Forgot your password?
typodupeerror
Security Spam IT

Spam Volume Spikes After Holiday Respite 55

Posted by CmdrTaco
from the eggs-bacon-sausage-and dept.
Trailrunner7 writes "The amount of spam hitting users' inboxes fell off a cliff in late December, with many security experts attributing the decline to the sudden disappearance of the Rustock botnet and other networks from the spam business. But the level of spam has begun to gain back some of the ground it lost today as other spammers have taken up the slack. Researchers say that after the sudden drop-off in spam volumes, things stayed fairly quiet for a time, but now it seems that other spammers have picked up where Rustock and the other spamming operations left off. The volume of spam took a big jump upward in the last 24 hours, according to researchers at Websense. The volume of spam hasn't made it all the way back to the levels of the last few months of 2010, but it seems to be on the way."
This discussion has been archived. No new comments can be posted.

Spam Volume Spikes After Holiday Respite

Comments Filter:
  • by Dan East (318230)

    I haven't noticed a spike in email spam, but my blog (which gets like 20 hits a day) has been getting a lot of spam comments over the last several days. Probably not a coincidence.

  • Frequency of Spam (Score:5, Interesting)

    by ackthpt (218170) on Tuesday January 11, 2011 @06:23PM (#34841862) Homepage Journal

    I've watched it for years - typically when schools are closed for breaks the spam drops off considerably. Once students return to classrooms it comes back with a vengeance.

    The only conclusion I can draw is that schools have labs and servers which are the main hosts for delivering spam. With labs shut down the spam engines are off-line.

    • That, and the students' own systems. Most non-CS students aren't going to be at anything other than "normal end-user" levels of savvy--and apparently normal end-users actually buy stuff from spam, because it keeps coming, and it keeps being popular.
      • It's mostly the student's personal systems.

        Many beginning CS students today actually fall under the category of normal end user. These days, a lot more people come to college to learn a trade, not to advance their knowledge. I've seen many come into CS with absolutely no background in computers, other than running a web browser, word processor, or game. Too many fall into this category now so they've started offering even more remedial computer classes that include taking apart a computer to see what's i

    • I'd be inclined to blame student machines on university networks. Machines in labs are usually supervised by at least one competent admin, but these days most universities have WiFi and wired network connections for all of the students. A typical unsecured Windows machine on an asymmetric connection behind a NAT isn't nearly as much of a problem as that same machine on a public IP with a GigE connection to the Internet (I'm not sure what speed I could get on campus, but my hard disk was the bottleneck on
      • by Tim C (15259)

        Not only that but in universities the lab machines will probably still be in use by the research groups/post-grads, and even if not they may well not be powered down over the holidays anyway.

    • The conclusion I would draw is that students send more emails during school.

      You know, the kind with terrible spelling and grammer like

      hey bb i w2 ttyl aftr clss k?

      which no doubt registers as a false positive spam email hitting the inbox.

    • The only conclusion I can draw is that schools have labs and servers which are the main hosts for delivering spam. With labs shut down the spam engines are off-line.

      From my experience the computer labs at most colleges are managed fairly well, they don't tend to end up compromised often.

      Remember now that most college kids these days live in dorms, and they have their own PCs on the colleges high-speed internet connection in those dorms. It's more likely that when the college kids return to their dorms they boot their (infected) Windows PCs back up and they are again running 24/7. Same kids likely didn't use their PCs much while they were at home for the holidays.

  • The spammers were shut-down, and then they came back. Wow. I never could have predicted that. /end sarcasm. Maybe governments should just give-up the idea that they can silence speech, and find some other way to deal with it (filtering). Which is pretty much what we've always done (if I don't want to hear a politician speaking, I just walk away until his voice can't be heard).

    • by blair1q (305137)

      You do have a right not to be harrassed, no matter the media. The government can't stop someone from speaking to someone who wants to hear what they're saying, but it can stop them from speaking to someone who doesn't want to hear what they're saying, if that doesn't also interfere with speaking to people who do want to hear. And it can treat commercial and political speech differently.

      Spammers know they're breaking the law by harassing random people with random commercial messages they don't want to get.

      • Email hardly qualifies as harassment, especially since it is so easily ignored (don't click on it) (and/or filter it to a spam folder).

        • by DamonHD (794830)

          That's simply nonsense.

          I get tens of thousands of SPAMs each day (last time I counted) which take significant system resources to deal with the initial filtering of and quite considerable extra time on my part to deal with what is left. Time that I might like to spend, say, with my children, or working on business projects. Real opportunity costs as well as resource costs. And repeated unwanted approaches from people I've asked to leave me alone sure feels like harassment (including big legit companies t

    • by nigelo (30096)

      ...if I don't want to hear a politician speaking, I just walk away until his voice can't be heard).

      Now if only that worked with certain /. users, or am I overlooking the tool that allows that sort of filtering?

      • > ...am I overlooking the tool that allows that sort of filtering?

