Spam Returns With a Vengence After Christmas Lull

Spammers are now back on the case and cranking out spam messages following their Christmas holiday, which saw a notable drop in the daily number of junk emails being sent out globally.

Earlier this month, Symantec said that three botnets, Rustock, Xarvester and Lethic, had effectively either stopped or drastically reduced their activities over the Christmas period.

Paul Wood, senior analyst at Symantec Hosted Services, told eWEEK Europe UK at that time that the main reason for the drop had been the decline of activity from Rustock, a Russian botnet thought to be responsible for around 0.5 percent of spam (100-500 million spams per day) in December. Rustock is normally is responsible for 47 percent to 48 percent of all spam sent globally.

According to Wood, one of the most likely reasons for the halt in operations was the closure of the Spamit.com website in October 2010.

Spam, spam, spam

But it seems that the Christmas break is well and truly over, with the spam lull lasting to Sunday (9 January), when according to Symantec’s malware expert, Matthew Nisbet, Rustock resumed its activities.

“Since around 00:00 (UTC) on January 10, Rustock has resumed activity, and appears set to continue where it left off on December 25 as the biggest source of global spam,” Nisbet wrote on the MessageLabs blog.

“As Rustock has now returned, this means the overall level of spam has increased,” he added. “MessageLabs Intelligence honeypot servers have seen an increase of roughly 98 percent in spam traffic between 00:00 and 10:00 today compared to the same period on January 9. While levels of Rustock output appears marginally lower than before Christmas, we see no reason they won’t reach those previous levels again, bringing global spam levels back up to the approximately 90 percent levels we had become so used to.”

Nisbet also warned that even during the Christmas spam lull, Rustock continued to exercise click fraud, “a profitable activity of using the botnet to simulate a ‘click’ on a web page advertisement, bringing automatic revenue from the advertisers (who charge on a “pay per click” model) to the operators of the botnet.”

Nisbet also said that the Xarvester botnet has now returned, though, as before it shutdown, is sending significantly less spam than Rustock.

“It is too early to say what effect this will have on global spam levels, or if this return is permanent, but at the moment it certainly seems as if the holiday is over and it’s now back to business as usual,” said Symantec’s Nisbet.

USA Tops Spam List

Meanwhile Sophos security expert Graham Cluley also confirmed that spam levels were returning to normal levels.

“Whatever the reason, the dip appears to have been short-lived, as yesterday the amount of spam appearing in the SophosLabs feeds has spiked back up again,” Cluley wrote. “Don’t add to the statistics, do your bit in the fight against spam and don’t allow your computer to become a zombie. Keeping your security patches up-to-date, your anti-virus defences in place and having a good helping of common sense can help avoid your computer from becoming infected, and silently turned into a spam-relay machine for the bad guys.”

Sophos meanwhile has published a new report that highlights the top twelve spam-relaying countries, and once again the United States tops the table, followed by India, Brazil, Russia and the UK.

From October to December 2010, the US was the top spam relaying country (18.83 percent), followed by India (6.88 percent), Brazil (5.04 percent), Russia (4.64 percent) and the UK (4.54 percent).