Overall, the Google Postini spam report indicated that spam growth during the first quarter of 2009 was the strongest it had been in more than a year, increasing an average of 1.2 percent a day. The 2009 growth represented a slight increase over the first quarter of 2008, in which spam volume increased at a slightly slower rate of 1 percent per day.
Spam levels continued to rise steadily in 2008 before taking a nosedive in November of that year following the takedown of ISP McColo. Upstream providers disconnected from McColo after a security report emerged indicating that the ISP was reputed to host phishing, child pornography and malware sites.
Meanwhile, data suggest that spammers are adopting new strategies to prevent future McColo-type takedowns that would permanently disconnect them from their upstream providers. Specifically, the report states that recent spam trends indicate that spammers are building botnets that are more sophisticated but send out diminished total quantities of spam.
The most significant development in spam was the appearance of location-based spam, in which users click on an embedded link in a message and are subsequently directed to a Web site that contains a phony news headline describing a crisis or disaster in a major nearby city.
The attack, which appears legitimate due to its specificity, actually customizes the user's location by determining the user's source IP and then identifying the nearest major city. The phishing messages will often lure users with news of an area that has relevance to their home town and will often contain a video or malicious link that the user is instructed to open. However, once opened, the downloader will often contain malicious code designed to steal sensitive information and record keystrokes.
In addition, spammers are continuing to send out messages capitalizing on the weak economy, the credit crisis, widespread layoffs and resume help services. Spam also spiked near the presidential inauguration and St. Patrick's Day -- major news events and holidays that historically have generated higher-than-average Web traffic.
In malware trends, payload viruses -- spam messages with attached viruses -- have experienced a nine-fold increase between February and March 2009, according to the report. Google researchers say that one explanation for the uptick could be that spammers resorted to payload viruses after finding limited success with other kinds of targeted attacks.
In addition, viruses delivered from blended attacks -- phishing messages sent via e-mail, which then redirect users to a malicious Web site to download malware -- were also on the rise. E-cards, in particular, were a popular vehicle in blended threats, especially during Valentine's Day this year, when users were more likely to open e-cards and other attachments sent from unknown sources.