A Rustock-ing Stuffer

January 10th, 2007

Recently I took a look at the Rustock trojan in order to see what the financial motive behind it was. No surprise, as it turns out the motive is spam. Using a sandnet, I injected myself into the botnet - able to capture (and blackhole) a small portion of the spam being sent through the system. And, as with a lot of spam these days, it′s the pump-and-dump kind - spam touting penny stocks to would-be investors.

The specific spam sent by the Rustock botnet a few days ago can be seen at right. The stock being promoted is a penny stock that trades at fractions of a cent on a normal basis. I tracked both the spam and the stock price over the course of a few days, and did a few calculations.

