{
	"id": "71374d8f-10d9-41cc-bb2d-2d87a947d37a",
	"created_at": "2026-04-06T00:18:02.753538Z",
	"updated_at": "2026-04-10T03:21:19.588846Z",
	"deleted_at": null,
	"sha1_hash": "5e8862b7b7fba203ac2787e050a4d83a3b3fe877",
	"title": "Spam Botnets – Darknet Diaries",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 187926,
	"plain_text": "Spam Botnets – Darknet Diaries\r\nArchived: 2026-04-05 18:43:28 UTC\r\nFull Transcript\r\nThis episode tells the stories of some of the worlds biggest spamming botnets. We’ll talk about the botnets Rustock,\r\nWaledac, and Cutwail. We’ll discover who was behind them, what their objectives were, and what their fate was.\r\nSupport for this show comes from Juniper Networks. Juniper Networks is dedicated to simplifying network operations and\r\ndriving superior experiences for end users. Visit juniper.net/darknet to learn more about how Juniper Secure Edge can help\r\nyou keep your remote workforce seamlessly secure wherever they are.\r\nSupport for this podcast comes from Cybereason. Cybereason reverses the attacker’s advantage and puts the power back in\r\nthe defender’s hands. End cyber attacks. From endpoints to everywhere. Learn more at Cybereason.com/darknet.\r\nView all active sponsors.\r\nSources\r\nhttps://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/samosseikovb2009paper.pdf?la=en.pdf?\r\ndl=true\r\nhttps://cseweb.ucsd.edu/~apitsill/papers/UsenixSec12.pdf\r\nhttps://www.pandasecurity.com/mediacenter/security/what-is-a-botnet/\r\nhttps://www.cyber.nj.gov/threat-center/threat-profiles/botnet-variants/cutwail\r\nhttps://krebsonsecurity.com/tag/0bulk-psyche-evolution/\r\nhttps://www.researchgate.net/publication/284219242_Master_of_Puppets_Analyzing_And_Attacking_A_Botnet_For_Fun_And_Profit\r\nhttps://www.wired.co.uk/article/infoporn-rise-and-fall-of-uks-biggest-spammer\r\nhttps://www.trendmicro.co.uk/media/wp/botnet-chronicles-whitepaper-en.pdf\r\nhttps://www.nominet.uk/the-cutwail-spam-delivery-service/\r\nhttps://krebsonsecurity.com/2012/01/pharma-wars-google-the-cutwail-botmaster/\r\nhttps://www.researchgate.net/publication/228415809_The_Underground_Economy_of_Spam_A_Botmaster’s_Perspective_of_Coordin\r\nScale_Spam_Campaigns\r\nhttps://slate.com/technology/2014/11/spam-nation-meet-the-russian-cybercrooks-behind-the-digital-threats-in-your-inbox.html\r\nhttps://www.networkworld.com/article/2260053/experts-link-flood-of–canadian-pharmacy–spam-to-russian-botnet-criminals.html\r\nhttps://darknetdiaries.com/episode/110/\r\nPage 1 of 4\n\nhttps://www.m86security.com/newsimages/trace/m86_labs_report_jan2010.pdf\r\nhttps://www.ftc.gov/news-events/press-releases/2009/06/ftc-shuts-down-notorious-rogue-internet-service-provider-3fn\r\nhttps://www.theregister.com/2011/03/23/rustock_takedown_analysis/\r\nhttps://en.wikipedia.org/wiki/Rustock_botnet\r\nhttps://www.fireeye.com/blog/threat-research/2010/10/silent-rustock.html\r\nhttps://www.wsj.com/articles/BL-DGB-22173\r\nhttps://arstechnica.com/information-technology/2011/03/how-operation-b107-decapitated-the-rustock-botnet/\r\nhttps://shop.sourcebooks.com/spam-nation.html\r\nhttps://phys.org/news/2012-08-usenix.html\r\nhttps://www.politico.com/magazine/story/2014/12/pharma-spam-113562\r\nhttps://securelist.com/the-botnet-business/36209/\r\nhttps://www.wired.com/2006/08/spamking/\r\nhttps://www.wuwm.com/post/how-feud-between-two-russian-companies-fueled-spam-nation\r\nhttps://www.bloomberg.com/quicktake/drug-prices\r\nhttps://www.theatlantic.com/entertainment/archive/2018/03/20-years-of-viagra/556343/#:~:text=Formally%20approved%20by%20the%20Food,aired%20during%20mass%2Dtelevised%20sporting\r\nhttp://www0.cs.ucl.ac.uk/staff/g.stringhini/papers/saito_botnet.pdf\r\nhttps://www.secureworks.com/research/pushdo\r\nhttps://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/CUTWAIL\r\nhttps://www.techrepublic.com/blog/it-security/pushdo-cutwail-botnet-second-to-none-when-it-comes-to-spamming/\r\nhttps://www.darkreading.com/attacks-breaches/which-botnet-is-worst-report-offers-new-perspective-on-spam-growth/d/d-id/1132055?