Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spam Volume Spikes After Holiday Respite

Posted by CmdrTaco on from the eggs-bacon-sausage-and dept.

Trailrunner7 writes "The amount of spam hitting users' inboxes fell off a cliff in late December, with many security experts attributing the decline to the sudden disappearance of the Rustock botnet and other networks from the spam business. But the level of spam has begun to gain back some of the ground it lost today as other spammers have taken up the slack. Researchers say that after the sudden drop-off in spam volumes, things stayed fairly quiet for a time, but now it seems that other spammers have picked up where Rustock and the other spamming operations left off. The volume of spam took a big jump upward in the last 24 hours, according to researchers at Websense. The volume of spam hasn't made it all the way back to the levels of the last few months of 2010, but it seems to be on the way."

55 comments

  1. Blog by Dan+East · · Score: 1

    I haven't noticed a spike in email spam, but my blog (which gets like 20 hits a day) has been getting a lot of spam comments over the last several days. Probably not a coincidence.

    --
    Better known as 318230.
    1. Re:Blog by Monkeedude1212 · · Score: 3, Funny

      Wait a second, you have a blog... And its NOT linked in your signature?

      Are you even trying? Or why have a blog at all?

    2. Re:Blog by Cryacin · · Score: 1

      I'm quite surprised that there's no first post spam.

      --
      Science advances one funeral at a time- Max Planck
    3. Re:Blog by ocdscouter · · Score: 2

      Even Spam can't be everywhere at once.

    4. Re:Blog by AmonTheMetalhead · · Score: 1

      I've noticed a significant increase in spam on my system, about 4 times as much as i had before November,and most of them seem to be scams regarding employment offers

  2. and people say... by Anonymous Coward · · Score: 0

    ...that teamwork is dead.

  3. Frequency of Spam by ackthpt · · Score: 5, Interesting

    I've watched it for years - typically when schools are closed for breaks the spam drops off considerably. Once students return to classrooms it comes back with a vengeance.

    The only conclusion I can draw is that schools have labs and servers which are the main hosts for delivering spam. With labs shut down the spam engines are off-line.

    --

    A feeling of having made the same mistake before: Deja Foobar
    1. Re:Frequency of Spam by KublaiKhan · · Score: 1

      That, and the students' own systems. Most non-CS students aren't going to be at anything other than "normal end-user" levels of savvy--and apparently normal end-users actually buy stuff from spam, because it keeps coming, and it keeps being popular.

      --
      In Xanadu did Kubla Khan
      A stately pleasure dome decree
    2. Re:Frequency of Spam by TheRaven64 · · Score: 2

      I'd be inclined to blame student machines on university networks. Machines in labs are usually supervised by at least one competent admin, but these days most universities have WiFi and wired network connections for all of the students. A typical unsecured Windows machine on an asymmetric connection behind a NAT isn't nearly as much of a problem as that same machine on a public IP with a GigE connection to the Internet (I'm not sure what speed I could get on campus, but my hard disk was the bottleneck on a lot of things).

      --
      I am TheRaven on Soylent News
    3. Re:Frequency of Spam by Monkeedude1212 · · Score: 1

      The conclusion I would draw is that students send more emails during school.

      You know, the kind with terrible spelling and grammer like

      hey bb i w2 ttyl aftr clss k?

      which no doubt registers as a false positive spam email hitting the inbox.

    4. Re:Frequency of Spam by Anonymous Coward · · Score: 0

      Or it could just be that the spammers go on vacation but either way I have noticed the same thing.

      I said this in the last thread where we were talking about the disabling of the botnet and nobody believed me when I said it would return to normal after the holidays.

      Spam always drops off during holidays and then spikes back to normal afterwards.

    5. Re:Frequency of Spam by Neil+Boekend · · Score: 1

      claiming to have said something smart, predictive and true while being AC doesn't sound reliable. Of course it's checkable whether someone said it, but I could just as easily say I control the biggest spam botnet now. Someone does, but you can't know whether I do (unless you are the controller. In that case: DIE).
      If you want to use "told ya so" you should login.

      --
      Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
    6. Re:Frequency of Spam by Tim+C · · Score: 1

      Not only that but in universities the lab machines will probably still be in use by the research groups/post-grads, and even if not they may well not be powered down over the holidays anyway.

