Latest Postini spam stats show the post-McColo calm is over
Google's Postini service regrets to inform us that after just over four months, the spam drop we saw in the wake of November's McColo takedown has been erased by a new, smarter breed of spam technology. The company released an overview of the relevant numbers in a blog post Tuesday morning.
Postini, which handles spam-blocking services for over 15 million business users across 50,000 companies, has been watching traffic climb back from the McColo drop since it happened, at one point estimating that spam traffic would return to normal in February. And the first one-day traffic spikes did indeed start to equal previous numbers right around then. But last week was the first time the service has seen those levels sustained over seven full days. In addition, the rate of increase is remarkable, with spam traffic growing by 1.2% each day during the first quarter of the year.
(Those numbers, by the way, work out to approximately 94% of all Postini-monitored e-mail traffic qualifying as spam.)
And that, by the way, was probably the last really big single-event drop in spam traffic you're likely to see. In the aftermath of McColo, according to Postini product marketing manager Adam Swidler, spammers began to shift from the earlier command-and-control botnet structure to a more peer-to-peer approach. "There's less likely to be another big takedown," says Swidler, simply because the bottlenecks don't exist to be targeted now.
So... now what? The spammers are back to what looks like full strength, but do we know its full strength? the report suggests that "the recent upward trajectory of spam could indicate that spammers are building botnets that are more robust but send less volume -- or at least that they haven't enabled their botnets to run at full capacity because they're wary of exposing a new ISP as a target." In other words, there's no guarantee that since things are back to what used to be normal, they'll remain at those levels.
"It's hard to predict whether we can expect a continued rise [in spam] versus a leveling out; there's some potential either way," says Swidler. He says that it's likely that the spammers have rebuilt to current levels because they need those levels to sustain their business models, but without knowing what those business models might be, it's hard for the legit guys to make predictions.
Meanwhile, inside the spam, Postini spots one new trend and one reversion to an old tactic. The new stuff is location-based spam, which personalizes the pitch to the recipient's geographic area. Usually such messages claim that there's been some sort of terrible event in the recipient's region or area and offers a link to video documenting the problem. Once the user clicks, the attack reduces to a familiar model -- the page he's clicked to claims that a different video player is needed and offers to download and install it; the "player" is malware. The location data is drawn from IP-address lookout and is testament, Swidler says, to the increasing sophistication of social engineering in spam-based attacks.
And the other? Believe it or not, Postini's seem a recent nine-fold increase in payload viruses -- yes, just sending an infected file along in e-mail. So, recapping, we're plunging into the future with location-based spam, we've traveled back to November 2008 in terms of spam levels, and malware-infected e-mail's taking us back to the olden days. Is there anything those crazy spammers can't do?