"The previous highest period of spam activity was mid-2008," said TRACElabs lead security researcher, Phil Hay. "During the third quarter of 2008, spam volumes declined steadily until a dramatic event occurred on November 11, 2008 with the shut-down of the rogue ISP network, McColo, which had been providing hosting services to some of the largest known spam botnets. Since that time, spam volumes have been climbing back. In June, we saw spam volumes matching the previous highest period from last year and now in July 2009 the spammers have punched through with a wave of spam to set a new record."
Spam output is up across the board from the major spamming botnets. The Rustock and Pushdo botnets continue to be very strong, and second-tier botnets like Grum have also increased their output, helping to push spam volumes to the new high. Phishing activity was also up significantly to 1.4% of all spam by volume; representing a seven-fold increase in phishing activity during the month to July 19. Marshal8e6 attributes the significant majority of phishing activity to the Pushdo botnet. Oddly, only three targeted institutions were the focus of 99.5% of all phishing activity last week " eBay, Comerica and Bank of America.
More than 30% of all spam last week came from Asian countries after Vietnam overtook traditional spam heavyweights China, Turkey and Russia for the first time. However, Brazil continues to dominate the TRACElabs spam statistics with over 15% of all spam, followed by the USA with 10%.
"The spammers are sending a clear message with this renewed spam activity. After the shutdown of another rogue spam ISP, 3FN, in early June this year, spam volumes were temporarily affected with approximately a 15% dip. However, the spammers recovered almost immediately and have been pumping out the spam ever since. The clear message spammers are giving us is that they are unimpeded by the efforts of law enforcement and the security community," commented Hay.
"In fact, you could argue that attempts to disrupt the command and control servers of these spam botnets by closing down their host network providers has merely encouraged the spammers to develop more resilient systems. The spammers have learned much from the shutdown of McColo and have proven this with their almost immediate bounce back after 3FN was disconnected. A more holistic and well planned approach needs to be adopted by law enforcement and the security community working together worldwide to really have a positive and long-lasting impact on reducing spam," said Hay.
More information on the shutdown of the 3FN spam hosting network can be found on the Marshal8e6 TRACElabs website - http://www.marshal8e6.com/trace/i/FTC-Shuts-Down-Rogue-ISP,trace.1003~.asp.
About Marshal8e6 Marshal8e6 is a global provider of Secure Web Gateway (SWG) and email security products. We are the only security company able to provide integrated, reliable and effective enterprise-class multi-layered solutions. Our deep expertise in Web and email allows us to correlate real-time threat intelligence to protect organizations from current and emerging threats. With 20,000 customers and 16 million end users in 96 countries, the company is privately held and based in Orange, California with international headquarters in London and offices worldwide. For more information about Marshal8e6, please visit http://www.marshal8e6.com/.