      --
      It's official. Most of you are morons.
    7. Re:Frequency of Spam by serialband · · Score: 1

      It's mostly the student's personal systems.

      Many beginning CS students today actually fall under the category of normal end user. These days, a lot more people come to college to learn a trade, not to advance their knowledge. I've seen many come into CS with absolutely no background in computers, other than running a web browser, word processor, or game. Too many fall into this category now so they've started offering even more remedial computer classes that include taking apart a computer to see what's inside, a first for many of these CS students. They've added an even more remedial "programming class" that involves drag & drop programming. I guess they don't teach "computer literacy" in elementary school anymore.

  4. About Time by ticketswapz · · Score: 0

    I was wondering how many women are out there waiting to see me and good deals on pills to make my nether region bigger, larger and stronger!

    --
    ticketswapz.com - Buy, Sell, Trade Sporting Event and Concert Tickets
  5. I'm shocked by commodore64_love · · Score: 1

    The spammers were shut-down, and then they came back. Wow. I never could have predicted that. /end sarcasm. Maybe governments should just give-up the idea that they can silence speech, and find some other way to deal with it (filtering). Which is pretty much what we've always done (if I don't want to hear a politician speaking, I just walk away until his voice can't be heard).

    --
    "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
    1. Re:I'm shocked by blair1q · · Score: 2

      You do have a right not to be harrassed, no matter the media. The government can't stop someone from speaking to someone who wants to hear what they're saying, but it can stop them from speaking to someone who doesn't want to hear what they're saying, if that doesn't also interfere with speaking to people who do want to hear. And it can treat commercial and political speech differently.

      Spammers know they're breaking the law by harassing random people with random commercial messages they don't want to get.

      The fact that it's hard to silence them is not proof they have a right to do what they're doing. It's only proof that the machinery is inadequately designed to apply the law to them consistently. They should be applying the law to themselves, but they don't, because they're criminals. And they like it that way.

    2. Re:I'm shocked by nigelo · · Score: 2

      ...if I don't want to hear a politician speaking, I just walk away until his voice can't be heard).

      Now if only that worked with certain /. users, or am I overlooking the tool that allows that sort of filtering?

      --
      *Still* negative function...
    3. Re:I'm shocked by John+Hasler · · Score: 1

      > ...am I overlooking the tool that allows that sort of filtering?

      Good question. My newsreader has a killfile. Would be nice to have one here.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    4. Re:I'm shocked by melikamp · · Score: 2

      I agree. Spam is forever and fighting it by shutting down spammers will accomplish nothing, even on the medium run. The amount of spam is rigidly capped from below by the presence of netizens who will follow ANY instructions on the belief that they are ordering a cheap aphrodisiac. The only way to get rid of spam is to get rid of stupid people, but that won't do, since they are also the foundation of the modern democracy. I kid, I kid :) Seriously though, we will always have our stupid people, and therefore we are stuck with spam. Have individuals filter if they choose to, case closed.

    5. Re:I'm shocked by commodore64_love · · Score: 1

      Email hardly qualifies as harassment, especially since it is so easily ignored (don't click on it) (and/or filter it to a spam folder).

      --
      "I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
    6. Re:I'm shocked by DamonHD · · Score: 2

      That's simply nonsense.

      I get tens of thousands of SPAMs each day (last time I counted) which take significant system resources to deal with the initial filtering of and quite considerable extra time on my part to deal with what is left. Time that I might like to spend, say, with my children, or working on business projects. Real opportunity costs as well as resource costs. And repeated unwanted approaches from people I've asked to leave me alone sure feels like harassment (including big legit companies that should know better).

      And I also do lose 'ham' messages as collateral damage with some unpleasant consequences for my business; I am smarting from a case just this last week or so.

      So, just because it seems not to be a problem for *you* doesn't mean it isn't a real measurable problem generally.

      Rgds

      Damon

      --
      http://m.earth.org.uk/
    7. Re:I'm shocked by Neil+Boekend · · Score: 1

      What? Are you comparing ripping people off with fake viagra to free speech?
      if (yes) {you=moron};
      else {Please elaborate};

      --
      Well, I might have a way, but it only works on a semi spherical planet in a vacuum.
    8. Re:I'm shocked by Zak3056 · · Score: 1

      Good question. My newsreader has a killfile. Would be nice to have one here.

      Add the user to your foes list, and set your modifier for foes to -6, and your threshold to some value greater than or equal to 0?

