Rustock takedown cuts global spam, but Bagle botnet takes over

Microsoft’s recent take-down of the Rustock botnet saw spam levels drop by a third during March, according to Symantec unit MessageLabs.

During 2010, Rustock accounted for 28 percent of botnet-created spam, blasting out 13.82 billion spam emails per day.


But earlier this month, Microsoft and others successfully took action to down it, using trademark law to justify the seizure of the botnet’s servers.

In the days that followed, says MessageLabs, global spam volumes fell by 34 percent.

But the respite is likely to be short-lived, with the Bagle botnet in particular poised to carry on where Rustock left off. Since the end of 2010, it’s been sending around 8.31 billion spam emails each day, most linked to pharmaceutical products.

“In the wake of the notable Rustock takedown, other botnets have stepped up their activities to take advantage of the gap in the market that will likely be filled before long,” says MessageLabs.

“While Bagle may not have as many bots under its control or have spikes of traffic as large and dominating as Rustock, its output has been more consistent. In the wake of Rustock’s demise, Bagle has already taken over from Rustock as the most active spam-sending botnet in 2011.”

Over March, the proportion of emails that consisted of spam fell by two percentage points to 79.3 percent. One in every 208.9 emails contained a virus, and one in every 252.5 was a phishing attack.