Update! Now we know
WSJ article detailing takedown
The first real test of whether the Rustock shutdown is going to
"stick" will be tomorrow (March 18th), which is when the next
"spike" would be due.
At at approximately 14:45 GMT (10:45AM Eastern Daylight time)
on March 16, 2011,
the Rustock spambot appears to have been taken down.
Typically representing 50-70% of all spam, Rustock has been
the largest emitter of spam on the Internet.
Of late, Rustock has been doing an abrupt spike of up to 80% of all spam
every other day with a gradual decay over the rest of the day and sometimes
into the next.
At 14:45 GMT, Rustock appears to have been "caught" just at the beginning
of one of these spikes, and abruptly and precipitously fell to essentially
The shape of the event is more dramatic than the Rustock "vacation" during
late Dec 2010 and early Jan 2011, and if prolonged, will represent
a more significant event than the McColo shutdown in November 2008.
At least we have better measurements this time...
Indications are that there are active measures taking place to prevent
it resurrecting, but only time will tell.
These six graphs show the recent history of Rustock flow into
a group of CBL traps.
The charts on the left are Rustock emissions per second, and on the right
are the percentage of Rustock in total spam flow.
The first row is for Wednesday March 16, 2011, and the second row
is for the previous week.
The graphs in the last row is a view of
Rustock over the previous 6 months, updated every 10 minutes or so.
These will only be made public for a short period and will be
withdrawn for operational security reasons when and if Rustock resurrects.
In this way, you'll be able to tell, within 10 minutes of it happening,
if Rustock restarts.
In the graphs on the left,
the Y axis is detections per second.
In the graphs on the right, the Y axis is the percentage of
total email flow that is Rustock.
The X axis is the date/time in GMT.
This snapshot was taken Wednesday, March 16, 2011.
Day of Rustock Shutdown
Week of Rustock Shutdown
Continously updating (last 6 months)