After a lull in the fourth quarter of 2010, spam appears to be back in full force, according to reports from both Websense, Commtouch and Symantec Corp.Spam volume was up 45% in the first half of January after diving in Q4 according to a Commtouch spam report.
Reports show the recently dormant Waledac botnet has awakened, and is currently busy pushing out pharmaceuticals. Rustock, which inexplicably disappeared on December 25 and is the world’s largest botnet according to Symantec research, has made a resurgence as well.
After blocking 198 billion spam messages a day in the third quarter, 2010, Commtouch said spam levels in Q4 dropped to 142 billion messages a day, with pharmaceutical spam accounting for 42% of all spam. Commtouch further reports that Q4 saw an integration of new and vintage spam methods. Google’s cache service was exploited by hidden fonts combined with Twitter subject lines and links. There was also a return of ASCII art spam.
In the case of Waledac, Web security firm Websense said the spam-spewing botnet took an unexpected nine day vacation in January, lasting from the 4th to the 13th. In recent days, Waledec has resumed spamming out phony e-greeting card messages and is now using legitimate sites that have been compromised to redirect its victims to pharmaceutical spam sites. The sites appear to be non-malicious for the time being, but Websense warns that can change quickly if the people running Waledac decide to increase the size of their botnet.
On January 10, the Rustock botnet also became active again, following a coordinated take down that security experts had attributed to the drop in spam volume in Q4. With its reappearance came an increase in the occurrence of worldwide spam. Symantec reported a 98% increase in spam traffic from that of the previous day. As usual, Rustock continues to send out emails peddling pharmaceuticals. Spam levels are slightly lower than those before Christmas, but Symantec researchers speculate spam levels will return to what they once were.