Spam E-Mail On Holiday: Rustock Botnet Spam Hits Sudden Low


Spam e-mail volumes dropped to a new low over the holiday season, sinking to their lowest levels since the November 2008 shuttering of rogue ISP McColo, Symantec security researchers found.

According to Symantec MessageLabs Intelligence at Symantec Hosted Solutions, the overall amount of spam dropped from roughly 110 billion spam e-mails per day in late October to about 70 billion per day in late December to just more than 30 billion as of Jan. 1, 2011.

"Over the 2010 Christmas holiday, the level of spam in circulation has dropped drastically, Symantec MessageLabs Intelligence wrote in a blog post discussing the drop in spam e-mail over the holiday season. "For example, at the time of writing, the amount of spam hitting our spam honeypots is the lowest it has been since McColo, the rogue ISP, was shut down in November 2008."

But don't pop the bubbly just yet, cautioned Paul Wood, a senior analyst for Symantec MessageLabs Intelligence at Symantec Hosted Solutions. Spam typically takes some time off for holiday cheer.

"We typically have seen a certain decline at the end of the year, at this time of year," Wood said. "And then it usually picks up."

Still, the decline in the amount of spam e-mail this holiday season was staggering, Wood said.

The sharp drop in spam e-mail amounts can be directly attributed to a massive reduction in the amount of spam activity from the Rustock botnet, which is responsible for nearly half of global spam and at its peak sent about 44 billion spam e-mails per day. During the holidays, Rustock botnet spam activity fell to about 0.5 percent of its normal output, meaning it was sending just 500 million spam e-mail messages daily, Wood said. Rustock is responsible mostly for pharmaceutical spam, which tries to lure people to malicious Web sites with the promise of cheap medications.

Adding to the decline is the apparent inactivity from other major botnets such as Lethic and Xarvester.

Wood explained that many spammers use botnets to generate monstrous amounts of spam; by the end of last year roughly 88 percent of all spam was sent by botnets.

Strange, though, is that there is currently no reason why these major botnets, especially Rustock, would stop spamming.

"At the moment, it does seem fairly unexplained," Wood said, adding that to his knowledge there have been no arrests, no takedowns and no technological disruptions that can be attributed to the dramatic drop in spam e-mail activity.

 

NEXT: Not The First Spam E-Mail Slowdown