Email spam - an old-fashioned technique?
Introduction
Several organizations, which monitor the email spam situation around the world, have reported that the amount of spam decined significantly during the end of 2010. This led to some speculation regarding whether email spam as a technique was being abandoned, and newer ways of tricking users were upcoming and preferred.
This is the topic for discussion and speculation in this security article.
Some background information
Email spam - or unsolicited email messages - started to be a nuisance in the early 1990s, and soon grew to be a major problem. In fact, during the first decade of this millennium, the amount of email spam was estimated to be as high as around 90% of all email messages sent over the Internet.
This of course, is a major concern for legitimate users of email, and may even threaten email as a communication device, which was the topic in our security article "The death of a killer application?" in May 2009.
Lots of antispam applications have been developed to stop spam for reaching the end users. Our own Norman Antispam, Norman Email Protection and Norman Online Protection are three examples among several. The battle between the spammers and the antispam vendors is ongoing, and spammers are constantly looking at new ways to circumvent the increasingly advanced antispam algorithms.
Significant reduction in the volume of spam has happened when major players have been removed, as reported in our security article in November 2008. The McColo network - said to be the originator of 75% or all spam - was then taken down and the volume of spam dropped siginificantly. After some time, howver, the volume again increased to the same level.
The last weeks of 2010 and the beginning of 2011
During the last weeks of 2010 several organizations that monitor the volume of spam, reported that it again dropped. Some stated that the volume was as low as 25% of the August 2010 level.
This image from Norman's online spam filtering also shows how the spam volume decreased:
(If you are interested in observing the spam volume in real time you can check our live statistics.)
The reason seems to be that some big players in "the spam industry", in particular the Rustock botnet, reduced their email spam activity drastically. Rustock resumed its activity again 10 January 2011.
Speculations
As far as we have been able to find out, none has been able to come up with any single explanation for this drop in spam during (a long) holiday season. Some speculations are worth mentioning:
- Those who use the Rustock botnet switched their focus from email spam to using the botnet for pay-per-click fraud.
- The users of the Rustock botnet took a vacation.
- The users having computers infected by Rustock bots took a vacation.
- Spam abusers switched their focus from email spam to spam through social media like Facebook and Twitter.
Speculation 3 above is substantiated by the fact that lots of infected computers presumably belong to schools and universities, both of which are closed during holiday. This seems like a probable explanation, even though it is difficult to understand that this can explain the total decline.
Most likely the reason for the substantial decline in spam during the holiday is a combination of the abovementioned (in addition to other?).
It is true that the amount of spam targeting social media has increasing recently. We predict that this trend will continue, and even increase, as the techniques used are getting more and more sophisticated, similar to what was observed with email spam.
On the other hand, as long as there is (easy) money to be made from traditional email spam, there is no reason to assume that this will disappear.
As we have stated in other security articles, cybercrime has been getting increasingly similar to legitimate businesses: The goal is to optimize the profit - as long as no alternative uses of "the means of production" are more lucrative, email spam will continue.