        Good question. My newsreader has a killfile. Would be nice to have one here.

        • by Zak3056 (69287)

          Good question. My newsreader has a killfile. Would be nice to have one here.

          Add the user to your foes list, and set your modifier for foes to -6, and your threshold to some value greater than or equal to 0?

          • by nigelo (30096)

            Yep. Got it.
            Thanks.

            Note: Thresholds are adjusted by clicking on the score shown next to the Subject of a comment, and *not* by visiting your preferences, where there is no option to adjust thresholds.

    • by melikamp (631205)
      I agree. Spam is forever and fighting it by shutting down spammers will accomplish nothing, even on the medium run. The amount of spam is rigidly capped from below by the presence of netizens who will follow ANY instructions on the belief that they are ordering a cheap aphrodisiac. The only way to get rid of spam is to get rid of stupid people, but that won't do, since they are also the foundation of the modern democracy. I kid, I kid :) Seriously though, we will always have our stupid people, and therefore
    • What? Are you comparing ripping people off with fake viagra to free speech?
      if (yes) {you=moron};
      else {Please elaborate};
  • by noidentity (188756) on Tuesday January 11, 2011 @06:26PM (#34841884)
    The headline and summary repeat the point way too many times:

    1. Spam Volume Spikes After Holiday Respite

    2. The amount of spam hitting users' inboxes fell off a cliff in late December, with many security experts attributing the decline to the sudden disappearance of the Rustock botnet and other networks from the spam business. But the level of spam has begun to gain back some of the ground it lost today as other spammers have taken up the slack.

    3. Researchers say that after the sudden drop-off in spam volumes, things stayed fairly quiet for a time, but now it seems that other spammers have picked up where Rustock and the other spamming operations left off.

    4. The volume of spam took a big jump upward in the last 24 hours, according to researchers at Websense. The volume of spam hasn't made it all the way back to the levels of the last few months of 2010, but it seems to be on the way.

    • by Anonymous Coward

      The headline and summary repeat the point way too many times:

      1. Spam Volume Spikes After Holiday Respite

      2. The amount of spam hitting users' inboxes fell off a cliff in late December, with many security experts attributing the decline to the sudden disappearance of the Rustock botnet and other networks from the spam business. But the level of spam has begun to gain back some of the ground it lost today as other spammers have taken up the slack.

      3. Researchers say that after the sudden drop-off in spam volumes, things stayed fairly quiet for a time, but now it seems that other spammers have picked up where Rustock and the other spamming operations left off.

      4. The volume of spam took a big jump upward in the last 24 hours, according to researchers at Websense. The volume of spam hasn't made it all the way back to the levels of the last few months of 2010, but it seems to be on the way.

      Not only is it redundant, but it's wrong... "But the level of spam has begun to gain back some of the ground it lost today as other spammers have taken up the slack." When the spam volume dropped, very specific spams stopped. Those spam messages are showing up again, and the volume reflects the overall change in spam traffic.

  • by sirdude (578412) on Tuesday January 11, 2011 @06:36PM (#34841976)
    Every now and then, I trawl through my gmail spam folder looking for false positives. These sojourns also serve to give me an idea of the amount of spam and type of spam that's floating around. When a botnet goes down, my spam levels go down to around 2000 and odd. When the botnets are supposedly back, they tend to return to the 5000 level. What I've noticed in the last few months however, is the significant number of invalid spam e-mails - those with no subject and no sender name or sender e-mail address. These are by far the most common type of message in my spam folder at the moment and I was wondering wtf was going on. I know spammers suck. But do they now also suck at spam?
    • by SomeJoel (1061138) on Tuesday January 11, 2011 @06:43PM (#34842042)
      I can think of 3 possible answers, in decreasing likelihood:
      1) They didn't type in the right parameters into the script they're running.

      2) They are not wasting cycles populating the messages until they verify that the messages will actually be delivered.

      3) The empty messages are used by the botnet controllers to show potential customers how effective their botnets are, similar to "Your ad here!" billboards.
      • 4) The empty messages are used to mess with anti-spam solutions.

        However, I think most of the time it's a combination of 1 and 2.

  • by Khopesh (112447) on Tuesday January 11, 2011 @06:40PM (#34842012) Homepage Journal

    (alphabetically)

    SANS Internet Storm Center [sans.edu] (I can't get the graph working, ymmv)
    SenderBase [senderbase.org]
    SpamCop [spamcop.net] (a feed to SenderBase)
    Symantec [symantec.com]
    ThreatPost (TFA) [threatpost.com]
    Websense Monthly reports [websense.com] (December not yet available, Websense is TFA's source)

    An observation: spammers celebrate holidays too; it's hard to recover from a series of shutdowns while dealing with family affairs. I hope their holidays were joyful and full of lasting distractions...

  • Getting about half as much as ever since mid last-year. And I don't know why, but 9/10ths of the spam I get now is in Spanish, much of it from South America.

