Botnet shutdowns cause big 2011 spam drop, Symantec finds

Botnet shutdowns have stemmed the Internet spam flood, taking daily message volumes back to levels last seen as long ago as 2006, Symantec has reported in its 2011 Internet Security Threat Report (ISTR).

Worldwide levels are now an average of 75.1 percent of all email traffic, well below 2010’s figure of 88.5 percent and 2009’s 88 percent, but percentages only tell part of the story.

The absolute volume also fell in 2011, down to a still imposing 42 billion messages per day from 2010’s figure of 61.6 billion, Symantec reported.

Comparisons are hard to make across years and different vendors, but Symantec’s Brightmail system (inherited after buying the messaging company in 2004) reported spam numbers of 31 billion per day in 2005 and 61 billion per day in 2006, which remained constant with some fluctuation until the recent drop.

By 2007, botnets took over as the growth engine, replacing compromised servers and relays that had been the predominant vehicle in preceding years. Since then, the battle against spam has really become a battle against botnets, which in 2011 distributed 81 percent of all spam.

Tellingly, the major reason for the drop in spam during 2011 was the downing of the large Rustock botnet by US authorities in March 2011, believed to have infected at least 1.6 million PCs.

In the weeks after Rustock’s demise, spam volumes fell from 51 billion per day to under 32 billion, an unprecedented fall that echoed similar falls after the destruction of a previous botnet, Srizbi, in the weeks after rogue host McColo was shut down in November 2008.

The positive effect of this action on spam levels proved the ‘McColo contention’, namely that nuisance and malevolent messaging could be baten back with focused legal and physical actions against the command and control servers used to direct bot operations. Not long before, security experts might have mroe pessimistic about such actions having an lasting impression.

Despite the image of spam as a means of spreading phishing attacks, in Symantec’s estimation an astonishing 73 percent is motivated by only three subjects, pharamaceuticals, watches/jewellery and dating. Scams, frauds and Nigerian 419s account for only 1.8 percent, despite having a negative effect out of proportion to their relatively low prevalence.

Numerous vendors have reported drops in spam levels over the last two years but Symantec’s importance is simply the size of its detection capability, which includes the company’s ‘Probe Network’ of 5 million decoy accounts, its Skeptic cloud system and 50-million customer installed base.

What remains unknown is how much of the remaining spam gets through to the inboxes of users. Anecdotal evidence would suggest it is now a small percentage athough with tens of billions of spam messages being sent each day, only a handful need to sneak through to cause serious nuisance.

Previous ArticleNext Article

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.


The free newsletter covering the top industry headlines