There has been a huge spike in spam volume in the last few days, including a massive amount of malicious spam with infected attachments, and researchers say that levels of junk mail are now far higher than they were before the takedown of the notorious Spamit affiliate program last fall.
Researcher at M86 Labs, who track closely the levels of spam and malicious email, said that the spike began toward the start of August and has continued an upward trend since then and the volume is now roughly twice what it was at the time of the Spamit takedown in October. Spamit was perhaps the largest affiliate program in the spam world at the time that it was disrupted. Spam levels dropped precipitously immediately following that takedown.
The volume of spam has not reached those pre-Spamit levels since then, but now M86 says that dynamic has changed radically.
“From the beginning of August, we have observed a huge surge of malicious
spam which far exceeds anything we have seen over the past two years,
including prior to the SpamIt takedown last October. The majority of the malicious spam comes from the Cutwail botnet, although Festi and Asprox are among the other contributors,” M86 researcher Rodel Mendrez said in a blog post.
Mendrez said that by the beginning of this week, spam containing malicious email attachments was making up nearly 25 percent of all of the spam that the company was collecting. The rise in spam volume comes at an odd time. There have been a number of operations in the last few months that have–or theoretically should have–made a serious dent in the amount of spam hitting users’ inboxes. Most notably, the takedown of the Rustock botnet earlier this year was a major blow to spammers who relied on the network to hose down the Internet with junk mail for a long time. Add in the dismantling of the Spamit network and the takedown of other botnets involved in the spam ecosystem and the current spike looks quite anomalous.
“This is an epic amount of malicious spam. After multiple recent
botnet takedowns, cyber criminal groups remain resilient, clearly
looking to build their botnets and distribute more fake AV in the
process. It seems spammers have returned from a holiday break and are
enthusiastically back to work,” Mendrez said.
Much of the malicious spam that is making up the current wave of junk takes the form of one of a handful of scams, most of which are old ploys. The current favorite is the fake UPS or FedEx shipping or delivery failure notification. These messages inform users that some phantom package they aren’t expecting could not be delivered and they need to open the attached ZIP file of doom in order to read the details of this failed transaction. Things go badly for the user at that point.
There also is a fresh wave of “your credit card has been blocked” spam, which also contains an infected ZIP archive.