Spam drops sharply over Christmas

Spam levels declined sharply over the festive period, after falling for the last half of 2010, according to MessageLabs Symantec Hosted Services
Written by Tom Espiner, Contributor

The amount of spam being pumped out by networks of compromised computers dropped sharply over the festive period, according to Symantec.

The security company's subsidiary MessageLabs said the steep drop was in part due to spam coming from the Rustock botnet slowing to a trickle, while two botnets, Lethic and Xarvester, appear to have ceased activity.

"Rustock is sending spam in much-reduced volumes, while the other two botnets have stopped sending spam altogether," MessageLabs intelligence senior analyst Paul Wood told ZDNet UK on Thursday.

Wood said that the last time there was such a significant drop in spam was after the takedown of the McColo ISP in November 2008. However, there did not appear to be any similar events — or any major anti-botnet police operations over the festive period — that could have prompted the recent drop, he added.

Nevertheless, the Rustock botnet dropped from a high of sending 44 billion spam messages per day on average in the last quarter of 2010 to between 100 million and 500 million spam messages per day over the Christmas holidays. Rustock is still involved in other cybercrime operations, including click-through advertising fraud, said Wood.

A drop in spam for Canadian pharmaceutical products contributed to the overall reduction in spam volumes, he added.

Zombie computers
One possible reason for Rustock reining in spam could be that the botnet's controllers are concentrating on other operations, Wood suggested. "The people behind Rustock may be exploring other areas of business," he said.

Symantec expects other botnets to take the place of Rustock, including the Grum botnet, which is noted for sending pharmaceutical spam. While Rustock has between one million and one-and-a-half million zombie computers, and Grum consists of between 300,000 and 450,000 compromised machines, the latter still has the capacity of sending eight billion spam messages per day, according to Wood.

Other security vendors have noted a reduction in the flow of junk emails. For example, Cisco company IronPort has tracked a significant decline in spam levels since July, with average daily levels dropping from 300 billion to under 100 billion items per day in November 2010.

Get the latest technology news and analysis, blogs and reviews delivered directly to your inbox with ZDNet UK's newsletters.
Editorial standards