537:
1535:
1534:
1529:
1524:
1519:
1514:
1509:
1503:
1501:
1497:
1496:
1494:
1493:
1487:
1485:
1481:
1480:
1478:
1477:
1472:
1467:
1462:
1456:
1454:
1450:
1449:
1447:
1446:
1441:
1435:
1433:
1426:
1420:
1419:
1417:
1416:
1410:
1404:
1401:Shatter attack
1397:
1395:
1387:
1386:
1384:
1383:
1378:
1373:
1367:
1365:
1364:Hacking forums
1361:
1360:
1358:
1357:
1351:
1349:
1345:
1344:
1342:
1341:
1336:
1331:
1326:
1321:
1316:
1311:
1306:
1301:
1296:
1291:
1286:
1281:
1278:
1275:
1270:
1265:
1260:
1254:
1252:
1246:
1245:
1243:
1242:
1237:
1232:
1227:
1222:
1220:PLA Unit 61398
1217:
1212:
1207:
1202:
1197:
1192:
1191:
1190:
1180:
1174:
1172:
1166:
1165:
1162:
1161:
1159:
1158:
1152:
1146:
1144:Operation Troy
1140:
1138:
1134:
1133:
1131:
1130:
1125:
1120:
1115:
1109:
1107:
1103:
1102:
1100:
1099:
1094:
1088:
1086:
1082:
1081:
1079:
1078:
1072:
1070:
1066:
1065:
1063:
1062:
1057:
1050:
1048:
1041:
1037:
1036:
1032:
1031:
1025:
1020:
1011:
1008:
1007:
1004:
1002:
1001:
994:
987:
979:
970:
969:
967:
966:
961:
956:
951:
946:
941:
936:
931:
926:
924:Computer virus
921:
915:
913:
909:
908:
906:
905:
900:
895:
890:
885:
880:
875:
870:
865:
860:
855:
850:
845:
840:
835:
830:
825:
820:
815:
810:
805:
800:
795:
790:
785:
780:
775:
770:
765:
760:
755:
750:
745:
739:
737:
733:
732:
727:
725:
724:
717:
710:
702:
695:
694:
673:
655:
629:
620:
600:
579:
557:
547:. Ars Technica
535:
514:
492:
471:
450:
428:
407:
385:
360:
335:
300:
267:
242:
215:
213:
210:
209:
208:
206:Zeus (malware)
203:
198:
193:
188:
183:
178:
173:
168:
163:
158:
153:
148:
143:
138:
131:
128:
123:TLS encryption
98:
95:
32:Rustock botnet
27:Type of botnet
26:
24:
14:
13:
10:
9:
6:
4:
3:
2:
1750:
1739:
1736:
1734:
1731:
1729:
1726:
1724:
1721:
1720:
1718:
1699:
1696:
1694:
1691:
1689:
1686:
1685:
1683:
1679:
1673:
1670:
1668:
1665:
1663:
1660:
1659:
1657:
1653:
1647:
1644:
1642:
1639:
1637:
1634:
1633:
1631:
1627:
1621:
1618:
1616:
1613:
1611:
1608:
1606:
1603:
1602:
1600:
1596:
1590:
1587:
1585:
1582:
1580:
1577:
1576:
1574:
1570:
1564:
1561:
1559:
1556:
1554:
1551:
1549:
1546:
1545:
1543:
1539:
1533:
1530:
1528:
1525:
1523:
1520:
1518:
1515:
1513:
1510:
1508:
1505:
1504:
1502:
1498:
1492:
1489:
1488:
1486:
1482:
1476:
1473:
1471:
1468:
1466:
1463:
1461:
1458:
1457:
1455:
1451:
1445:
1442:
1440:
1437:
1436:
1434:
1430:
1427:
1425:
1421:
1414:
1411:
1408:
1405:
1402:
1399:
1398:
1396:
1392:
1388:
1382:
1379:
1377:
1374:
1372:
1369:
1368:
1366:
1362:
1356:
1353:
1352:
1350:
1346:
1340:
1337:
1335:
1332:
1330:
1327:
1325:
1322:
1320:
1317:
1315:
1312:
1310:
1307:
1305:
1302:
1300:
