Looking back at spam in 2009

At the end of last year, it was predicted spam volumes would rise slightly higher than 95 percent in 2009 because of a growing use of botnets. Let’s see if the prediction came true.

In January, France was the most spammed country in the world (83.3 percent of all emails), and virus activity was most pronounced in the UK (1 of every 165.6 emails).
Spam rates continued to increase this period and fully regained levels consistent to spam rates before the McColo take-down; driven by the financial crisis, the most popular spam campaigns included positive salary structure, diploma and education schemes and added scam tactics seeding a new botnet that centered on President Barack Obama’s inauguration.

The exploitation of Valentine’s Day by spammers has become an annual event as advertisers attempt to pawn everything. However, Valentine’s Day also gives spammers the perfect opportunity to spread malware and grow their botnets as optimistic Valentine recipients actually look forward to opening messages from perfect strangers.

This year the Waledec botnet was distributing Valentine’s specific spam with subject lines such as “a Valentine card from a friend” and “you have received a Valentine E-card”. Two other rival spam botnets Donbot and Pushdo have also adopted similar tactics. The Waledec botnet is widely considered by security researchers to be the latest incarnation from the same spam gang that brought us the notorious Storm botnet.

March saw the advent of large scale malicious spam campaigns posing as an email from courier firm DHL, and also of a widespread, malicious spam campaign that use social engineering to customize messages to potential victims’ location.

The first quarter of 2009 statistics: 91 percent of messages were spam, while 1.6 percent, or more than 1.1 million messages, were infected with some type of malware. The U.S. was the leading source of spam, accounting for 11.6 percent of the total, followed by Brazil (11.5 percent) and Romania (5.8 percent), and Twitter has been heavily targeted by cyber-crooks as a platform for launching phishing attacks.

Research findings that reveal spam e-mail is not only a nuisance, but is damaging to the environment and substantially contributes to green house gas emissions, were released in April.

In late 2008, McColo, a major source of online spam, was taken offline and global spam volume dropped 70 percent. The energy saved in the ensuing lull before spammers rebuilt their sending capacity, equated to taking 2.2 million cars off the road that day, proving the impact of the 62 trillion spam e-mails that are sent each year.

In June, the death of Michael Jackson confirmed what we knew already: real or false news about accidents and/or celebrity death hoaxes (Farah Fawcett, Patrick Swayze, Tiger Woods, David Carradine), big international news stories – especially those about tragedies like Katrina or the Concorde crash in Paris – they all make very clickable subjects that are very effectively used by spammers.

In July, Marshal8e6 (now M86 Security) released its bi-annual TRACElabs report detailing the latest spam and exploit levels. Top findings included the Rustock botnet emerging as the dominant force in spam output in 2009, pharmaceutical spam making up 75% of all spam, social networking sites used to spread links leading to malware-infected Web sites and spam and the return to tried spam tactics such as “image spam”. The Rustock and Pushdo botnets continued to be very strong, and second-tier botnets like Grum also increased their output.

July also witnessed some European countries seeing spam levels of over 95%, thanks to automated spam translation techniques.

In August, spam was also linked to DDoS attacks against social networking websites, and fake news were used in spam email alerts that purportedly came from MSNBC, but were in fact rife with malicious links.

Also in August, PandaLabs recorded a 2000 percent increase in the amount of different NDR (non-delivery report) spam messages in circulation, while Sophos has reported a dramatic decrease in the amount of spam emails using PDF file attachments to spread their unwanted messages. Levels of PDF spam have dropped from a high of close to 30 percent of all spam earlier that month, to virtually zero.

September brought interesting news, when MessageLabs unveiled a list of the top U.S. spammed states, with surprising results – the spam capital of the US is Idaho with 93.8 percent of spam.

September was also the month that SPAMfighter unveiled the findings of its first quarterly Community Watch Behavioral Survey, which revealed that 69% of the participants admitted to accidentally opening a spam email, and of those that did, 46% reported doing so only once, while 32% reported doing so at least once a month, 14% at least once a week, and another 7% admitted at least once a day.

In October, a mass mailing that contained a link directing users to a video advert on YouTube was recorded by Kaspersky Lab. “Two years ago spammers used the YouTube name and the promise of interesting videos to lure users to advertising sites. Now the links really do lead to this popular video hosting site which is being used to store unsolicited advertising content,” said Darya Gudkova, Head of Content Analysis & Research at Kaspersky Lab.

Spamming campaigns with combinations of attack vectors have also seen a rise – phishing and malware combos became the order of the day in Q4. See here, here and here.

Well, so far we had one bad news after another, but the events unfolding at the end of the year conspired to lift our moods a little.

At the end of October, a careless spammer revealed (unintentionally, as it seems) the tricks of the trade: 4 files which combined read like a comprehensive spammer manual, and allow us a glimpse into the tactics used by spammers. A day later, Facebook has announced that it has won the court battle against Sanford Wallace, one of the spammers who obtained access to people’s accounts and used them to spam their friends (he was ordered to pay back $711 million).

In November, we witnessed Dennis Yu, the CEO of BlitzLocal (an advertising agency that used to be “in the business of spam”) sharing his thoughts and knowledge about Facebook spamming and advertising.

Finally, in December we were pleasantly surprised by the fine that Lance Atkinson, the Australia-based New Zealander that has been found guilty of organizing a spam ring, was ordered to pay by the US Federal Trade Commission: $16 million.

Even though for now spam is here to stay – it gives us a little hope for next year, don’t you think?