2008 spam lessons learned: “Stop the guns, not just the bullets”
Marshal8e6, a provider of web and email security products, released its TRACE report for the second half of 2008 which finds that while global spam volumes continued to increase, Internet security providers and law enforcement efforts demonstrated that significant disruption to spam volumes can be achieved by going after the perpetrators.
Specifically, the Marshal8e6 Spam Volume Index or SVI, which tracks the volume of spam received by a representative bundle of worldwide domains, showed that spam volumes rose strongly in 2008 with global spam volume exceeding 150 billion messages per day at its peak.
Then, on November 11, a Web hosting provider named McColo, which was hosting the servers that controlled several major botnets – networks of computers set up to forward spam or viruses to other computers – was disconnected from the Internet. Spam literally dropped by over 50 percent overnight as these botnets became effectively disabled. Spam volumes in mid-November were at the lowest levels seen since mid-2007. Volumes increased again in December as some botnets came back on stream and others gained extra business.
Marshal8e6’s comprehensive TRACE (“Threat Research and Content Engineering”) Labs report, based on analysis compiled by security analysts in spam, phishing, web exploits and malware, finds that spam remains a huge problem for enterprises. Not only does spam consume valuable network resources, it remains a popular conduit for the distribution of malware, phishing and scams.
At its peak, the report estimates that global spam volume exceeded 150 billion messages per day in 2008. Organizations typically report that spam represents anywhere from 75-95 percent of their inbound email. The Marshal8e6 report also identifies the three key botnets responsible for 75 percent of spam as of the end of 2008. The report points out that the McColo shutdown disrupted three major botnets, Srizbi, Rustock and Mega-D. Srizbi, which was the most active at the time, has effectively remained inoperative ever since. Although spam volumes have started to recover, they remain at a level slightly more than half of what they were prior to November.