By Vineetha Menon
A rundown of the latest spam trends, news and activities
E-mail users were given a breather earlier last month when spam levels dropped to historic lows due to the shutdown of McColo.com, suspected of hosting a large number of botnet control systems.
Measured by Symantec, there was a 65% drop in traffic compared to just 24 hours before the McColo.com shutdown.
The incident brought many interesting findings to light – the fact that shutting down a single hosting company could have such a large impact on overall spam volume and botnets, while quite robust, are still hit hard when a critical command-and-control station link is lost.
The battle is not over though as a recent spike in the volume of spam has prompted Symantec to predict that normal spam activity will presume.
During the spikes, the percentage of spam messages containing the text/HTML content type mime part went back to 55% of all spam, compared to just 34% immediately after the McColo takedown.
The URLs in these spam messages contained hundreds of domains that used the Chinese top-level domain (.cn TLD). All of the name servers were hosted on either the same IP addresses as the domains, or additional IP addresses also located in China.
Now with the festive season upon us, spammers are using Christmas to entice victims. Some of the most common e-mail subject lines include – Best Sales 2008!, Spend Less This Christmas, A Really Good Gift and Christmas Specials. It’s no wonder then that product related messages represented 18% of the overall spam categories this month.
Last year, 52% of all spam was image spam but it slowly declined to more acceptable levels. Now it looks like it’s making a comeback with recent surges in spam messages using very large images.
Taking into account image spam alone, Symantec observed 13% had a message size of more than 100 KB, while nearly 58% averaged between 10 – 15 KB in size. This could potentially pose a great risk to unprotected mail infrastructures.
But spammers are not just focusing on just the holiday season either. After the Burma cyclone and earthquake in China, the spam technique of using tragic news and events to lure unsuspecting users made a triumphant return when spammers used the recent terrorist attacks in Mumbai for their own selfish gains.
While thousands followed the events that unfolded in India round the clock, constantly checking for updates, spammers sent out messages with subject lines referring to the Mumbai attacks. Once opened, the content displayed offers for medication.
Despite the termination of several command centers with the McColo.com shutdown, new ones will eventually creep up followed by targeted and sophisticated spam campaigns. Spammers are not going to give up the fight….but neither will we.