      --
      What part of "shall not be infringed" is so hard to understand?
    9. Re:I'm shocked by Anonymous Coward · · Score: 0

      You forgot:

      you.newsletter.subscribers.add(this);

    10. Re:I'm shocked by nigelo · · Score: 1

      Yep. Got it.
      Thanks.

      Note: Thresholds are adjusted by clicking on the score shown next to the Subject of a comment, and *not* by visiting your preferences, where there is no option to adjust thresholds.

      --
      *Still* negative function...
  6. What a redundant summary by noidentity · · Score: 5, Interesting
    The headline and summary repeat the point way too many times:

    1. Spam Volume Spikes After Holiday Respite

    2. The amount of spam hitting users' inboxes fell off a cliff in late December, with many security experts attributing the decline to the sudden disappearance of the Rustock botnet and other networks from the spam business. But the level of spam has begun to gain back some of the ground it lost today as other spammers have taken up the slack.

    3. Researchers say that after the sudden drop-off in spam volumes, things stayed fairly quiet for a time, but now it seems that other spammers have picked up where Rustock and the other spamming operations left off.

    4. The volume of spam took a big jump upward in the last 24 hours, according to researchers at Websense. The volume of spam hasn't made it all the way back to the levels of the last few months of 2010, but it seems to be on the way.

    1. Re:What a redundant summary by Anonymous Coward · · Score: 1

      The headline and summary repeat the point way too many times:

      1. Spam Volume Spikes After Holiday Respite

      2. The amount of spam hitting users' inboxes fell off a cliff in late December, with many security experts attributing the decline to the sudden disappearance of the Rustock botnet and other networks from the spam business. But the level of spam has begun to gain back some of the ground it lost today as other spammers have taken up the slack.

      3. Researchers say that after the sudden drop-off in spam volumes, things stayed fairly quiet for a time, but now it seems that other spammers have picked up where Rustock and the other spamming operations left off.

      4. The volume of spam took a big jump upward in the last 24 hours, according to researchers at Websense. The volume of spam hasn't made it all the way back to the levels of the last few months of 2010, but it seems to be on the way.

      Not only is it redundant, but it's wrong... "But the level of spam has begun to gain back some of the ground it lost today as other spammers have taken up the slack." When the spam volume dropped, very specific spams stopped. Those spam messages are showing up again, and the volume reflects the overall change in spam traffic.

  7. Unknown sender and no subject by sirdude · · Score: 5, Interesting

    Every now and then, I trawl through my gmail spam folder looking for false positives. These sojourns also serve to give me an idea of the amount of spam and type of spam that's floating around. When a botnet goes down, my spam levels go down to around 2000 and odd. When the botnets are supposedly back, they tend to return to the 5000 level. What I've noticed in the last few months however, is the significant number of invalid spam e-mails - those with no subject and no sender name or sender e-mail address. These are by far the most common type of message in my spam folder at the moment and I was wondering wtf was going on. I know spammers suck. But do they now also suck at spam?

    1. Re:Unknown sender and no subject by SomeJoel · · Score: 5, Interesting

      I can think of 3 possible answers, in decreasing likelihood:
      1) They didn't type in the right parameters into the script they're running.

      2) They are not wasting cycles populating the messages until they verify that the messages will actually be delivered.

      3) The empty messages are used by the botnet controllers to show potential customers how effective their botnets are, similar to "Your ad here!" billboards.

      --
      <Complete your profile by adding a signature!>
    2. Re:Unknown sender and no subject by Em+Adespoton · · Score: 2

      4) The empty messages are used to mess with anti-spam solutions.

      However, I think most of the time it's a combination of 1 and 2.

  8. Some charts supporting this by Khopesh · · Score: 4, Informative

    (alphabetically)

    SANS Internet Storm Center (I can't get the graph working, ymmv)
    SenderBase
    SpamCop (a feed to SenderBase)
    Symantec
    ThreatPost (TFA)
    Websense Monthly reports (December not yet available, Websense is TFA's source)

    An observation: spammers celebrate holidays too; it's hard to recover from a series of shutdowns while dealing with family affairs. I hope their holidays were joyful and full of lasting distractions...

    --
    Use my userscript to add story images to Slashdot. There's no going back.
  9. Espanol by blair1q · · Score: 1

    Getting about half as much as ever since mid last-year. And I don't know why, but 9/10ths of the spam I get now is in Spanish, much of it from South America.

