The volume of spam surged in November to an average of 85 billion messages a day during two periods, IronPort says.
Spam volume soared another 35% in November, an e-mail security vendor said Thursday, and the month saw spam tactics that reduced the efficiency of traditional anti-spam filters.
"There's been a huge increase in spam volume," says David Mayer, a product manager at IronPort Systems, "from 31 billion spams a day on average in October 2005 to 63 billion in October 2006. But in November, we saw two surges that averaged 85 billion messages a day, one from Nov. 13 to 22, the other from Nov. 26 to 28.
"The October-to-November increase is higher than any other month we've measured," Mayer says.
Like other anti-spam vendors, IronPort puts the blame on a surge in botnet use, the increased use of image-based spam, and a rapid rise in the number of URLs registered by spammers. That combination, along with profit-driven innovation, has dramatically changed the spam landscape in 2006, said IronPort, which released its annual trend report earlier this week.
But other trends are at work, says Mayer, including spammers picking up hacker techniques and applying them to the junk mail business.
Spammers are using malware development tactics such as trying out new strains of spam in limited quantities to gauge how effective they are against filters, then sending out huge quantities only when they're sure a good number will slip through defenses.
"They're doing test runs to see what the returns are," says Mayer, "and to see how many messages bounce back from invalid addresses. Only then will they send out the [spam] blast."
Scammers have been able to turn up the spam volume because of the seemingly limitless number of systems vulnerable to hijack, using an individual bot for only hours to send out large quantities of spam, then discarding that PC to move on to another. The volume, along with the constant tweaking they give to their messages, means that at times traditional rule- or blacklist-based anti-spam defenses can be overwhelmed.
In mid-November, for instance, IronPort monitored a new, large-scale spam attack that dropped filter efficacy by more than 10 percentage points, letting millions of messages through to in-boxes.
"It's a reaction gap," says Mayer. "It takes time for vendors to respond and come up with appropriate rules, but with their distributed [botnet] networks, spammers can send a huge attack in a matter of hours. It takes time for anti-spam solutions to catch up with the attack."
IronPort's appliances, Mayer added, can close that gap: the company can update rules as often as 12 times an hour, and if necessary -- because of a completely unknown form of spam, for example -- update the core scanning engine remotely as well. "Anti-spam needs to be very responsive," he says.
Even though December spam volumes have stayed at November's numbers, Mayer expects that 2007 will be a tough one for anti-spam vendors and end users alike. "There's a realistic probability that volumes will increase," Mayer says. "It's a game of economics; there's a lot of money to be made and [thus] a lot of innovation on their part.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.