Botnet Holiday Spam Levels Drop for Christmas

Security researchers say holiday-related spam has been relatively low this year.

Holiday spam just isn't what it used to be.

According to security vendors, the amount of Christmas-related spam has dwindled significantly for 2010. While the end of the year has traditionally been a time for an upsurge in Christmas holiday spam, it now accounts for less than 1 percent of all the spam making the rounds on the Internet, M86 Security Labs reported.

"Holiday/Xmas spam is a non-event this year as far as activity from major botnets is concerned," said Phil Hay, senior threat analyst at M86.

"The major botnets that are left are currently spamming their usual affiliate programs in a typical way, mostly centered around drugs and replicas," he added. "We are seeing very small campaigns from sources that are unknown to us. ... But these cases are minor in the overall scheme of things. On the malware front it's a similar story, with the demise of Bredolab, the amount of spam and malware has drastically reduced, and what is left is not Christmas themed."

Sam Masiello, director of messaging security research for McAfee Labs, noted that while the traditional e-greeting card scams continue to circulate, botnet traffic appears to have dropped during the past five to six weeks.

To be sure, there were a number of takedown operations targeting botnet operators during the year. Law enforcement in Armenia, for example, arrested a man in October on charges of running a botnet of PCs infected with Bredolab, anotorious Trojan downloader. In November, federal authorities picked up a man in Las Vegas linked to the Mega-D botnet.

What little holiday spam McAfee has seen lately has mostly come from the Cutwail and Rustock botnets, which are the two highest spam-sending botnets on the Internet today, Masiello said.

"These e-mails however have not generally contained Christmas or holiday-related subject lines ... and it isn't until you open the e-mail that you are presented with a holiday-related advertisement," he said.

The most prevalent e-mail attachment-based malware observed during the past quarter has been related to e-cards and fake DHL delivery e-mails, he added. The fake DHL delivery spammers appear to release a new campaign on the order of about three to four times per week, he added.

"All in all, it's eerily quiet," Hay said.