  10. slashdot is broken by Anonymous Coward · · Score: 0

    Anon posts won't show in slashdot - might want to fix that.

    BTW : Slashdot sucks.

    1. Re:slashdot is broken by Anonymous Coward · · Score: 0

      But I see your post.

    2. Re:slashdot is broken by iammani · · Score: 1

      Why would you reply anonymously to a person who cannot see Anonymous posts?

    3. Re:slashdot is broken by Anonymous Coward · · Score: 0

      Two reasons:

      1. To make him look foolish to everyone else.
      2. To reinforce his feeling of loneliness.

  11. My 2010 spam graph, ~15k users, ~1k domains by millisa · · Score: 2

    I hadn't looked at one of the bigger mail setups I manage and was surprised to see it wasn't all fluff.

    Spam levels are about 1/6th of this time last year
    (The 'rejected' are mostly sqlgrey bounces which kills most the spam. The extra grey on the tips is the spam getting through to the actual scanners which looks about the same).

    1. Re:My 2010 spam graph, ~15k users, ~1k domains by freedumb2000 · · Score: 1

      Between greylisting, filtering out dynamic ips and some sanity checks with postfix there isn't really much spam getting through. So little in fact that I have stopped scanning email content which means absolutely no false positives.

  12. Russian Orthodox Xmas by SpamIsLame · · Score: 2

    I made a bet (which I have now lost) that spam volumes would rise to their pre-xmas levels by Jan. 13th. This was in response to the numerous news items that popped up in newspapers such as the Guardian and New York Times back on Jan. 5th or so.

    The reason I felt confident in that wager is because in Russia, Orthodox Christmas takes place on January 7th [source].

    Looks like our Russian friends just got back a little earlier than expected. This happens every January. You can practically set your watch by it (if you wear a watch.)

    --
    -- SiL / IKS / concerned citizen
  13. Sheesh, can't a guy take a vacation? by WillAffleckUW · · Score: 1

    Work work work.

    Sometimes you just need a break, you know?

    --
    -- Tigger warning: This post may contain tiggers! --
  14. It's all about timing.... by Lord_of_the_nerf · · Score: 1

    After Christmas is usually when I find I need to 'satisfy my woman'.

    It also helps if I can afford next Christmas, so I also need to 'recover millions of dollars from the Nigerian government'.

    1. Re:It's all about timing.... by gmhowell · · Score: 0

      After Christmas is usually when I find I need to 'satisfy my woman'.

      Sorry dude. After hitting it the other 364 days of the year, I thought I should be nice and let you get in on her once.

      --
      Jesus was all right but his disciples were thick and ordinary. -John Lennon
  15. I think you're overlooking something... by damn_registrars · · Score: 2

    The only conclusion I can draw is that schools have labs and servers which are the main hosts for delivering spam. With labs shut down the spam engines are off-line.

    From my experience the computer labs at most colleges are managed fairly well, they don't tend to end up compromised often.

    Remember now that most college kids these days live in dorms, and they have their own PCs on the colleges high-speed internet connection in those dorms. It's more likely that when the college kids return to their dorms they boot their (infected) Windows PCs back up and they are again running 24/7. Same kids likely didn't use their PCs much while they were at home for the holidays. It is generally much more difficult for college IT departments to make sure that the students are using halfway decent practices on their personal systems.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
  16. There Is No Reason To Be Surprised... by damn_registrars · · Score: 2

    Anyone who actually expected the volume to stay down either doesn't know whats going on here, or was deliberately trying to fool themselves. Sure every once in a while something will happen that will cause a downward tick in the spam delivery rates. But in the end the rate always comes back up.

    We need to ask ourselves why this is - and the answer is fairly simple.

    It's the economy, stupid. People aren't sending out spam to piss you off (as much as you might like to think so). They are sending out spam to make money. And as long as there is money to be made by sending out spam, there will continue to be spam. We all know how obscenely little money it costs to send out email - hence the profit margins can be huge even when the payment is rather small.

    Hence the only way to stop spam is to go after the motivation - the money. If you can distance the spammers from their money, they will lose the incentive to send spam. As long as that incentive remains, so does the spam. We can dismantle botnets, make more filters, or even dismember spammers themselves. None of that is worth a damn as long as there is money to be made. Even when spammers have been murdered it didn't matter because there is always someone else who wants a cut of the action and is willing to pick up where the last guy left off.

