A recent report by security company Symantec says the overall spam volume since August last year has declined from around 200 billion messages sent out per day to under 50 billion by the tail end of December.
It further says from 25 to 28 December, spam decreased by more than 30 billion messages sent out per day.
However, other security specialists disagree with this, saying spam has actually been on an increase in the past few months and they never saw any reduction.
According to Brett Myroff, the CEO of Sophos SA, there has not been a decrease in spam on that level. “The type of spam has shifted but, overall, spam is here to stay,” he states, adding that the motivations and the methods are continuing to change in order to reap the greatest rewards for the spammers.
“Becoming even more prevalent is the mailing of links to compromised Web pages, where victims are tricked into clicking a link in an e-mail, and then taken to a site which attacks their computer with exploits or attempts to install fake anti-virus software."
Agreeing with Myroff is Dirk Robinson, of Robinson Distribution, who also says there was an increase of spam over the holiday season.
However, he says: “From the information we have from clients and reputable authorities, we see more and more spam and attacks through Web 2.0 applications which include Facebook, Tweeter, LinkedIn etcetera.”
According to Simon Campbell-Young, CEO of Phoenix Software: “From the research and data we are seeing from our vendors, spam is on the increase.
“We are especially seeing an increase coming out of the Third World environment, with the world's biggest spam provider being Brazil.”
He says a reduction in spam is totally impossible if one considers the growth in PC, notebook, netbook, tablet and mobile phone usage to access the Internet. “Even though the majority of corporate spam messages are blocked by anti-spam filters, none of the filters are good enough to block all spam,” he adds.
Spam plummeted
On the other hand, principal analyst Anti-Spam Engineering at Symantec, Amanda Grady, says at the end of 2010, 77% of spam globally was sent using botnets, which was a decrease.
“Some spammers are moving to other methods to send spam, for example utilising hijacked e-mail accounts on legitimate mail servers; or snowshoe IP ranges.”
What influenced the spam reduction during that period is that there was a huge reduction in output from the Rustock botnet, which was by far the most dominant spam botnet in 2010, she explains.
“Xarvester and Lethic botnets stopped sending spam, to a lesser extent. Significantly, unlike previous botnet shutdowns, this did not coincide with any widely known legal take-downs,” she adds.
However, Grady says, Rustock and Xarvester are already back spamming. “As there have been a number of successful legal take-downs of botnet command and control centres already, we may see this repeated.”
A spam report by Kaspersky also says there have been some noticeable events in the world of spam over the past few months.
“The Pushdo or Cutwail and Bredolab botnet command centres have been shut down; the SpamIt partner program went out of business; and a criminal case has been brought against Igor Gusev, who is believed to be the world's number one spammer.”
However, the security vendor says, over the next four years, the amount of spam on the Internet will continue to increase.
Measures in place
Kaspersky says anti-spam defences are generally keeping up with spammers; so we expect to see only small fluctuations in the percentage of spam received in the user inbox.
The sales director of Phoenix Software, Jason Phillips, says businesses are understanding that spam has a massive impact on them, and are taking it more seriously and doing more to prevent it.
For example, he says, Microsoft does weekly anti-spam updates while security vendors do them on a daily basis. “I think there will be an increase in spam over the next couple of years, especially with the increases we are seeing in phishing,” he points out.
According to Phillips, spam and viruses are becoming cleverer because they are commercially driven. “So I can't see a decrease happening any time soon”.
He says unless a company is using an upstream solution, spam is a definite cost factor. “A lot of business Internet users are now mobile, and a lot of businesses are driven entirely by e-mail these days. Spam impacts on productivity and the bottom line, and it is a real cost to business if it is not prevented.”
Costly irritation
Kaspersky says in 2010 about 18% of all messages delivered to business user mailboxes were spam. While users mostly see spam as an annoyance, for corporations, it is a considerable expense.
“Every single e-mail message - legitimate or spam - costs companies money to process and store,” the security vendor says.
The major costs associated with spam management are costs to acquire and deploy an anti-spam solution, administrator hours spent on managing an anti-spam solution, employee hours spent on dealing with spam messages, instead of working, and costs to store spam messages, it says.
Spam also uses up bandwidth, which is particularly bad in our environment where bandwidth is so expensive and limited.
Robinson says statistics show that two-thirds of e-mails are spam and this is evident in some of the larger corporate across the world. ”If left alone, it will consume about the same amount of bandwidth.
“With the latest evolution of communication through social networking, this will reduce the size of mail but will increase the bandwidth through Web-based communication.”
Share