The Year in Spam

The United Arab Emirates had a spam rate of 83.4% of all email messages in 2009

Tags: Cyber crimeE-mailMalwareMessageLabs IncorporatedSymantec CorporationUSAUnited Arab Emirates
  • E-Mail
The Year in Spam Most of the spam being circulated globally comes from botnets or ‘robot networks'.
By  Vineetha Menon Published  December 10, 2009

There were highs, lows and enough action to keep spam researchers busy all through 2009. Here is a recap of the spam highlights that made this year memorable based on the analysis of MessageLabs.

Let's start with some numbers - there were 5 million spam botnet machines contributing to an estimated hundred billion spam messages being sent around the world per day.

In the United Arab Emirates the average spam rate was 83.4% of all email messages, slightly lower than the global rate of 87.7% for the year.

By the end of 2009, nearly 83% of spam originated from botnets or ‘robot networks', as opposed to approximately 90% of spam that was sent from these networks in 2008. Botnets are groups of semi-autonomous computers that have all been compromised and remain under the control of cybercriminal organisations. Each botnet varies in size and may contain thousands or even millions of computers that can be used for a number of criminal activities including hosting malicious websites and sending spam emails.

The global spam trend for 2009 shows a sharp increase in the early half of the year following the sharp drop in spam volumes experienced toward the end of 2008, following the closure of McColo in November. It took several weeks for spam levels to rise again and months before botnet controllers were able to return to the same spam volumes as before the ISP was disconnected.

In the 12 months since the McColo ISP was taken offline the Trojan technology behind botnet-oriented malware has improved, with more rootkit-type kernel drivers becoming the norm. A rootkit is a set of software tools or services that enable an attacker to hide the fact that a computer has been compromised.

One of the major threats of 2009 was the Bredolab Trojan. It's designed to give the sender complete control of the target computer which then could be used to deploy other botnet malware, adware or spyware onto the victims' computer. The percentage of spam distributing the Bredolab Trojan dropper increased steadily in late 2009 and reached its highest levels in October 2009 when it was estimated that approximately 3.6 billion Bredolab malware emails were in circulation.

The events and celebrities that shaped the spam landscape this year included St. Valentine's Day and St. Patrick's Day, the global flu pandemic of H1N1, the fatal crash of Air France flight 447 as well as the deaths of singer Michael Jackson and actor Patrick Swayze. But it was the global economic crisis and the election of U.S. President Barack Obama that were top themes for much of the spam blocked this year.

On 18 November 2009, a huge jump in the number of spam emails that contained links to a popular micro-blogging website was recorded. While this trend has typically been very low (averaging less than 1% of all spam traffic), on that date it jumped to more than 4% of all spam. This new surge was entirely from the Donbot botnet. The spam campaign came to a halt five days later and was believed to have involved more than 3,000 individual accounts - a mixture of hijacked accounts that were quite old and false accounts that had been established purely for the purpose of spamming.

During 2009, the majority of spam was in English, around 5%, (1 in 20) spam messages were in another language.

It's been an eventful year and the spam attacks look set to continue through till 2010 with predictions of more attacks targeting social networks, a rise in mobile and specialised malware and the increasing use of URL shortening services to mask dangerous links.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code