Spam levels fall: the calm before the storm?

Posted by Emma Woollacott

In a war movie, it's when the enemy goes quiet that you really need to worry. And the same might apply to the news that spam levels seem to have dropped precipitously over the last couple of weeks.

According to Mathew Nisbet, a malware data analyst for Symantec, the level of spam traffic is now running at around 50 billion messages a day - and while this might sound a lot, it's a quarter of what was being pumped out over the summer.

"The main cause of this drop is a from a huge reduction in output from the Rustock botnet, by far the most dominant spam botnet of 2010," says Nisbet.

"Since 25th December, Rustock seems to have all but shut down, with the amount of spam coming from it consistently accounting for below 0.5 percent of all spam worldwide."

In addition, he says, two other botnets - Lethic and Xarvester - have been all but inactive since the end of last year. However other botnets, such as Gheg and Cutwail, seem to be carrying on as usual.

"At present we don't know why these botnets have stopped spamming, perhaps the botnet herders have decided they need a holiday too? Whilst this is an excellent gift over the holiday season for anyone who regularly  uses email, we would not expect the level of spam to stay this low for long," says Nisbet.

"As we saw after the closure of McColo in 2008, and following futher takedown attempts in subsequent years, botnets rarely stay quiet for very long. Even if these three botnets don't come back soon, we would expect other botnets, even new ones, to pick-up where they have left off - very soon."