This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-83544723-1282709829=:24828
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://news.techworld.com/security/3236787/rustock-botnet-ditches-encryption-to-ramp-spam/ 

By John E Dunn
Techworld
24 August 2010

The Rustock mega-botnet appears to have ditched the experimental use of 
TLS (transport layer security) to obscure its activity, Symantec has 
reported.

Rustock=E2=80=99s use of TLS is now averages between 0.1 and 0.2 percent of all 
spam, peaking at 0.5 percent, a tiny fraction of the levels seen in 
March when it reached averages of around 25 percent with a peak of as 
much as 77 percent.

The key moment was on 20 April, when the volume of spam featuring the 
tactic suddenly plunged to sub-one percent levels after an equally 
sudden rise in rates in the weeks prior to that date.

TLS adds a small but cumulative overhead to server email processing, 
which ties up mail servers but also affects the rate at which spam is 
sent. Why Rustock=E2=80=99s controllers adopted the technique at all was never 
clear but might have been connected to a misplaced belief that it would 
make it harder for servers to filters its activity or detect the command 
and control system used to direct its activity.

[...]


--1457021584-83544723-1282709829=:24828
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org 
http://www.infosecnews.org/mailman/listinfo/isn 

--1457021584-83544723-1282709829=:24828--