Google Finds Spam Volume Bouncing Back

One theory is that spam will continue to be a vector for virus infections and blended-threat attacks, which direct message recipients to infected Web sites.
Spam volume rose 25% in 2008 compared with the amount recorded in 2007, Google said Monday.

"Spam threats rose visibly in 2008, reflecting the overall trend of rising attacks," said Amanda Kleha, a member of the Google message security team, in a blog post. "Even with the drop in November 2008, spam levels climbed 25% over 2007. Our statistics show that the average unprotected user would have received 45,000 spam messages in 2008 (up from 36,000 in 2007). All indicators suggest this trend will continue as virus, malware, and link-based attacks become both more frequent and more ingenious."

The drop in November followed from the closure of McColo, a Web hosting provider that served as much as 75% of the spam circulating at that time.

However, the amount of spam has been rising since then as spammers have moved to rebuild their operations. In a phone interview, Adam Swidler, senior product marketing manager for Google's message security team, said that spam volume has been creeping upward. The McColo takedown forced spammers to upgrade their spam systems, he said, and surviving spammers are more likely to be using more sophisticated technical infrastructure, like botnets.

A report released Monday by Symantec's MessageLabs confirmed that finding. It states that spam levels rose 4.9% since December to 74.6% of all e-mail, close to what it was before McColo closed.

According to Kleha, spam will continue to be a vector for virus infections and blended-threat attacks, which direct message recipients to infected Web sites. Virus volume during the second half of 2008 was six times higher than it was during the first half of last year, she said.

Some of the current strategies that are popular with spammers include sending fake invoices or package-tracking notifications with infected attachments and sending fake news story links that lead to infected Web sites.

Swidler said that fake e-mail alerts are often identical to real ones, with only one link changed to point to a malicious site. For recipients attempting to identify malicious messages, the task is becoming more like finding a needle in a haystack, he said.

For Google, which bought enterprise message security company Postini in 2007, there's an upside to this, however. "More and more, we'll see companies looking to cloud computing to solve the problem," said Swidler.

And if companies look closely enough at cloud computing, they'll see that cybercriminals have beaten them to it. What is a botnet if not a cloud computing service? What's more, cybercriminals also are to find more uses for legitimate services, like Amazon Web Services. Earlier this month in its security predictions for 2009, Websense said it anticipated an increase in the misuse of cloud services, calling them "an attractive target for cybercriminals and spammers to leverage for misuse."

It's not hard to see how that might be the case, given that Google itself was briefly designated the third-worst spam provider because of abuse of its online services.