Global spam volume has seen a big increase in February over past months: Cisco’s Senderbase shows a rise of 64% from January, from 77.3 Billion to 126.9 Billion emails. The effect of shutting down many spam operations by the authorities in cooperation with companies like Microsoft, Google and others has been watered down by this increase, sadly.
Last year, global spam volume had seen a steady decline from May 2012, dropping to a low point of 77.3 Billion emails in January this year.
The sharp increase in spam volume in February however has also seen many new malware-including emails being sent. This includes weight loss emails but also Facebook Services emails including links to shady websites.
Spam volume up? Quit email, security company says
A European security company called ‘The European Network and Information Security Agency’ even went as far as saying there should be a campaign to stop using email. The main reason noted is that email is insecure, and the receiver currently cannot correctly assess whether the email would be a threat or if it would be safe.
I don’t know about them, but I can’t think of a better communication method for businesses right now than email, even with all the bad stuff involved including spam, scam and phishing emails and such.
Spamhaus, the well-known anti-spam DNS blacklist service, has been hit by a severe DDoS attack over the weekend. Users have been informed by Spamhaus of certain services like their website and email server being unavailable, with them working to get things back online yesterday.
At first it was noted by SoftpPedia that Anonymous was behind the attack, however Spamhaus themselves have provided an update on their website stating that this is not true, and that a Russian / Eastern European cybercrime gang was behind the attack.
An update was posted on Pastebin called ‘Operation Stophaus‘, demanding that the Spamhaus Project should stop their activities.
A quote of the pastebin:
Spamhaus has recently blackmailed several multinational carriers into disconnecting clients, breaching their own contracts, without any legal procedure whatsoever, and pretty much everyone on the internet so-far has feared spamhaus too much to report them to the authorities, wether they have a legal department to do so or not. reporting spamhaus to the authorities has shown to result in more listings, such as on their DROP list, which breaks access to significant parts of the internet completely. Spamhaus advertising its use as such, constitutes to breach of the UK Computer Sabotage Act. they know that by listing anything on DROP, they’re breaking internet access (at least partially), and use it as a means to terrorize people into giving them their way.
Spamhaus noted in their update that the above was posted by a disgruntled spammer, and not by anonymous.
The ROKSO list, or the Register of Known Spam Operations, is a list of roughly 100 spam operations managed by Spamhaus. Spamhaus notes on the ROKSO page that about 80% of all spam received by internet users in Europe and North America originates from this group. The group consists of 1 to 5 spammers per operation, which makes the total number of people involved between 300 and 400.
Below is part of the ROKSO list as of 19th Feb, 2013:
Luckily for first time offenders or non-professional spammers (that is, marketing departments that don’t know how to handle their lists correctly) there’s a 3 strikes method of putting spammers on the list. This means that you / your company must have been terminated by your ISP for at least 3 times for AUP (acceptable use policy) violations. After that, one gets listed on the ROKSO list, and IPs under control of the spam operation will be added to the Spamhaus Block List (SBL).
Spammers involved are those that see ISPs simply as throwaway resources: if and when they get caught, they’re already preparing to move their operation to a different ISP where they have already set up new IPs and domains.
For more information, check out the ROKSO faq on the Spamhaus website.
Good news everyone! Over the past two years, spam levels have dropped about 25%! That’s great news for email marketing because this gives room for the messages people truly want to arrive in their inbox! It has been dropping for a while, but the decline is now quite significant.
One of the main reasons spam has been dropping is because of the cleaning up of botnets, which play(ed) a significant role in sending out large quantities (billions and billions) of spam messages.
Another reason is tougher laws and subsequent list checking and data cross-referencing, which enables people to clean out and shut out the bots as well as having email marketers living on the edge change their ways and become law abiding citizens. Don’t forget DMARC as well, the newly introduced standard of domain authentication.
Third, spam filters have really matured in recent years, with some even becoming very tight on even legitimate email. This is sadly a result of spam still finding ways into the inbox sometimes: but if it can be beaten down into a trickle or even stopped altogether, spammers will leave this area of crime and go for something else. Yaay!
A botnet known as ‘Grum‘, responsible for sending out 18% of all spam has been taken offline by Atif Mushtaq from the malware intelligence lab called FireEye. After Cutwail and Lethic, it was the third most active botnet in the world.
Atif has posted the main characteristics of Grum in a blog post:
- Grum has two different types of CnC servers:
- CnCs that are responsible for serving configuration files and initial registration. I would refer to them as master CnCs.
- CnCs that serve spam related activities. I would refer to them as secondary CnCs.
- Grum uses hard-code IP addresses instead of domain names.
- Grum is divided into small segments i.e., different malware builds talk to their own assigned set of CnCs.
- There is no fallback mechanism once the main and secondary CnCs are down. That particular segment will be without a master. Read more