Spam Levels Largely Unaffected by Botnet Takedown


About a month ago the infamous Grum botnet was brought to its knees. The massive
botnet was responsible for  1/6 of all the spam hawking fake Viagra and other such drugs. You’d think the take down would have sent spam levels plummeting and be considered a great victory in the fight against spam, right?


Spam levels haven’t waivered a bit, and less than a week later spam levels had returned to pre-takedown levels. Security experts say it’s likely a group of smaller botnets has taken over. These days size doesn’t seem to matter to spammers, in fact it can be a hindrance. Large botnets are easier to trace and blacklist than smaller ones. The more difficult a botnet is to trace, the easier and faster it can bounce back after a takedown attempt.

Spammers now rely on command and control servers scattered among IPs around the world so that if one block is taken off line, there are plenty of others waiting to take over. While spam levels have dropped since 2008, it doesn’t mean spam is going away. It just means spammers have begun valuing quality over quantity. They craft carefully targeted campaigns now instead of just flinging a wide net and hoping to snare a few unsuspecting recipients.  They are even crafting spam messages in perfect English and with formatting that makes them look incredibly legit, knowing that badly formatted messages riddled with grammar and spelling errors are a red flag and more and more likely to end up in a junk folder.

Spam is here to stay, and we’ve got to keep one step ahead of increasingly sophisticated spamming techniques.

Written by Sue Walsh


  1. Dan Jackson · September 4, 2012

    Spammers aren’t idiots and they do have redundancy. They can’t be taken by surprise that easily. I was laughing when reports of botnets taken down were proclaimed as a big victory and the end of spam. You take one down, ten popup to replace it – pretty straightforward!

  2. Alberto Rodriguez · September 10, 2012

    @Dan, it is so obvious that these spammers are too damn ready for any kind of take down. Besides, the techniques these so-called authorities and spam busters have been using are the same thing they have used over and over. Simply put, they’ve become more predictable. Since the method doesn’t work anymore, wouldn’t it make more sense if we start looking for something else, you know, shock and awe, something that can give us a huge lead time? This way, by the time they attack again, we’ll be the ones who are prepared since we’ve made the most of the time gap.

Leave A Reply