Rustock botnet analysis using behavior characteristics of spam mails

The botnet is a collection of compromised computers that have fallen under the control of bot master after being infected by malicious programs such as trojan viruses. The botnets are exploited for various purposes, including distributed denial of service (DDoS), mass spamming and stealing sensitive information. This is the primary security threat on the Internet today. In this paper, we present a method to uncover a specific botnet named Rustock, detect and track its evolution using log records. These include lifetime, distributions of Rustock. We used more than 3.4 billion email records over a period of 4 months and IPs which is infected by Rustock worms.