Bagle fills botnet hole as spam drops by third after Rustock takedown

The Bagle botnet has moved quickly to take over as the most active spam-sending botnet in 2011, after Microsoft and law enforcers took down the notorious Rustock botnet this month. However, overall spam levels continued to fall slightly, according to Symantec.cloud.

The security vendor's monthly MessageLabs Intelligence Report for March found that global spam volumes fell from around 52 billion daily emails to roughly 33 billion after Rustock was taken down, a drop of over a third.

However, the report showed a slightly less dramatic overall fall in spam levels in March of just two per cent, as botnets such as Bagle stepped up to service the spammers and fill the gap left by Rustock, just as they did after the McColo shutdown, according to Symantec senior analyst Paul Wood.

"In some cases, such as those of the smaller botnets, this means they have to increase their size and the only way to do that is to infect more computers," he explained.

This trend is likely to lead to more malware attacks, therefore, as botnet herders try to recruit more infected computers by placing malware on legitimate web sites or sending malicious links in emails, he added.

For the first time this year there are no European nations in the top 10 spam-sending countries, although this does not mean a reduction in malware and botnet activity, according to Wood.

He also warned that, despite a co-ordinated industry response led by Microsoft, the Rustock botnet may yet resurface, as those responsible have yet to be caught.

"Botnet technology this sophisticated has a back-up system, so they could find a way of regaining control, whether in a few weeks' or a few months' time," Wood said.