Information Security News mailing list archives
Rustock botnet ditches encryption to ramp spam
From: InfoSec News <alerts () infosecnews org>
Date: Wed, 25 Aug 2010 00:37:10 -0500 (CDT)
http://news.techworld.com/security/3236787/rustock-botnet-ditches-encryption-to-ramp-spam/ By John E Dunn Techworld 24 August 2010 The Rustock mega-botnet appears to have ditched the experimental use of TLS (transport layer security) to obscure its activity, Symantec has reported. Rustock’s use of TLS is now averages between 0.1 and 0.2 percent of all spam, peaking at 0.5 percent, a tiny fraction of the levels seen in March when it reached averages of around 25 percent with a peak of as much as 77 percent. The key moment was on 20 April, when the volume of spam featuring the tactic suddenly plunged to sub-one percent levels after an equally sudden rise in rates in the weeks prior to that date. TLS adds a small but cumulative overhead to server email processing, which ties up mail servers but also affects the rate at which spam is sent. Why Rustock’s controllers adopted the technique at all was never clear but might have been connected to a misplaced belief that it would make it harder for servers to filters its activity or detect the command and control system used to direct its activity. [...]
_______________________________________________________ Subscribe to InfoSec News - www.infosecnews.org http://www.infosecnews.org/mailman/listinfo/isn
Current thread:
- Rustock botnet ditches encryption to ramp spam InfoSec News (Aug 24)