First I should explain what a botnet is. A botnet is a network of computers that have all been infected and are now controlled by on group of criminals. So when your computer becomes infected on of the things that can happen is it will start to log into a remote server sitting and waiting for instructions. These infected computers are then used for anything from mailing spam to taking part in multinational DDos blackmail attacks.
Yesterday the Rustock botnet work was dealt a major blow, the networks spam output dropped from 2000 spam messages a second to just 2. No one knows who attacked the network or why.
While this is somewhat good news for everyone’s inboxes, there are still countless computers worldwide infected and trying to rejoin the botnet. This is most likely just a temporary blow as the network has amazingly complex ways of repairing itself.
It may yet be too soon to celebrate the takedown of the world’s largest spam botnet. For one thing, PCs that were infected with Rustock prior to this action remain infected, only they are now somewhat lost, like sheep without a shepherd. In previous takedowns, such as those executed against the Srizbi botnet, the botmasters have been able to regain control over their herds of infected PCs using a complex algorithm built into the malware that generates a random but unique Web site domain name that the bots would be instructed to check for new instructions and software updates from its authors. Using such a system, the botmaster needs only to register one of these Web site names in order to resume sending updates to and controlling the herd of infected computers.