Spam Plummets To 2009 Levels
Thanks to botnet takedowns and the Spamit shutdown, spam has declined to 79% of all email traffic, says Symantec.
Spam volume has dropped to its lowest volume since March 2009, declining by 3.1% from December 2010 to January 2011, to now comprise 78.6% of all email.
More Security Insights
- Get Actionable Insight with Security Intelligence for Mainframe Environments
- Getting a Grip on Mobile Malware
White PapersMore >>
That finding comes from a Symantec threat intelligence report, released on Tuesday. Notably, the report found that "the volume of spam in circulation in January 2011 was 65.9% lower than for the same period one year ago in January 2010, when the spam rate was 83.9% of all email traffic."
What accounts for the decline in spam volumes?
For starters, said Symantec, three prolific botnets -- Rustock, Xarvester, and Lethic -- simply stopped spamming in December. That was significant since Rustock alone, at its 2010 operational peak, accounted for nearly half of all spam in circulation, sending 44 billion messages per day via more than 1.1 million comprised computers.
Spam also likely declined in December, thanks to a shift in pharmaceutical spam patterns, following the abrupt decision by the administrators of Spamit to shutter their pharmaceutical affiliate selling program -- known for hawking Canadian pharmaceutical companies -- because it was drawing too much attention.
According to Symantec, "the closure of Spamit... in October 2010 may have caught many by surprise, but the reality is that it had likely been winding down its operation for several weeks prior, with affiliates switching to sending spam for other brands, such as Pharmacy Express (not to be confused with the legitimate Pharmacy Express based in New Zealand), one of the most dominant brands found in spam today."
In other words, expect spam volumes to climb again once spammers get up and running with new affiliates. Indeed, according to M86 Security Labs, Spamit was "closely linked to GlavMed, which in turn is responsible for one of the largest and oldest affiliate programs called 'Canadian Pharmacy.'" Despite the name, security researchers believe that GlavMed is based in Russia.
Interestingly, the previous spam volume low point in early 2009 was also driven by the November 2008 closure of a spam-spewing group known as McColo. At its peak, McColo was apparently responsible for circulating 75% of all online spam. But after Internet service providers unplugged McColo's Internet connection, spam levels soon plummeted, albeit temporarily.
Cutting-edge attacks like Stuxnet and Zeus will be the everyday exploits of the future. Here's what you need to know. That and more--including five best practices to improve the budgeting process for security spending--in the debut all-digital issue of Dark Reading. Download the issue now (free registration required).