Symantec: Rustock Botnet Responsible for 40 Percent of Spam
One reason for the decrease in infected computers could be the fact that the botnet has stopped using TLS (Transport Layer Security). In March, spam encrypted by Rustock using TLS jumped from 35 percent to 77 percent. The report says:
It would seem that the botnet controllers, especially those behind Rustock, have perhaps realized that the use of TLS gave them little or no discernible benefits and instead impeded their sending capacity owing to the additional bandwidth and processing overhead needed for TLS.