Spam volumes have been on the decline for about 18 months, according to a report released last week by IBM. Other spam watchers have estimated that spam flows have dropped from all time highs of 225 billion messages a day to 25 billion.
That’s not to say that spam volumes haven’t declined before. What’s different about this decline, though, is that it seems to be sustained.
A major contributor to those declines, in IBM’s view, has been the takedowns of some large botnets during that period, most notably Microsoft and law enforcement’s seizure of the servers supporting the Rustock botnet and McColo network.
Spam has also been losing its popularity in the Internet underworld, which has become increasingly enamored with viral links and phony antivirus scams.
When those factors are combined with improvements in spam filtering and the exposure of vulnerabilities in the spam value chain, namely that three banks handle 95 percent of the payments for products sold through spam, it’s easy to understand why some electronic junk mailers may be getting discouraged with the state of their industry.
For glass-half-full spammers, though, IBM holds up some trends that could lead to a junk mail revival. They include:
- Growth of Internet users. More newbies means fresh sheep to fleece with spamming scams, even if only one in 10,000 spam messages reaches an inbox.
- Growth of devices. Personal computers aren’t the only game in town any more. There are smartphones and tablets at which to aim spam. And unlike many computers, which tend to be on from nine to five, those devices, especially smartphones, are likely to be connected to their networks around the clock.
- Exploiting second tier apps. While files created by popular programs like Word and Acrobat continue to carry nasty payloads, they can raise flags to an anti-spam system. Infecting a document from an Open Office document, on the other hand could be obscure enough to make it past the gateway guardians.
- Exploiting IPv6. When any new scheme is launched, it usually has plenty of undocumented features ripe for mischief. The new IP numbering system is such a new scheme. It could open some doors for spammers, especially those who concentrate on foiling IP blocking.
- Exploiting brand names. The potential of this method is just starting to be recognized by spammers.
In fact, IBM noted, exploiting brand recognition contributed to a revival of image spam in 2011. The images used in the spam are logos from well-known companies.
“The actual purpose of using these logos is to make users click on the provided link—a malware link that infects the user’s machine”, IBM explained.
It added that brand exploitation also contributed to an acceleration in phishing mail volumes during the second half of 2011.
A finding that might be surprising to some is that spammers are increasingly turning to plain text messages to deliver their payloads.
“Spam in plain text makes it even harder for content-based spam detection because there is no fixed feature like a special kind of attachment or suspicious HTML code sequences that can be used to build patterns,” IBM’s X-Force researchers wrote.
In the past, HTML email was viewed with suspicion because most legitimate email was delivered as plain text. That’s not the case anymore, according to IBM.
“There are only a few remaining types of status messages or newsletters that do not use HTML,” it said. “Sooner or later, simple plain text spam as an email characteristic becomes more and more suspicious. Someday it might even be used as a blocking criterion.”