According to a report out this morning from content security solutions firm Marshal, the Rustock botnet has become the world's largest source of spam, overtaking the Srizbi botnet, which was sending 55 percent of all spam by volume in late May.
Botnets are essentially a network of infected computers that have been "taken over" by malware. Often the owner of the computer does not know that their computer has become infected and can be controlled remotely to send spam.
According to the TRACE (threat research and content engineering) team from Marshal, the Rustock botnet was responsible for almost one-third of all spam this past week, just slightly more than the Srizbi botnet, which sent 30.7 percent of all spam this past week. According to Marshal's numbers that means that over 60 percent of all spam is being sent by one of the two botnets.
According to the statement issued by Marshal this morning, botnet spam senders have had a change of focus, with 32.3 percent of the spam they are sending being comprised of malware designed to infect more computers. As recently as six weeks ago, the researchers said that the malware spams were only 3 percent of all spam mailings.
“Almost one-third of all spam in circulation last week was malicious,†said Marhsal TRACE team lead threat analyst Phil Hay in a statement about the team's findings. “Rustock is largely responsible for that. The rise in malicious spam and the rise of Rustock are directly linked. Rustock has grown through malicious spam. Its success in infecting more computers through malicious spam has bred further success. It has been able to send even more spam in a kind of ever-increasing cycle.â€
Apparently Rustock's spam is morphing to appear like a CNN.com list of news headlines. Clicks on those video headlines take computer users to a fake CNN video site which then claims it needs a codec update to be downloaded for the video to work. With no surprise, that codec update is loaded with Rustock botnet malware in the form of an executable.
