After a spike of Valentine- and recession-themed spam at the beginning of the month, February's spam rate finished slightly lower than January's. And though the shutdown of McColo last November made a serious dent in the overall volume, several botnets have been stepping up to fill the void.
Spam is an annoying but constant reality for e-mail users, and February did little to change that fact. According to the latest malware report from MessageLabs Intelligence, the beginning of the month saw a spike in spam—it reached as much as 79.5 percent of e-mail traffic—before settling down to an average of 73.3 percent for the month as a whole.
The spike was due to a heavy dose of Valentine's Day-related spam messages, most of which linked to sites selling male "enhancement" products. One particular botnet, Cutwail, was responsible for 6.5 percent of all spam, the majority of which promised to "make this Valentine’s Day the most memorable ever."
MessageLabs also identified a trend in recession-themed spam—"Money is tight, times are hard," or "Cheaper than you could imagine"—which used search engine links to get past spam filters. Essentially, the spam e-mails would contain query links to a legitimate, though unidentified, "major search engine." The query contained a target domain name, and the trick relied on the fact that this particular search engine will forward searches for a domain name that has not yet been indexed to that domain. Search engine redirects are not new; they were a significant problem early last year, but search engines have for the most part eliminated the type of automatic redirects that originally made them an effective spam technique.
The good news is that February's 73.3 percent spam rate was lower than the 74.6 percent recorded in January. The bad news is that several large botnets are beginning to increase spam volume since the McColo shutdown last November resulted in a significant drop in spam traffic. Spam was running at about 80 percent of e-mail prior to the shutdown of that shady ISP; it dropped to about 68 percent afterwards. The overall trend that seems to be emerging, though, is a gradual recovery in spam volume.
MessageLabs identified Cutwail as the largest botnet, as it maintains about one million bot machines at any given time. A new botnet, Donbot, is already second in size to Cutwail. A third, Mega-D, is responsible for nearly 40 percent of spam despite being only half the size of Cutwail. Surges of spam from the Cutwail, Xarvester, and Rustock botnets were responsible for the large spike at the beginning of the month.
Because the successful click-though rate on spam emails is decreasing, spammers need to send out larger volumes of spam to remain profitable. This month's spike shows that it requires little effort on spammers' part to push that volume up. Thankfully, filtering technology at the level of ISPs and individual clients keeps most of the spam from ever being seen by an end-user, even when three-quarters of all e-mail traffic is spam. Still, botnets continue to be a significant problem, clogging our inboxes and taking up valuable resources on ISPs' mail servers through the spam they generate.
Source: ars technica