After a short cooling-off period driven by the highly publicized shutdown of shady hosting provider McColo, spam levels rose back to the same, if not higher levels than they had achieved before the incident, according to researchers with Google’s Postini division.
By the second half of March, seven-day average spam volume was at the same volume last seen prior to the McColo takedown in November 2008, the company said.
“Spammers have clearly rallied following the McColo takedown, and overall spam volume growth during Q1 2009 was the strongest it’s been since early 2008, increasing an average of 1.2 percent per day. To put that number into context, the growth rate of spam volume in Q1 2008 was approximately 1 percent per day – which, at the time, was a record high,” Postini experts said in a blog post.
As with every year before it, 2008 established new highs for overall spam volumes. After a relatively flat summer and a steep dropoff after McColo, activity seems to have ramped anew, but it remains hard to tell what the rest of this year will bring, the experts maintain.
“It’s difficult to ascertain exactly how spammers have rebuilt in the wake of McColo, but data suggests they’re adopting new strategies to avoid a McColo-type takedown from occurring again,” writes Google-Postini’s Amanda Kleha.
The recent takeoff in spam could indicate that attackers are filling out new botnets “that are more robust but send less volume,” Kleha said.
Another possibility is that attackers are trying to keep the lid on newer botnets to evade detection and have been running at far below full-power, according to the researcher.
In overall spam trends, “location-based spam” which is focused on luring users in a certain geographic area continued to rise in popularity over the course of Q1. Most of the attacks customize themselves to the specific location of certain users by determining the geolocation of the user’s source IP and then identifying the nearest major city and tailoring attack themes to match.
“The addition of location creates a heightened level of interest, and the user is tempted to click on the embedded video – which in turn downloads a virus to his or her machine,” said Kleha in the blog.
As other spam trackers have noted, subject line themes related to the ongoing financial recession were a major trend in the quarter, Postini noted.
“Spammers continue to prove their resilience — whether it’s bouncing back from the biggest takedown on record or finding new ways to exploit the ways we communicate for malicious purposes, they’re clearly here to stay,” said the researcher.
Did anyone really think that stopping one little ISP would really slow down the decades-long spam epidemic?
Well, we could hope it might, couldn’t we?
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.