Researchers Expect More Spam for the Holidays

The sharp decline in spam volumes that attended last November's shutdown of the notorious McColo hosting provider seems to have come to an end. Spam levels increased steadily in both August and September, a trend that continued in October, according to the latest research.

With the holidays -- long a fruitful phishing ground for spammers and other malcontents -- fast approaching, spam levels seem to have rebounded to pre-McColo levels, and that has some security researchers worried.

Spam accounted for 88.1 percent of all e-mail volume in October, an increase of 1.7 percent over September, which in turn saw increased spam volume relative to August. Researchers warn that with Thanksgiving, Christmas, Boxing Day and New Year's on tap, spam levels will increase further still.

Spammers are nothing if not proactive, noted researchers from security specialist and Symantec subsidiary MessageLabs. Like many retail shops, spammers are already pitching Thanksgiving-, Christmas- and even Valentine's Day-themed mal-mailings.

"Thanksgiving and Christmas are both important times in the spammers' calendars, and MessageLabs Intelligence has already identified a significant number of spam messages relating to these holidays," wrote MessageLabs researchers.

"To date, [holiday-related mailings] accounts for approximately 2 percent of all spam. More than 2 billion Thanksgiving- or Christmas-themed spam e-mails are projected to be in circulation globally each day," they continued. "It is worth noting that MessageLabs Intelligence has also been tracking the first runs of St. Valentine's Day spam more than 3 months before the occasion...Again sent from the Cutwail and Rustock botnets, these spam messages relate to pharmaceutical and medical spam."

There's a bright spot, however: Phishing attacks in the English-speaking world are less prevalent. One possible explanation, researchers say, is that fewer trusted phishing toolkits are readily available. Call it a case of malware biting its malicious architects.

"Toolkits such as Zbot or Zeus used to be preferential for those cyber criminals who could afford to buy them, until they fell into the public domain and became plagued by hidden backdoor Trojans. The Zeus toolkit can be used to create highly customized botnets, phishing attacks, and identify theft and other malicious activities," the researchers wrote.

On the other hand, phishing activity in non-English-language mailings is almost certainly increasing. Phishers also appear to be broadening the scope of their attacks, targeting Web-based e-mail services in addition to bread-and-butter financial services. "Phishing attacks in languages other than English appear to be increasing, and languages such as French and Italian are becoming increasingly popular for phishing attacks," the researchers wrote.

"Although the financial sector is the most common target of phishing attacks, online services such as Web-based e-mail are also popular. The reason for this is perhaps the widespread use of e-mail addresses being used to authenticate other sites, especially social networking sites, online retailers and auction sites."

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.


  • Microsoft Releases Windows 10 Version 1909

    Microsoft on Tuesday announced the release of Windows 10 version 1909, a new operating system product that's also known as the "Windows 10 November 2019 Update."

  • November Microsoft Security Bundle Addresses 75 Vulnerabilities

    Of that number, 13 vulnerabilities are rated "Critical" to patch, while 62 vulnerabilities are deemed "Important."

  • The Future of Office 365 Pricing

    With a raft of new Office 365 features in the pipeline, Microsoft also seems ready to change the way it bills its subscribers. Will it replicate Azure's pay-per-use model, or will it look like something else entirely?

  • Microsoft Offers 1 Year of Free Windows 7 Extended Security Updates to E5 Licensees

    Microsoft is offering one year of free support under its Extended Security Updates program to Windows 7 users if their organizations have E5 licensing.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.