After the dramatic decline in spam levels seen over the holidays, spam now accounts for 78.6 per cent of all email traffic, the lowest rate since March 2009. Results from our January 2011 MessageLabs Intelligence Report have found that spam volumes are 65.9 per cent lower than last year at this time.
During December 25 to January 1, spam volumes decreased from 80.2 billion spam emails per day to 33.5 billion spam emails. We have found two reasons for this dramatic decline – the first being a halt in the spam-sending activities of three botnets, Rustock, Lethic and Xarvester and the second due to unrest among pharmaceutical spam-sending gangs.
In May 2010, pharmaceutical spam peaked with 85 per cent of spam being related to pharmaceutical products. However in January 2011, MessageLabs Intelligence found that pharmaceutical spam accounted for only 59.1 per cent of all spam. The closure of spam affiliate, Spamit, in October was partially responsible for this disruption. The Canadian Pharmacy brand, previously the most prolific pharmaceutical spam brands, disappeared when Spamit shut down.
Spam gangs are likely consolidating and restructuring pharmaceutical spam operations, which also leads to the instability seen in this market. It is expected that we will see more pharmaceutical spam in 2011 as new pharmaceutical spam brands emerge.
It is no secret the major role that botnets play in spamming. In 2010, spam-sending botnets were responsible for as much as 88 per cent of the world’s spam; however this level fell to 77 per cent by the end of the year. Previously, Rustock had been responsible for sending approx. 44.1 billion spam emails each day – making it the single, largest spam-sending botnet. Lethic and Xarvester accounted for less than 0.5 per cent of all spam.
Rustock, Lethic and Xarvester have resumed their spam-sending operations but not at their previous levels. Since its return, Rustock is now responsible for only 17.5 per cent of all spam. The Bagle botnet has replaced Rustock as the largest spam-sending botnet with output at 20 per cent of all spam. However, Rustock still maintains its position as the largest sender of pharmaceutical spam with 80 per cent of its output in January related to pharmaceuticals.
Some other findings from the January 2011 MessageLabs Intelligence Report includes:
Local statistics: In Canada, 78.3 per cent of e-mails were spam and 1 in 212.3 emails contained malware.
Viruses: The global ratio of email-borne viruses in email traffic from new and previously unknown bad sources was one in 364.8 emails (0.274 per cent) in January, a decrease of .03 per centage points since December. In January, 65.1 per cent of email-borne malware contained links to malicious websites, a decrease of 2.5 per centage points since December.
Endpoint threats: Threats against endpoint devices such as laptops, PCs and servers may penetrate an organization in a number of ways, including drive-by attacks from compromised websites, Trojan horses and worms that spread by copying themselves to removable drives. Analysis of the most frequently blocked malware for the last month revealed that the Sality.AE virus was the most prevalent. Sality.AE spreads by infecting executable files and attempts to download potentially malicious files from the Internet.
Phishing: In January, phishing activity was 1 in 409.7 emails (0.244 per cent), an increase of 0.004 per centage points since December.
Web security: Analysis of web security activity shows that 44.1 per cent of malicious domains blocked were new in January, an increase of 7.9 per centage points since December. Additionally, 21.8 per cent of all web-based malware blocked was new in January, a decrease of 3.1 per centage points since last month. MessageLabs Intelligence also identified an average of 2,751 new websites per day harbouring malware and other potentially unwanted programs such as spyware and adware, a decrease of 21.5 per cent since December.
Paul Wood, is a MessageLabs Intelligence Senior Analyst, for Symantec.cloud