Bucking some reports to the contrary, which find spam levels incrementally increasing over time, MessageLabs' latest research paper claims that unsolicited e-mail dropped noticeably during Q3 2008, driven in part by the shutdown of a nefarious ISP.
Despite the fact that the MessageLabs Intelligence Report for September/third quarter 2008 aligns the lowered volumes of spam observed during the timeframe directly to the shuttering of shady California-based ISP Intercage on Sept. 20, researchers predicted that the noticeable slowdown would likely be temporary as the holiday season gets into swing and scammers again seek to use those themes to lure end users.
However, getting crimeware and spam-friendly ISPs like Intercage taken offline is an important step, MessageLabs experts said.
"Addresses on Intercage's network range were being used to host command and control channels for botnets," Mark Sunner, chief security analyst at the messaging security specialist said in a report summary. "In disrupting these botnets, the level of spam activity toward the end of September was severely impaired. But we don't expect this dip to last long. This time of year is notorious for increased levels of spam activity as spammers ramp up for the holiday season."
Overall, the company's research group found that the global ratio of spam traffic from previously unknown sources reached 70.1 percent (1 in 1.43 e-mails) of all e-mail in September, a decrease of 8.1 percent compared to the previous month. Spam levels for Q3 2008 decreased by 1.1 percent compared to Q2, and were at similar levels to Q4 2007.
In another positive sign, MessageLabs filtering technologies found that corporate gateways were blocking a higher rate of unsolicited e-mails and questionable Web sites than ever before.
In terms of stopping employees from accessing potentially dangerous or unsavory URLs, and porn in particular, MessageLabs said that most such traffic is being blocked during traditional lunch hours, or between 11am and 1pm.
"Adult and sexually explicit Web content accounted for 1.7 percent of all Web-based content blocked in September," Sunner said. "This is a sign that organizations have caught on to the dangers of the Web and are doing their part to deploy services that will protect their business from Web threats while also maintaining employee productivity and maintaining acceptable use policies."
In the world of message-based malware threats, MessageLabs reported that over 45 percent of the infection-laden e-mails it filtered represented newly-created attacks. The company found an average of 3,660 new malware-distributing sites per day representing, an increase of 22.8 percent for September when compared to August.
MessageLabs estimated that the worldwide ratio of e-mail-borne malware programs distributed by new sources was 1 in 131.7 e-mails (.76 percent) in September, a decrease of .4 percent compared to August. Some 6.3 percent of e-mail-borne malware contained links to malicious sites during the month, a decline of 11.3 percent compared to August.
Overall malware levels for Q3 2008 were at their highest level since Q3 2007 and at similar levels to Q3 2006, the company said.
Phishers were busy during September, according to the report, as the month saw a .16 percent gain in the proportion of such attacks, compared with the previous month.
One in 288.1 (0.35 percent) of all e-mails intercepted by the researchers harbored some form of phishing attack during the month. However, compared to other threats including Trojans and botnets, the sheer number of phishing e-mails decreased by 29 percent to 45.7 percent of all message-based attacks tracked in September.
Phishing levels for Q3 2008 were at their lowest level since Q2 2006 and have continued to diminish since the beginning of this year, based on the company's numbers.
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.