In a security blog posting made yesterday evening, Nisbet says that, over Christmas, the Rustock botnet went quiet and "why this happened, we don't know but what we do know is that global spam levels dropped massively as a result."
MessageLabs Intelligence analysts, he noted, did not expect this respite to last, and sadly they were right, he says.
According to Nisbet, since midnight on January 9, Rustock has resumed its activities, and appears set to continue where it left off on December 25 as the biggest source of global spam.
Inevitably, says the Symantec researcher, as Rustock has now returned, this means the overall level of spam has increased.
MessageLabs Intelligence honeypot servers, he adds, have seen an increase of roughly 98% in spam traffic between 00:00 and 10:00 yesterday compared with the same period a day earlier.
"While levels of Rustock output appears marginally lower than before Christmas, we see no reason they won't reach those previous levels again, bringing global spam levels back up to the approximately 90% levels we had become so used to", he said.
Nisbet notes that, during the lull in spam, Rustock continued to exercise click fraud, a profitable activity of using the botnet to simulate a "click" on a web page advertisement, bringing automatic revenue from the advertisers to the operators of the botnet.
This resurgence in Rustock is apparently resulting in a large volume of pharma spam, compounded by the apparent resurrection of the Xarvester botnet.
"It is too early to say what effect this will have on global spam levels, or if this return is permanent, but at the moment it certainly seems as if the holiday is over and it's now back to business as usual", he said.