  • by millisa (151093) on Tuesday January 11, 2011 @07:04PM (#34842258)

    I hadn't looked at one of the bigger mail setups I manage and was surprised to see it wasn't all fluff.

    Spam levels are about 1/6th of this time last year [arcadium.org]
    (The 'rejected' are mostly sqlgrey bounces which kills most the spam. The extra grey on the tips is the spam getting through to the actual scanners which looks about the same).

    • Between greylisting, filtering out dynamic ips and some sanity checks with postfix there isn't really much spam getting through. So little in fact that I have stopped scanning email content which means absolutely no false positives.
  • I made a bet (which I have now lost) that spam volumes would rise to their pre-xmas levels by Jan. 13th. This was in response to the numerous news items that popped up in newspapers such as the Guardian and New York Times back on Jan. 5th or so.

    The reason I felt confident in that wager is because in Russia, Orthodox Christmas takes place on January 7th [ source [russian-crafts.com]].

    Looks like our Russian friends just got back a little earlier than expected. This happens every January. You can practically set your watch by it (i

  • Work work work.

    Sometimes you just need a break, you know?

  • After Christmas is usually when I find I need to 'satisfy my woman'.

    It also helps if I can afford next Christmas, so I also need to 'recover millions of dollars from the Nigerian government'.

    • by gmhowell (26755)

      After Christmas is usually when I find I need to 'satisfy my woman'.

      Sorry dude. After hitting it the other 364 days of the year, I thought I should be nice and let you get in on her once.

  • Anyone who actually expected the volume to stay down either doesn't know whats going on here, or was deliberately trying to fool themselves. Sure every once in a while something will happen that will cause a downward tick in the spam delivery rates. But in the end the rate always comes back up.

    We need to ask ourselves why this is - and the answer is fairly simple.

    It's the economy, stupid. People aren't sending out spam to piss you off (as much as you might like to think so). They are sending out spam to make money. And as long as there is money to be made by sending out spam, there will continue to be spam. We all know how obscenely little money it costs to send out email - hence the profit margins can be huge even when the payment is rather small.

    Hence the only way to stop spam is to go after the motivation - the money. If you can distance the spammers from their money, they will lose the incentive to send spam. As long as that incentive remains, so does the spam. We can dismantle botnets, make more filters, or even dismember spammers themselves. None of that is worth a damn as long as there is money to be made. Even when spammers have been murdered it didn't matter because there is always someone else who wants a cut of the action and is willing to pick up where the last guy left off.
  • Yes, there was a holiday period dip, as usual. What is different is the longer term (12 month) view
    http://www.senderbase.org/home/detail_spam_volume?displayed=last18months&action=&screen=&order= [senderbase.org]

    June 2010 . . . . . 339 Billion/day average
    December 2010 . . 92 Billion/day average
    December 2009 . .205 Billion/day average
    So comparing December with the 2010 peak, or comparing December year to year, there is a huge decrease in the last quarter on 2010.

    The steady decline from September to
  • My organization expects NO legitimate mail from characters in these locations.

    Therefore we use the following : http://www.okean.com/thegoods.html [okean.com]

    in addition to other spam-filtering practices.

    Props to the guy for maintaining this.

    • by tlhIngan (30335)

      I'm trying to find a way to devise a high-bit recipe for my procmail rules. I get a lot of spam in foreign languages, so a first-cut pass by eliminating emails outside of the ASCII character set (0-127, remember) would cut down my spam volume by more than 70% or so.

      Won't help those who use languages with no representation outside of ASCII, but since I don't read the other languages, it would be great for me. Especially since I'm somehow getting inundated with spam to russian sounding email addresses on my d

      • by Karellen (104380)

        It would also filter any legitimate email mentioning prices in £, € or ¥ (do friends ever email you telling you how cheap/expensive things were on holiday?), or containing smart quotes like “ and ” (do friends have email clients which insert these?) or the occasional useful mathematical symbol like ±, ×, ÷ (do you know maths geeks?), or if they make fun of Overly® Protected Products© (do you know anyone prone to humorous hyperbole?), or talking about M

  • The level of spam did fall off a cliff, but what replaced it is the most aggressive posting spam efforts I've seen. And no, this has little to do with American household PC's. It is a very widespread Ukranian controlled botnet based on the range of IP addresses coming from Ukraine.

    Of course most everywhere else in the world as well, but from US IP addresses they are mostly server range addresses. (in other words, very little consumer broadband addresses involved and instead proxy addresses, server host comp

    • This more or less reflects what I have been seeing (on a low volume private mail server) but the dropoff for me started around late October with connections staying at relatively normal levels but the amount of spam coming in falling to almost zero.

      Curiosity (i.e. tcpdump) turned up the reason - what looked like a spammer 'template typo' that was causing emails to fail relatively silently with a protocol error, so they never got far enough to be counted as anything. It looks like they have fixed it now and

1 Mole = 007 Secret Agents

Working...