Statistics from Google show that the volume of spam has reached the same level as prior to the shutdown of notorious Web hosting company McColo in November 2008. Symantec's MessageLabs and other security vendors have noted the spam recovery as well.
Spammers are officially back in full force five months after
the shutdown of Web hosting company McColo.
According to Google,
spammers have fully recovered from the death of the
notorious Web hosting firm. By the second half of this March, the seven-day
spam volume was the same as before McColo shutdown. Symantec's
spammers actually got their groove back in February, and noted in its quarterly
intelligence report that one in every 1.32 e-mails is spam.
Either way, it seems botnet operators may have wised up since
November and changed tactics.
"It's difficult to ascertain exactly how spammers have rebuilt in the
wake of McColo, but data suggests they're adopting
to avoid a McColo-type takedown from occurring again,"
blogged Amanda Kleha of the Google security and archiving team.
"Specifically, the recent upward trajectory of spam could indicate that
spammers are building botnets that are more robust but send less volume-or at
least that they haven't enabled their botnets to run at full capacity because
they're wary of exposing a new ISP as a target."
to Google, overall spam volume
jumped an average of 1.2 percent per day
during the first quarter of 2009, and increasingly spammers are adding geolocation
capabilities into the mix.
Waledac has been no small part of this, as the
botnet blasted out e-mails earlier in March that falsely claimed the
recipient's city or area was victimized by a terrorist attack. In that case,
the e-mails provided a link to a fake Reuters news site with malware. The
attack customized the location by determining the geolocation of the IP address
of the victim's machine.
"Location-based spam is the latest technique being used by 'bad guys'
to increase the likelihood that an unsuspecting victim will not only read their
message, but will actually click one of the links in the message,"
explained Tal Golan, president and CTO
of e-mail security company Sendio. "This new methodology is the next
salvo in the spam arms race, but is really just an extension of the 'social
engineering' threat vector that has become so popular and effective in the last
Officials at Webroot said while true location targeting is difficult to do
well, it has shown itself to be an effective method of attack.
"What we are dealing with here is a blended threat combining the use of
Web and e-mail to carry out a sophisticated attack," said Gerhard
Eschelbeck, CTO of Webroot Software.
"The concept of customizing relevance is quite familiar from the 'spear
phishing' attacks from recent years, and has proven an effective method to
increase success rates of attacks."