    --
    Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
    1. Re:There Is No Reason To Be Surprised... by Anonymous Coward · · Score: 0

      And as long as there is money to be made by sending out spam, there will continue to be spam.

      But that's the thing- what money? Is there actually anyone who buys stuff from spam? I don't know anyone. Everyone I know hates spam. So, who's buying?

    2. Re:There Is No Reason To Be Surprised... by plover · · Score: 1

      So, who's buying?

      Obviously there are a lot more stupid, gullible, flaccid, short-penised, small-breasted, painkiller-addicted, bankrupt, acne-scarred, illegal immigrants than you realize.

      --
      John
  17. Longer term stats by RedToad · · Score: 2

    Yes, there was a holiday period dip, as usual. What is different is the longer term (12 month) view
    http://www.senderbase.org/home/detail_spam_volume?displayed=last18months&action=&screen=&order=

    June 2010 . . . . . 339 Billion/day average
    December 2010 . . 92 Billion/day average
    December 2009 . .205 Billion/day average
    So comparing December with the 2010 peak, or comparing December year to year, there is a huge decrease in the last quarter on 2010.

    The steady decline from September to December is most likely attributable to the exposure of Igor Gusev in the Russian media, Russian police action in seizing his computers, and the immediate shut-down of his GlavMed affiliate program that was funding the spammers and providing the pharmacy fraud and fake watch scams.

  18. NOT from .cn / .kr by jackdub · · Score: 2
    My organization expects NO legitimate mail from characters in these locations.

    Therefore we use the following : http://www.okean.com/thegoods.html

    in addition to other spam-filtering practices.

    Props to the guy for maintaining this.

    1. Re:NOT from .cn / .kr by tlhIngan · · Score: 1

      I'm trying to find a way to devise a high-bit recipe for my procmail rules. I get a lot of spam in foreign languages, so a first-cut pass by eliminating emails outside of the ASCII character set (0-127, remember) would cut down my spam volume by more than 70% or so.

      Won't help those who use languages with no representation outside of ASCII, but since I don't read the other languages, it would be great for me. Especially since I'm somehow getting inundated with spam to russian sounding email addresses on my domain.

    2. Re:NOT from .cn / .kr by Karellen · · Score: 1

      It would also filter any legitimate email mentioning prices in £, € or ¥ (do friends ever email you telling you how cheap/expensive things were on holiday?), or containing smart quotes like “ and ” (do friends have email clients which insert these?) or the occasional useful mathematical symbol like ±, ×, ÷ (do you know maths geeks?), or if they make fun of Overly® Protected Products© (do you know anyone prone to humorous hyperbole?), or talking about Mëtäl Bänds (do you know anyone who likes metal?), or .... need I go on?

      --
      Why doesn't the gene pool have a life guard?
  19. a change did take effect by ralphdaugherty · · Score: 1

    The level of spam did fall off a cliff, but what replaced it is the most aggressive posting spam efforts I've seen. And no, this has little to do with American household PC's. It is a very widespread Ukranian controlled botnet based on the range of IP addresses coming from Ukraine.

    Of course most everywhere else in the world as well, but from US IP addresses they are mostly server range addresses. (in other words, very little consumer broadband addresses involved and instead proxy addresses, server host companies, etc.)

    This is a focused effort, almost all the spam are links to allegedly buy deals too good to be true, etc. I assume the sites download malware and also try to get credit card info to make a purchase.

    There are some amazing locations on earth these latest attempts are coming from to get around blocks, even saw a Cuban IP address, Macedonia, and some other locations I haven't got hit with spam registrations from before. This is a very widespread botnet.

      rd
     

    1. Re:a change did take effect by Doctor_Wibble · · Score: 1

      This more or less reflects what I have been seeing (on a low volume private mail server) but the dropoff for me started around late October with connections staying at relatively normal levels but the amount of spam coming in falling to almost zero.

      Curiosity (i.e. tcpdump) turned up the reason - what looked like a spammer 'template typo' that was causing emails to fail relatively silently with a protocol error, so they never got far enough to be counted as anything. It looks like they have fixed it now and are trying to make up for lost time.

      I don't know which botnet was responsible so I couldn't say how widespread this was but I don't think it's entirely coincidental.