Spam returns to business as usual

No botnet innovations after extended Yule-tide break

Spam levels have resumed after a precipitous drop in December, but without the innovations security specialists had feared might be imminent.

In December, spam levels declined dramatically and continued at relatively minuscule levels from 25 December 2010 to 9 January 2011. The security community speculated that this might be because the criminal gangs behind the botnets and the spammers who are their clients were thinking up new schemes.

But spam levels bounced back overnight on 10 January with no sign of a change in tactics. An increase of about 98 per cent in volume has pushed spam back up to ‘normal’ levels – some 90 per cent of all traffic.

This was mostly down to the activity of Rustock, the world’s biggest botnet, output from which plunged after a late splurge on 24 December.

Security researchers say the decline and resumption of spam may be due to a temporary lack of clients for Rustock.

“No one will send out spam if they are not being paid for it,” Paul Wood, senior analyst with Symantec Hosted Services, told Computing.

Rustock’s main client, Spamit.com, the outfit behind notorious spammer the Canadian Pharmacy, announced it was ceasing operations in October.

“Rustok has resumed activity now, sending out spam from the Pharmacy Express,” said Wood.

The resumption of business as usual for spammers means spam is probably still a money-spinner for both the spammers and the botnets, said Wood.

“Even if a tiny percentage of spam is acted on spammers are still making money,” he said.

Botnets like Rustock will play an increasing role in click fraud and harvesting data for ID fraud and money laundering, he warned.