\r\nhttps://krebsonsecurity.com/2012/02/whos-behind-the-worlds-largest-spam-botnet/#more-13518\r\nhttp://cseweb.ucsd.edu/~savage/papers/Oakland11.pdf\r\nhttps://www.techrepublic.com/article/spam-nation-cybercrime-and-spam-are-far-bigger-security-threats-than-you-think/\r\nhttps://securelist.com/spam-report-june-2011/36375/\r\nhttps://www.csoonline.com/article/2123967/botnets–4-reasons-it-s-getting-harder-to-find-and-fight-them.html\r\nhttp://www.bbc.co.uk/news/mobile/technology-15776973\r\nhttps://www.darkreading.com/risk/inside-one-of-the-worlds-biggest-botnets/d/d-id/1135416\r\nhttps://www.darkreading.com/attacks-breaches/major-disruption-of-pushdo-botnet-wasnt-the-original-goal/d/d-id/1134253\r\nhttps://www.researchgate.net/publication/224110468_Malware_authors_don’t_learn_and_that’s_good/download\r\nhttps://www.secureworks.com/research/waledac-kelihos-botnet-takeover\r\nhttps://www.fireeye.com/blog/threat-research/2009/06/killing-the-beast.html\r\nhttps://www.fireeye.com/blog/threat-research/2012/07/killing-the-beast-part-5.html\r\nhttps://www.wired.com/story/what-is-sinkholing/\r\nhttp://news.bbc.co.uk/1/hi/business/6298641.stm\r\nhttps://doi.org/10.2147/DHPS.S46232\r\nhttps://threatpost.com/waledac-botnet-now-completely-crippled-experts-say-031610/73694/\r\nhttps://docs.microsoft.com/en-us/archive/blogs/microsoft_on_the_issues/cracking-down-on-botnets\r\nhttps://blogs.microsoft.com/blog/2010/09/08/r-i-p-waledac-undoing-the-damage-of-a-botnet/\r\nhttps://blogs.microsoft.com/on-the-issues/2011/03/17/taking-down-botnets-microsoft-and-the-rustock-botnet/\r\nhttps://www.crn.com/news/security/223100744/microsoft-takes-down-277-waledac-botnet-domains.htm?itc=refresh\r\nhttps://www.wsj.com/articles/SB10001424052748704240004575086523786147014\r\nhttps://www.ucl.ac.uk/jill-dando-institute/sites/jill-dando-institute/files/harvesters-asiaccs2014.pdf\r\nhttps://www.fireeye.com/blog/threat-research/2010/08/infiltrating-pushdo-part-2-2.html\r\nhttps://www.fireeye.com/blog/threat-research/2010/08/chasing-cncs-part1.html\r\nhttps://www.fireeye.com/blog/threat-research/2008/11/rustocks-new-home.html\r\nhttps://www.fireeye.com/blog/threat-research/2008/11/mccolo-up-again.html\r\nhttps://www.theregister.com/2011/06/27/chronopay_arrests/\r\nhttps://krebsonsecurity.com/2013/08/pavel-vrublevsky-sentenced-to-2-5-years/\r\nhttps://www.theregister.com/2014/06/04/hacker_hired_to_build_russias_national_payment_system_report/\r\nhttps://www.nytimes.com/2010/10/27/business/27spam.html\r\nhttps://darknetdiaries.com/episode/110/\r\nPage 2 of 