Rustock is today the largest and most productive spam botnet in the world this has been found at the RSA Conference 2011 in San Francisco. The Rustock botnet (founded around 2006) consists of an estimated 250,000 computers the size of Rustock is related to the constantly evolving technologies.

Joe Stewart, Director of Malware Research at Dell SecureWorks Counter Threat Unit, said that Rustock occupies the first position due to the fact that developers are constantly developing and updating source code which makes many antiviruses fail to detect the malware.

The interesting point is that most criminals are not anymore looking for having big size bot network but they try to have a smaller size of zombies in order to not be detected by major ISP’s , Rustock has employed other novel tactics to stay under-the-radar:

• Samples with active control servers have been observed waiting for up to five days before spamming
• Rustock control servers run a TOR exit node, likely in an attempt to avoid disconnection by network administrators who might think the abuse is originating elsewhere
• Rustock uses the HTTP protocol for communication with the controller, but disguises the requests as if they are online forum posts with encrypted content
• In an attempt to frustrate takedowns, hostnames associated with the Rustock HTTP communication do not map directly to the IP address of a Rustock controller; instead, the IP address listed in DNS is passed through a custom algorithm to find the true IP address to communicate with.

On the second place we find Cutwail botnet with 100,000 bots, followed by Lethic – 75,000 bots; Grum – 65,000 bots; Festi – 60,000 bots, and Maazben – 30,000 bots. The remaining spam botnets consist of 5,000 to 30,000 bots includes Asprox, Fuflo, Waledac, Fivetoon / DMSSpammer, Xarvester, Bobax, Gheg and Bagle.

Now it is clear that even if we use innovative solutions and latest security techniques to prevent breaches and criminal communications. Botnets will always continue to dominate the cyber threat landscape, botnet can be rented and they have new and attractive targets including smart phones and mobile devices.

make sure you subscribe to my RSS feed!