October spam starts off with a whimper, with declining mail volumes. There's some virus activity, but what is more noteworthy is what we are not seeing.

With the seesawing stock market and the looming U.S. Presidential elections, we expected to see more email subject lines on those topics. While there are a handful of headline-spam instances, it's not anywhere near expected volumes.

Instead of headline spam, there is an increase in messages with generic headlines but with references to current events in the body. The messages are poorly written letters, which discuss a news event and stating the attachment is "without any virus and any other danger." Security vendor Iron Port has also noticed an increase in these types of messages.

A modified version of Nigerian spam was also noted. Instead of a widow or an assistant to some government official, the scams proposing a fund transfer of an obscene amount of money are coming from treasury officials in "Republic of United States" or "Republic of America."

Blocked connections inched down to 88.2 percent yesterday, but it's still higher than the average daily volume for blocked connections. Blocked mail has been consistently four to five percent higher than the average for a few days now.

Spam inched up four percent to make up 11.3 percent of total mail volume. The filters reported less "High" spam, or blatant spam, but more "Medium" -- consistent with past observations that filters are having a harder time separating legitimate URLs from URLs of legitimate sites that host malware sites.

Virus relays came from Czech Republic and Poland. The most active spam relay came from Chile. The most active blocked mail were sent from Russian and Spain. After the past few days with most activity originating in China, this shift to Latin America and Europe is intriguing.

AttackWatch: Oct. 2