1297:
1295:
1292:
1290:
1287:
1285:
1282:
1279:
1276:
1274:
1271:
1269:
1266:
1264:
1261:
1259:
1256:
1255:
1253:
1251:
1247:
1241:
1238:
1236:
1235:World of Hell
1233:
1231:
1228:
1226:
1223:
1221:
1218:
1216:
1213:
1211:
1208:
1206:
1203:
1201:
1198:
1196:
1193:
1189:
1186:
1185:
1184:
1181:
1179:
1176:
1175:
1173:
1171:
1167:
1156:
1153:
1150:
1147:
1145:
1142:
1141:
1139:
1135:
1129:
1126:
1124:
1121:
1119:
1116:
1114:
1111:
1110:
1108:
1104:
1098:
1095:
1093:
1090:
1089:
1087:
1083:
1077:
1074:
1073:
1071:
1067:
1061:
1058:
1055:
1052:
1051:
1049:
1045:
1042:
1038:
1030: →
1029:
1026:
1024:
1021:
1019:
1016:←
1015:
1014:
1009:
1000:
995:
993:
988:
986:
981:
980:
977:
965:
962:
960:
957:
955:
952:
950:
947:
945:
942:
940:
937:
935:
932:
930:
929:Computer worm
927:
925:
922:
920:
917:
916:
914:
912:Main articles
910:
904:
901:
899:
896:
894:
891:
889:
886:
884:
881:
879:
876:
874:
871:
869:
866:
864:
861:
859:
856:
854:
851:
849:
846:
844:
841:
839:
836:
834:
831:
829:
826:
824:
821:
819:
816:
814:
811:
809:
806:
804:
801:
799:
796:
794:
791:
789:
786:
784:
781:
779:
776:
774:
771:
769:
766:
764:
761:
759:
756:
754:
751:
749:
746:
744:
741:
740:
738:
734:
730:
723:
718:
716:
711:
709:
704:
703:
700:
683:
677:
674:
670:. 2011-03-25.
669:
665:
659:
656:
644:
640:
633:
630:
624:
621:
610:
604:
601:
590:
583:
580:
568:
561:
558:
546:
539:
536:
525:
518:
515:
503:
496:
493:
481:
475:
472:
460:
454:
451:
438:
432:
429:
417:
411:
408:
395:
389:
386:
375:on 2020-06-18
374:
370:
364:
361:
345:
339:
336:
324:
320:
316:
315:
310:
304:
301:
290:on 2016-04-20
289:
285:
281:
280:trustwave.com
277:
271:
268:
257:on 2012-04-07
256:
252:
246:
243:
232:on 2012-07-30
231:
227:
220:
217:
211:
207:
204:
202:
199:
197:
194:
192:
189:
187:
184:
182:
179:
177:
176:Gameover ZeuS
174:
172:
169:
167:
164:
162:
159:
157:
156:Srizbi botnet
154:
152:
149:
147:
144:
142:
139:
137:
134:
133:
129:
127:
124:
120:
116:
112:
108:
104:
96:
94:
90:
88:
84:
80:
74:
72:
68:
64:
60:
56:
51:
49:
44:
39:
37:
33:
19:
1604:
1589:Sony rootkit
1355:Bluehell IRC
1324:Dan Kaminsky
1319:Sven Jaschan
964:Trojan horse
847:
686:. Retrieved
676:
667:
658:
646:. Retrieved
632:
623:
612:. Retrieved
603:
592:. Retrieved
582:
571:. Retrieved
560:
549:. Retrieved
538:
527:. Retrieved
517:
506:. Retrieved
495:
484:. Retrieved
474:
463:. Retrieved
453:
441:. Retrieved
431:
420:. Retrieved
410:
398:. Retrieved
388:
377:. Retrieved
373:the original
363:
351:. Retrieved
338:
327:. Retrieved
323:the original
312:
303:
292:. Retrieved
288:the original
279:
270:
259:. Retrieved
255:the original
245:
234:. Retrieved
230:the original
219:
181:Storm botnet
141:Helpful worm
100:
91:
75:
52:
40:
31:
29:
1507:SQL Slammer
1329:Samy Kamkar
1250:Individuals
1215:Level Seven
1178:Ac1db1tch3z
1157:(2008–2010)
1056:(2003–2006)
648:20 November
443:20 November
353:20 November
1717:Categories
1394:discovered
1381:darksun.ws
1376:unkn0wn.eu
1284:Lil Hacker
1230:ShadowCrew
1155:WebcamGate
1054:Titan Rain
898:ZeroAccess
688:2010-04-21
614:2011-07-18
594:2011-04-06
573:2011-03-18
551:2011-03-27
529:2011-03-27
508:2011-03-17
486:2010-04-21
465:2010-04-21
422:2010-04-21
400:August 25,
379:2010-04-21
329:2014-01-09
294:2014-01-09
261:2010-04-21
236:2010-04-21
212:References
97:Operations
85:, and the
1688:Conficker
1667:Agent.btz
1195:Avalanche
1183:Anonymous
1040:Incidents
888:Vulcanbot
778:Conficker
171:Conficker
79:Microsoft
1733:Spamming
1693:Koobface
1672:Mariposa
1620:Stration
1615:Clickbot
1579:PGPCoder
1527:Graybird
1465:Code Red
1439:ILOVEYOU
1413:sslstrip
1371:ryan1918
1348:Darknets
1339:Stakkato
1277:Digerati
1273:Dshocker
1240:Sandworm
1210:GhostNet
1023:Timeline
858:Slenfbot
823:Mariposa
808:Koobface
768:Bredolab
763:BASHLITE
668:BBC News
319:Symantec
314:Symantec
130:See also
63:Internet
1738:Botnets
1698:Waledac
1605:Rustock
1532:Blaster
1512:Welchia
1444:Pikachu
1424:Malware
1294:camZero
944:Malware
893:Waledac
848:Rustock
838:Metulji
803:Kelihos
798:Gumblar
773:Cutwail
729:Botnets
166:Alureon
115:zombies
107:rootkit
83:FireEye
18:Rustock
1662:Asprox
1563:Mydoom
1558:Sasser
1553:NetSky
1491:Simile
1415:(2009)
1409:(2008)
1403:(2002)
1309:diabl0
1304:Cyxymu
1299:Coolio
1268:SilenZ
1170:Groups
934:Malbot
878:Torpig
863:Srizbi
853:Sality
828:Mega-D
818:Lethic
813:Kraken
783:Donbot
753:Asprox
146:McColo
136:Botnet
71:Russia
55:McColo
48:trojan
36:botnet
34:was a
1636:Storm
1548:Bagle
1522:Gruel
1517:Sobig
1470:Nimda
1258:AKill
1205:0x1fe
1028:2010s
1018:1990s
883:Virut
873:TDL-4
868:Storm
843:Nitol
833:Mirai
788:Festi
758:Bagle
748:Akbot
643:EWeek
347:(PDF)
57:, an
1681:2009
1655:2008
1641:ZeuS
1629:2007
1610:ZLOB
1598:2006
1584:Samy
1572:2005
1541:2004
1500:2003
1484:2002
1475:Klez
1453:2001
1432:2000
1289:BadB
1200:GNAA
1137:2009
1106:2008
1085:2007
1069:2005
1047:2004
903:Zeus
793:Grum
650:2010
445:2010
402:2010
355:2010
67:Mbit
43:spam
30:The
1225:RBN
743:3ve
59:ISP
1719::
666:.
641:.
311:.
278:.
89:.
998:e
991:t
984:v
721:e
714:t
707:v
691:.
652:.
617:.
597:.
576:.
554:.
532:.
511:.
489:.
468:.
447:.
425:.
404:.
382:.
357:.
332:.
297:.
264:.
239:.
20:)
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.