AOH :: ISNQ6880.HTM

Rustock botnet ditches encryption to ramp spam




Rustock botnet ditches encryption to ramp spam
Rustock botnet ditches encryption to ramp spam



  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1457021584-83544723-1282709829=:24828
Content-Type: TEXT/PLAIN; CHARSET=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE
Content-ID:  

http://news.techworld.com/security/3236787/rustock-botnet-ditches-encryption-to-ramp-spam/ 

By John E Dunn
Techworld
24 August 2010

The Rustock mega-botnet appears to have ditched the experimental use of 
TLS (transport layer security) to obscure its activity, Symantec has 
reported.

Rustock=E2=80=99s use of TLS is now averages between 0.1 and 0.2 percent of all 
spam, peaking at 0.5 percent, a tiny fraction of the levels seen in 
March when it reached averages of around 25 percent with a peak of as 
much as 77 percent.

The key moment was on 20 April, when the volume of spam featuring the 
tactic suddenly plunged to sub-one percent levels after an equally 
sudden rise in rates in the weeks prior to that date.

TLS adds a small but cumulative overhead to server email processing, 
which ties up mail servers but also affects the rate at which spam is 
sent. Why Rustock=E2=80=99s controllers adopted the technique at all was never 
clear but might have been connected to a misplaced belief that it would 
make it harder for servers to filters its activity or detect the command 
and control system used to direct its activity.

[...]


--1457021584-83544723-1282709829=:24828
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________________      
Subscribe to InfoSec News - www.infosecnews.org 
http://www.infosecnews.org/mailman/listinfo/isn 

--1457021584-83544723-1282709829=:24828--

Site design & layout copyright © 1986-2014 CodeGods