Kaspersky Lab: Spam Levels Subside in 2010

17 Feb 2011
Spam News

Kaspersky Lab, a leading developer of secure content and threat management solutions, announces the publication of its annual analytical spam report for 2010.

The year 2010 saw the combined efforts of law enforcement agencies, vendors and other experts clock up a number of successes in the fight against spam. A large-scale campaign targeting spammers resulted in the closure of botnets such as Waledac, Pushdo/Cutwail, Lethic and Bredolab. In August, law enforcement agencies closed 20 Pushdo/Cutwail botnet command centers responsible for an estimated 10% of the total volume of the world’s spam. The fraudsters sustained their most tangible loss on 25 October, when 143 Bredolab botnet command centers controlling around 30 million zombie computers worldwide were shut down.

According to Kaspersky Lab experts, these measures led to the first-ever prolonged decrease in the amount of spam throughout the last two months of the year. The most notable result of this campaign was a considerable reduction in the quantity of spam originating from the USA. The largest volume of spam detected in mail traffic – 90.8% – was recorded on 21 February, with a low of 70.1% occurring on 28 October. The average for the year stood at 82.2%.

At the same time, botnet owners started moving their creations to countries where legal restrictions were less likely to affect them, which led to an increase in the amount of spam originating from Eastern Europe. However, the USA continued on from the previous year as the leading distributor of spam, accounting for 11.33% of all unsolicited mail, followed by India on 8.3%, and Russia with 6.0%. In 2010, Asian and Eastern European countries were widely represented in the Top 20, while the countries of Western Europe were in the minority.

The criminalization of spam intensified in 2010: small and medium-sized businesses are gradually turning away from this illegal advertising method, leaving it primarily to fraudsters and distributors of fake and illegal products. In 2010, users started to receive twice as many fraud-based emails (+3.8 percentage points) as in the previous year.

The quantity of malware in mail traffic also grew: in 2010, malicious files were found in 2.2% of all emails, that’s around 2.6 times higher than in 2009. At the peak of the attacks in August, the percentage of emails with malicious content reached 6.29%.

The cybercriminals clearly did their best to bypass spam filters and lure users into entering infected sites: their messages were good imitations of official notifications from popular web resources; spammers even imitated the technical headers which are normally invisible to the user, but very important for anti-spam filters. Kaspersky Lab’s experts remind users of the necessity to remain vigilant and to ignore attachments in suspicious emails and never click on the links they contain.

In 2010, the leading English-language spam category was Medication and Health-Related Goods and Services. The share of spam in the Spammer Services (-6.1 percentage points) and Adult content categories (-4.6 percentage points) decreased considerably compared to 2009. In September, after the closure of the pharmaceutical SpamIt partner program, spammers who used to make money offering medication began looking at various other partner programs. This resulted in the short-term growth of different types of spam, including advertisements for online casinos and porn sites.

“Spam distribution will remain the cybercriminals’ main source of income,” forecasts Darya Gudkova, Head of Content Analysis & Research at Kaspersky Lab. “Next year, we expect a continuation in sophisticated attacks combining phishing, spammer and social engineering techniques. The spammers will certainly be busy distributing malicious spam as they will want to restore their lost botnets. This restoration will inevitably lead to an increase in the quantity of spam in mail traffic. Cybercriminals will become more cautious, employing security software and locating their botnets in countries which are less hostile to cybercrime.”