Security researchers had a nice, quiet beginning to the 2011 year thanks to a significant drop off in spam volumes. But as of this week, that peace is over.
Researchers noticed over the Christmas holiday and into the new year that spam circulation had dropped dramatically - Symantec's MessageLabs Intelligence group reported on January 4 that unwanted email levels were at their lowest since November of 2008, when rogue ISP McColo that had been responsible for a significant portion of global spam was shut down. Researchers are attributing the late December-early January drop to a significant slowdown in spam production by the Rustock botnet, which they called the most dominant spam botnet of 2010.
"Since 25th December, Rustock seems to have all but shut down, with the amount of spam coming from it consistently accounting for below 0.5% of all spam worldwide," reads the MessageLabs Intelligence Blog post. (MessageLabs is owned by Symantec.) The blog post also noted that two other major botnets, Lethic and Xarvester, had quieted down as well.
Researchers didn't know what to attribute this quiet period to, but noted that they didn't believe it would last long. And they were right.
On January 10, MessageLabs Intelligence analysts discovered that Rustock had resumed activity, picking right up where it left off on December 25. MessageLabs Intelligence's honeypot servers - which don't filter inbound mail so that all spam and malware messages sent can be captured and analyzed - saw an increase of about 98 percent in spam traffic from January 9 to January 10, according to another MessageLabs Intelligence blog post.
Currently Rustock is sending mostly spam related to pharmaceuticals, says MessageLabs Intelligence, and analysts believe the botnet is on its way to regain the title of biggest spam producer in the world.