Spam Levels Drop 47 Percent Since August: Symantec Report

Major takedowns of the Zeus cyber crime ring, spamit.com and the Bredolab botnet have led to a sharp decrease in spam. But while spam levels continue to drop, phishing is on the increase, with attacks that are leveraging the holidays and social networking sites to distribute malware.

These and other trends were highlighted in the Symantec October State of Spam and Phishing Report, released Wednesday.

Most notably, spam volumes continue to experience an overall decline in a downward trend noticed in September. In October, global spam volume decreased by 22.5 percent from September, and declined 47 percent since August.

Security experts say that the steady decline could be attributed, in part, to the takedown of the Zeus cyber ring as well as the recent shuddering of spamit.com. Meanwhile, Netherlands officials have also recently disconnected a multitude of servers associated with the Bredolab botnet, rendering it almost ineffective.

"We've seen a pretty steep decline. We had several legal actions taken recently. Those events altogether kind of had an upset in spam levels. It's hard to pinpoint," said Eric Park, Symantec abuse desk analyst.

Subsequently, the aggressive effort to fight the spam rings and botnets accounted for the overall percentage of spam in October to comprise 86.6 percent of all e-mails, representing the lowest percentage since September 2009, Symantec experts said.

Park said that the downward trend appears to be continuing into the holiday seasons, although not as rapidly. Spam levels appeared to have stabilized in November, but remain about 5 to 6 percent down from October, he said.

However, that will likely change. Park said that spam levels will probably return to where they were prior to the numerous takedowns, possibly within the next six months.

"It will definitely turn around and make an upswing. At the same time, we're not going to see a big spike upward," he said.

While spam levels took a bit of a dip, phishing attacks appeared to undergo incremental increases. Overall, phishing slightly increased by about 0.3 percent in October, primarily attributed to the proliferation of automated toolkit attacks. Websites created by phishing toolkits increased by 41 percent.

Park said the rise in phising attacks is directly related to the recent takedowns of botnets and drop in spam volumes. "These guys lost a big chuck of their army," Park said. "They want to rebuild and come back at full strength by getting malware installed and infecting these computers."

Phishing Websites with IP domains increased by about 58 percent, while Web hosting services comprised 14 percent of all phishing, representing a rise of 24 percent from September to October. About 89 free Web hosting services were used to host nearly 81 percent of all phishing on social media.

The number of phishing attacks on social media, such as Facebook and Twitter, increased by about 80 percent in October compared to the previous month. One popular phishing attack impersonated the security service from the social networking site. The scam prompted users to provide login credentials in order to access the site.

Next: Spammers Jump On Holiday Bandwagon

In addition, spammers have already embarked on their holiday spam campaigns. Attacks leveraging the holiday buying frenzy include replicas and online pharmacy solicitations as well as traditional 419 scams. Symantec also noticed an infusion of 8-part Russian spam, complete with Cyrillic lettering, which used a fragmentation technique to evade spam filters.

"We're seeing a shift over the past 12 to 24 months to lower spam volumes and more targeted attacks," Park said. "They take their time. Instead of sending the same message to 100 million people, they really come after you with critical information."