“Spam in the Third Quarter of 2010” is the latest, quarterly report from Kaspersky’s anti virus research labs. It finds that several coordinated take-downs of massive botnets in the second half of the year did put a dent in global spam volumes, but only temporarily.
Spam volumes dropped 1.5 percent between August and September, 2010, according to the report. That may well be due to a coordinated take down of the command and control infrastructure for the Pushdo botnet in August. Pushdo was the source of about 10 percent of the world’s spam.
However, that action did little to tip the scales on spam, which still accounted for 82.3% of mail traffic processed by Kaspersky Labs in the third quarter, 2010, down from 84.4% in the second quarter, 2010.
Even with a botnet’s command and control infrastructure disabled, the infected machines can quickly be put back to together: the infected systems corralled under a newly constituted command and control system and put back to work, Kaspersky said.
The report pointed to the shifting sources of global spam: Europe – including Russia and Eastern Europe – was the single biggest regional source of spam e-mail, accounting for 40% of the spam traffic detected by Kaspersky. The U.S. was the country that was the single biggest source of spam e-mail, followed by India and Vietnam.
Long a source of malicious attachments, spam is even nastier. Kaspersky found malicious attachments in 4.7% of all the spam e-mail in processed in the third quarter, up from just 1.87% in the second quarter.
Its unclear what the fourth quarter will bring, though spam activity usually spikes in concert with the holiday shopping season. There is already evidence that spammers are gearing up for the holidays, in part by building out their botnets for spam distribution.
However, global botnets continue to face scrutiny by law enforcement. Most recently, Dutch authorities, working in concert with officials in Armenia and Russia, arrested the alleged mastermind behind the Bredolab botnet and disrupted the operation of that botnet. That take-down included the unorthodox step of harnessing the botnet to distribute messages to the owners of Bredolab infected machines that urged them to remove the bot from their system.