The Rustock Spambot Is Likley To No Longer Be A Threat
Executive Summary: It is likely that the Rustock Spambot will no longer be a threat. This is because the number of customers dramatically decreased due to the closing of the website Spamit.com.
Discussion: The Rustock Botnet was the largest spambot in the world. It relayed about 40 percent of the world's sp am traffic and infected about 1.3 million computers (1). The botnet sent about 46 billion spam emails a day in early September (2). It wasn’t until September 25 that the Rustock Botnet suffered a major decline in spam output (3). The decrease in activity happened at the same time of spamit.com's closing. Spamit.com is an underground organization of spamming affiliates. The website was responsible for connecting websites that wanted to be advertised through spam and the botnets themselves. On September 25, spamit.com announced that the website will be closing down and will no longer engage in spamming (4). Spamit.com is closely related to the notorious “Canadian Pharmacy” spam, which is actually Rustock’s main spam website. Spamit.com provided Rustock with the vast majority of their customers. Without those customers, Rustock sends out less spam and is not a serious threat (5).
The creator of spamit.com, Igor A. Gusev of Russia, fled his home country, because he is being investigated by the Russian Police. A Russian law enforcement agency raided Gusev’s house and found five hard drive and three laptops, which the Police used to press charges (6). Because Gusev is wanted, he will not return to the country. Without the creator and mastermind of spamit.com, and the evidence obtained by the police, spamit.com will not be running back up again in the near future.If caught Gusev will spend up to five years in prison (7).
Executive Summary:
It is likely that the Rustock Spambot will no longer be a threat. This is because the number of customers dramatically decreased due to the closing of the website Spamit.com.
Discussion:
The Rustock Botnet was the largest spambot in the world. It relayed about 40 percent of the world's sp
am traffic and infected about 1.3 million computers (1). The botnet sent about 46 billion spam emails a day in early September (2). It wasn’t until September 25 that the Rustock Botnet suffered a major decline in spam output (3). The decrease in activity happened at the same time of spamit.com's closing. Spamit.com is an underground organization of spamming affiliates. The website was responsible for connecting websites that wanted to be advertised through spam and the botnets themselves. On September 25, spamit.com announced that the website will be closing down and will no longer engage in spamming (4). Spamit.com is closely related to the notorious “Canadian Pharmacy” spam, which is actually Rustock’s main spam website. Spamit.com provided Rustock with the vast majority of their customers. Without those customers, Rustock sends out less spam and is not a serious threat (5).
The creator of spamit.com, Igor A. Gusev of Russia, fled his home country, because he is being investigated by the Russian Police. A Russian law enforcement agency raided Gusev’s house and found five hard drive and three laptops, which the Police used to press charges (6). Because Gusev is wanted, he will not return to the country. Without the creator and mastermind of spamit.com, and the evidence obtained by the police, spamit.com will not be running back up again in the near future.If caught Gusev will spend up to five years in prison (7).
Analytic Confidence:
Analytic confidence for this assessment is medium. Source reliability ranges from medium to high. There some conflict between sources but no major disagreements. The analyst had low expertise, worked in a group and used the structured analytic method of ACH. The subject is moderately complex and the deadline was moderately demanding to meet.
1.“http://blog.mxlab.eu/2010/10/07/significant-drop-in-spam-levels-since-end-of-september-2010/ (High 56.53)
2. http://krebsonsecurity.com/tag/rustock/ (medium:45.33)
3. http://labs.m86security.com/2010/10/spam-volumes-drop-after-spamit-shakeup/ (High 56.95)
4. http://labs.m86security.com/2010/10/spam-volumes-drop-after-spamit-shakeup/ (High 56.95)
5. http://ikillspammers.blogspot.com/2010/09/spamitcom-closing-down.html (High 58.54)
6. http://www.nytimes.com/2010/10/27/business/27spam.html (Medium: 45.33)
7. http://www.nytimes.com/2010/10/27/business/27spam.html (Medium 45.33)
Picture- http://labs.m86security.com/2010/10/spam-volumes-drop-after-spamit-shakeup/