4\n\nhttps://www.forbes.ru/sp_data/2014/sex_drugs_and_rockn_roll/#gl_1\r\nhttps://www.cnews.ru/news/top/spamer_1_schitaetchto_ego_travit\r\nhttps://safe.cnews.ru/news/top/russkaya_spamset_glavmed_zarabotala\r\nhttps://www.fda.gov/inspections-compliance-enforcement-and-criminal-investigations/warning-letters/rx-partners-09192017\r\nhttps://www.fda.gov/inspections-compliance-enforcement-and-criminal-investigations/warning-letters/glavmed-09192017\r\nhttps://www.fda.gov/inspections-compliance-enforcement-and-criminal-investigations/warning-letters/rx-partners-06082015\r\nhttp://www.symantec.com/connect/blogs/recent-drop-global-spam-volumes-what-happened\r\nhttps://www.washingtonpost.com/wp-dyn/content/article/2008/11/12/AR2008111200658.html\r\nhttps://www.wired.com/2017/04/fbi-took-russias-spam-king-massive-botnet/\r\nhttps://www.justice.gov/opa/pr/russian-national-who-operated-kelihos-botnet-pleads-guilty-fraud-conspiracy-computer-crime\r\nhttps://nabp.pharmacy/wp-content/uploads/2020/05/Rogue-Rx-Activity-Report-May-2020.pdf\r\nhttps://www.safemedicines.org/2020/06/nabp-fake-pharmacies-and-covid-19.html\r\nVideos:\r\nBringing Down a Spam King: The Rustock Botnet Takedown\r\nWhat is a Botnet?\r\nBlackHat 2011 - Affiliate Programs: Legitimate Business or Fueling Cybercrime ?\r\nBlackHat 2011 – The Rustock Botnet Takedown, Operation B107\r\nWorld Business: Botnets – 01/04/2011\r\nTaking Down the Waledac Botnet: The Story of Operation b49\r\nInterpol Operation Pangea 2012 Video Report\r\nLab Matters - The State of Spam\r\nLab Matters - The Ups and Downs of Mitigating Botnets\r\nLab Matters – The threat from P2P botnets\r\n24C3 Cybercrime 2.0 [Storm Botnet]\r\nFDA to CNN Many online pharmacies selling fake medicine\r\nFake Prescription Drugs are Dangerous\r\nIs Your Online Pharmacy Safe\r\nCheaper Rx Drugs Are As Close As Canada\r\nFake Online Pharmacies for COVID-wild\r\nAttribution\r\nDarknet Diaries is created by Jack Rhysider.\r\nSound design by Garrett Tiedemann.\r\nEpisode artwork by odibagas.\r\nAudio cleanup by Proximity Sound.\r\nTheme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it\r\non Spotify.\r\nEquipment\r\nRecording equipment used this episode was the Shure SM7B, Zoom Podtrak P4, Sony MDR7506 headphones, and\r\nHindenburg audio editor.\r\nTranscript\r\n[START OF RECORDING]\r\nhttps://darknetdiaries.com/episode/110/\r\nPage 3 of 4\n\nJACK: I grew up in the US, close to my grandma. She was old and needed medicine, and often she’d buy her medicine in\r\nMexico. I have many fond memories of taking an all-day road trip to Mexico, getting across the border, trying to find la\r\nfarmacia, hoping we’d get the right medicine there, figuring out a way to get it back over the border, and then driving home.\r\nThe thing is, here in the US, medicine is crazy expensive, so making the trip down to Mexico for medicine was worth it to\r\nus. [MUSIC] My grandma was just someone looking for deals and trying to save money. But this is a common story I’ve\r\nheard from other people in the US, too. Yeah, it’s often illegal to do this, because the US doesn’t want people importing\r\ndrugs that aren’t FDA-approved, but still, people do it. But then, another option landed on the table; pharmacies began to\r\nappear online. Suddenly, you could order your medicines from your computer and get it delivered right to your front door,\r\nand that changed everything.\r\nRead Full Transcript\r\nPrevious Episode Next Episode\r\nSource: https://darknetdiaries.com/episode/110/\r\nhttps://darknetdiaries.com/episode/110/\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"https://darknetdiaries.com/episode/110/"
	],
	"report_names": [
		"110"
	],
	"threat_actors": [],
	"ts_created_at": 1775434682,
	"ts_updated_at": 1775791279,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/5e8862b7b7fba203ac2787e050a4d83a3b3fe877.pdf",
		"text": "https://archive.orkl.eu/5e8862b7b7fba203ac2787e050a4d83a3b3fe877.txt",
		"img": "https://archive.orkl.eu/5e8862b7b7fba203ac2787e050a4d83a3b3fe877.jpg"
	}
}