Major botnets keep on sending spam despite a major downturn in output in 2011

News by SC Staff

The slowdown in global spam at the start of 2011 was reminiscent of the shutdown of the McColo botnet in late 2009.

The slowdown in global spam at the start of 2011 was reminiscent of the shutdown of the McColo botnet in late 2009.

According to the Symantec MessageLabs Intelligence Report for January 2011, following a two-week decline in spam levels, spam now accounts for 78.6 per cent of all email traffic, which is the lowest rate since March 2009. Year on year, the volume of spam in circulation in January 2011 was 65.9 per cent lower than for the same period one year ago in January 2010, when the spam rate was 83.9 per cent of all email traffic.

The report claimed that the decline began on Christmas Day and continued through to New Year's Day and was the result of both a halt in the spam-sending activities of three botnets: Rustock, Lethic and Xarvester, and unrest among pharmaceutical spam-sending gangs.

During this two-week period, spam volumes declined 58 per cent from 80.2 billion spam emails per day to 33.5 billion spam emails each day, reminiscent of declines experienced when California-based ISP McColo was taken offline.

Paul Wood, MessageLabs Intelligence senior analyst at, said: “The closure of spam affiliate, Spamit, was partially responsible for the disruption to spam output. However, there are likely other factors at work, such as consolidation and restructuring of pharmaceutical spam operations, which has led to instability in the market likely to be exploited as a business opportunity by other spam gangs. We expect to see more pharmaceutical spam in 2011 as new pharmaceutical spam brands emerge and botnets compete for their business.”

The report confirmed that pharmaceutical spam accounted for about 59.1 per cent of all spam in January, and since the end of 2010, MessageLabs Intelligence has witnessed shifting patterns related to pharmaceutical spam sending. Previously, the Canadian Pharmacy brand was the most prolific of the pharmaceutical spam brands however, when Spamit shut down in October 2010, the brand disappeared as affiliates switched to sending spam for other brands.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike