Declining Volumes Means Spam in Transition

Here’s some good news for any administrator who has cursed spam under their breath: junk mailers appear to be on the run.

Spam volumes have been on the decline for about 18 months, according to a report released last week by IBM. Other spam watchers have estimated that spam flows have dropped from all time highs of 225 billion messages a day to 25 billion.

That’s not to say that spam volumes haven’t declined before. What’s different about this decline, though, is that it seems to be sustained.

A major contributor to those declines, in IBM’s view, has been the takedowns of some large botnets during that period, most notably Microsoft and law enforcement’s seizure of the servers supporting the Rustock botnet and McColo network.

Spam has also been losing its popularity in the Internet underworld, which has become increasingly enamored with viral links and phony antivirus scams.

When those factors are combined with improvements in spam filtering and the exposure of vulnerabilities in the spam value chain, namely that three banks handle 95 percent of the payments for products sold through spam, it’s easy to understand why some electronic junk mailers may be getting discouraged with the state of their industry.

For glass-half-full spammers, though, IBM holds up some trends that could lead to a junk mail revival. They include:

  • Growth of Internet users. More newbies means fresh sheep to fleece with spamming scams, even if only one in 10,000 spam messages reaches an inbox.
  • Growth of devices. Personal computers aren’t the only game in town any more. There are smartphones and tablets at which to aim spam. And unlike many computers, which tend to be on from nine to five, those devices, especially smartphones, are likely to be connected to their networks around the clock.
  • Exploiting second tier apps. While files created by popular programs like Word and Acrobat continue to carry nasty payloads, they can raise flags to an anti-spam system. Infecting a document from an Open Office document, on the other hand could be obscure enough to make it past the gateway guardians.
  • Exploiting IPv6. When any new scheme is launched, it usually has plenty of undocumented features ripe for mischief. The new IP numbering system is such a new scheme. It could open some doors for spammers, especially those who concentrate on foiling IP blocking.
  • Exploiting brand names. The potential of this method is just starting to be recognized by spammers.

In fact, IBM noted, exploiting brand recognition contributed to a revival of image spam in 2011. The images used in the spam are logos from well-known companies.

“The actual purpose of using these logos is to make users click on the provided link—a malware link that infects the user’s machine”, IBM explained.

It added that brand exploitation also contributed to an acceleration in phishing mail volumes during the second half of 2011.

A finding that might be surprising to some is that spammers are increasingly turning to plain text messages to deliver their payloads.

“Spam in plain text makes it even harder for content-based spam detection because there is no fixed feature like a special kind of attachment or suspicious HTML code sequences that can be used to build patterns,” IBM’s X-Force researchers wrote.

In the past, HTML email was viewed with suspicion because most legitimate email was delivered as plain text. That’s not the case anymore, according to IBM.

“There are only a few remaining types of status messages or newsletters that do not use HTML,” it said. “Sooner or later, simple plain text spam as an email characteristic becomes more and more suspicious. Someday it might even be used as a blocking criterion.”

Written by John P Mello Jr

John Mello is a freelance writer who has written about business and technical subjects for more than 25 years. He is frequent contributor to the ECT News Network and his work has appeared in a number of periodicals, including Byte magazine, PC World, Computerworld, CIO magazine and the Boston Globe

1 Comment

  1. Clyde O'maha · April 1, 2012

    The decline of email spam volume does not mean that email spam is not dangerous anymore. In fact, email spam is more dangerous than ever even though they’re not increasing their numbers. This just proves that spammers are more practical now. They are NOT concentrating their effort through numbers. Instead, they’re making email spams with more accuracy to infect.

    What’s the use of sending millions (even billions) of spams when most of them will be filtered and sent directly to junk / spam folders?!!! These spams are useless. And spammers know this dilemma. So they are shifting their strategy like a guerrilla. Send only a small number of email messages BUT with a more destructive effect.

Leave A Reply