January 11, 2011

Global Spam On The Rise Again

A recently reported worldwide decline in spam email may only be a short-lived phenomenon, according to researchers.

A network of infected computers used for the production of spam email has started up again after a dormancy of several weeks.

The Rustock botnet mysteriously stopped sending spam emails in early December, resulting in a massive decline of spam. But according to security firm NetWitness, it has restarted its activities on Monday.

Overall spam levels are still below August 2010 levels, when Rustock began winding down its spam production.

The reason for the decline in spam was not immediately known, Alex Cox of NetWitness told BBC News.

Those behind the Rustock botnet do not appear to have made any major strategic changes to their spamming campaigns, he added.

As far as NetWitness can tell, the spammers took a holiday, said Cox. "The people running Rustock are running a business - albeit an illegitimate one - so maybe they needed time off too."

An earlier report said that three of the largest spam networks halted their activity around the holidays. Besides the Rustock botnet's inactivity, there was also limited to no spam production from the Lethic botnet and the Xarvester botnet after December 28 and 31 respectively, according to Symantec Hosted Labs.

At the time of the finding, Paul Wood, a senior analyst at Symantec, told BBC News that "there have been huge drops in spam levels before. Usually they have been associated with the botnets being disrupted. As far as we can tell Rustock is still intact."

Sure enough, Rustock is still intact.

The botnet is now pumping out more than a quarter of all spam circulating worldwide, according to Wood.

On Monday Jan 10 alone, Rustock has sent out an estimated 67 million junk emails, he said. Wood believes the lull in Rustock's activity was not a Christmas break, but rather they likely rented out the botnet to new spammers.

"Previously Rustock was primarily sending out spam related to a group known as the Canadian Pharmacy. The spam we're seeing today is for Pharmacy Express," said Wood. "Besides, a lot of automation exists in the spamming business. They don't need people sat at keyboard to send in out."

But while Rustock had started sending out spam once again, it was too early to say whether it would reach the volumes seen in August -- close to 200 billion messages per day. "It seems to have the capability, but we don't know whether those behind Pharmacy Express wants to reach those levels," Wood told BBC News. 

On the Net: