Talk:Rustock botnet

A fact from Rustock botnet appeared on Wikipedia's Main Page in the Did you know column on 29 April 2010 (check views). The text of the entry was as follows:

Did you know... that the Rustock botnet was capable of sending 30 billion spam messages every day, utilizing around 150,000 computers infected with a trojan horse?

A record of the entry may be seen at Wikipedia:Recent additions/2010/April.

Wikipedia

Computing Low‑importance

	This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles
Low	This article has been rated as Low-importance on the project's importance scale.

Computer Security: Computing Low‑importance

This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles

Low

This article has been rated as Low-importance on the project's importance scale.

This article is supported by WikiProject Computing.

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

Size and Numbers[edit]

It seems there's some serious ambiguity in the numbers. There are two conflicting sources: SC Magazine and Good Gear Guide. One claims that the botnet size is roughly 150,000 computers, the other claims 1.3 million. This is a HUGE discrepancy. Which source is more trustworthy? If that's not a question that can be answered, then maybe we should just go with the more recent source. Thoughts? Amit ► 14:36, 25 August 2010 (UTC)[reply]

The problem that surrounds botnets is that they can increase or shrink at very rapid rates. Moreover, the "Secrecy" surrounding them hinders researchers who are attempting to to measure the size of the botnet. Hence, a lot of "Size data" depends on limited-scale measuring and extrapolation of the data received. In other words, there are two possibilities to consider:

Purely based upon other information in the article i find the Good gear source somewhat questionable. Other sources state that an infected PC can send as much as 25.000 e-mail an hours, and this rate is one of the highest for any known botnet (Forgive me for not remembering where the source for this was - i came across it while writing a new set of article's related to botnets). In other words, the volume-per-computer may have been increased since, but it still wouldn't have been major leaps. Now, to calculate - The botnet used to consist of 150.000 PC's, and had a spam capacity of 30 billion e-mail IF the botnet would be pumping out e-mails at full capacity. estimates calculate a total worldwide spam capacity of about 107 billion e-mails a day, which would be reasonable when comparing this information with Rustock's top percentage and capacity. However, if there had been 1.3 million computers the top capacity of Rustock be a staggering 325 billion messages a day - about 3x more then the spam volume of all bot-nets taken together (And keep in mind that the previous claim of 2.5 million computers would double that capacity). Of course botnets are never at top capacity, but averaging 14% total usage seems somewhat low - especially considering that spikes from the botnet has never gone even near the 325 billion capacity.

On the other hand there are botnets who are believed to be that size, while equally not creating large spiked of activity. it is equally possible that part of the botnet is actually commited to other activities such as DDOS attacks or non-mail related work such as keylogging or infecting website's with malicious code. These activities are likely to go unnoticed by mail monitoring companies and may therefor be excluded from their calculations.

Ergo, it depends upon the calculation method, the amount of work a botnet received and upon the operator. I would opt for keeping the smaller size since this seems to be supported by the other sources, but one never knows. Perhaps it may be wise to write: "It consists of an estimated 150,000 computers and is capable of sending around 30 billion spam messages a day, though reports greatly vary across diferent sources, with claims that the botnet may be as large as 1.3 million systems"? Excirial^{(Contact me,Contribs)} 20:13, 25 August 2010 (UTC)[reply]

I agree with you, especially on the second point. The ambiguity clearly stems from inconsistencies in how the numbers are measured. There are many factors that could be affecting this. I like your wording, and am going ahead and changing the text around and moving the references. Amit ► 20:41, 25 August 2010 (UTC)[reply]