Spam levels have recovered from the November takedown of Internet Service Provider McColo with vigor and are set to be at pre-McColo levels over the next month, a Google Message Security report found.
Since November, spam has continued to grow 156 percent. And in light of spam's rapid upward growth, experts at Google Message Security, powered by Postini, anticipate that spam is likely to reach pre-McColo levels within the next three to five weeks.
Spam levels dropped an unprecedented 70 to 80 percent following the November takedown of the McColo ISP, which provided second-generation command and control centers for botnets. The ISP was disconnected by upstream providers when it came to light that McColo housed numerous child pornography and malware-hosting Web sites.
"We actually saw a major drop as a result of [the takedown of] service provider McColo," said Adam Swidler, senior product manager for Google Message Security. "But one thing that's interesting is that it appears as though the spammers are reseeding the botnets to replace what they lost in the McColo takedown."
In 2008, spammers were able to successfully distribute malware by tricking users into opening e-mails containing infected attachments or links by impersonating legitimate notifications from legitimate businesses -- a ploy that resulted in a six-fold spike in spam during the last half of the year. Experts say that some of the most popular social engineering tactics exploited the presidential election and the failing economy, with offers from low interest home loans to new lines of credit.
Attackers also sent phony news alerts via e-mail containing links to malicious Web sites hosting a virus or Trojan downloader. And Postini researchers said that another popular method of attack was fooling the spam filters by spoofing users' addresses and then sending spam messages out to numerous inboxes. Undeliverable spam would then be sent back to the user, who would become infected by opening the returned e-mail. These and other tactics led to a sharp spike in spam in April and May of 2008, Swidler said.
"That drove that all-time high," Swidler said. "It's unclear whether we're going to get to that level again. But certainly we're going to see volumes creep back up."
While spam is still down overall, levels have recovered with a 156 percent growth rate as spammers regroup and reconnect with new service providers, experts say.
Looking ahead to 2009, researchers say that the viruses attached to e-mails and incorporated in blended attacks will continue to threaten networks and anticipate that attackers will continue to develop malware designed to avoid spam filters and signature detection.
"The spammers have clearly demonstrated sophisticated ability to mutate the viruses and malware," Swidler said. As a result, many vendors will roll out solutions with non-signature based malware and virus-detection capabilities, he said.
And in light of the weak economy and shrinking IT budgets, Swidler said that many users, especially smaller businesses with limited resources, will transition standard IT security functions to a Software-as-a-Service model in order to cut costs and ease burdens for IT staff.
And eventually spam levels will plateau in 2009, but not before taking an upswing in the next few months as spammers retool to send out more technologically sophisticated and targeted spam attacks, Swidler said.
"Before the takedown, over 90 percent of e-mail was spam and viruses," Swidler said. "There's little room for them to go. Ultimately it probably will level off in some way.
