REPOST - ORIGINALLY POSTED JANUARY 10, 2010
It seems that our holiday from rustock-generated spam is over.
http://bits.blogs.nytimes.com/2011/01/06/spamming-declines-at-least-temporarily/?partner=rss&emc=rss
We monitor a number of botnets at NetWitness and check them occasionally for new information. Since Rustock is in the news, we’ve paid close attention to it recently. Sometime this morning, Rustock begain spamming again, pushing viagra from shady .ru sites.
Looking at the traffic in Investigator, I see a quick overview of subject lines:
And reconstructed, we see a very in-depth message of “CLICK HERE!”
Which of course takes us to Canadian Pharmacy!
Welcome back Rustock…We can’t say we’ve missed you. There is no telling if this will be continued activity, but appears to be business as usual for the Rustock operators.