Are we winning the war on spam?

Commstock says yes, but the battleground will surely shift from email to social networks' walled gardens

Global spam numbers in the first quarter of 2012 were down 40 per cent compared with a year ago, according to security firm Commstock's latest quarterly Internet Threats Trend Report released today.

Indeed, spam is now running at under two-thirds of the levels seen immediately before the takedown of the Rustock botnet in March 2011. Then the average was more than 150 billion messages per day. Today, a mere 94 billion.

These figures are bound to be confirmed by the rest of the vendors as they spam journalists' inboxes with their own quarterly portfolios of factoids.

Factoids like the promotion of fake pharmaceuticals continuing to be the most common type of spam, up eight percentage points to 38.5 per cent of the total.

Commstock said the US tax season provided an opportunity for spammers to target both consumers and accountants with blended attacks — email linking to a website that attempts to install malware.

"The scale of a February attack was so large that it certainly must have reached many CPAs — but also many other individuals. Many of the recipients (accountant or not) may have clicked on the links out of sheer curiosity," Commstock said.

Spam still constitutes 75 per cent of all email sent, but Commstock is upbeat.

"There is no sign of a return to pre-Rustock spam levels," the report said. "At this point it is tempting to conclude that the decade-long growth of spam has been permanently reversed. Time will tell."

Commstock attributes the continuing reduction of spam to the post-Rustock takedowns of further botnets, increased law enforcement activities against the spammers and the industries they support such as fake pharmaceuticals, and criminals moving into more lucrative activities such as banking fraud.

But the latter provides a clue to spam's future.

Criminals moving into more lucrative activities.

Commstock's own report describes how GlavTorg, a spam affiliate program specialising in replica handbags and clothing, closed at the end of January.

"The spam-subject cloud for the end of January shows no evidence of GlavTorg related products. In addition the spam levels for the period show no obvious influence (increase or decrease) around the dates of the announcement or the date when payments were stopped. Spammers have apparently easily realigned their activities."

Indeed, spam for counterfeit goods actually increased 5 percentage points this quarter to 19.8 per cent. Replica spam remains the second most common variety.

As the botnet takedowns become more successful, surely spammers will simply move to the popular social networks, Facebook and Twitter.

Twitter already sees significant spam levels. Spam tweets seem almost trivial to spot. Yet there's little incentive for Twitter to make a real effort to stop them. Not when the company still needs to justify its $8.4 billion valuation on annual revenues still down around $100 million.

It's nearly two years since Twitter claimed they'd reduced spam to under 1 per cent of tweets. My prediction? Expect this to increase substantially, and soon.

As for Facebook, well, that's a bounteously rich ecosystem for spammers to exploit. My prediction? Well-organised spam apps, followed by a market for Facebook anti-spam.

Contact Stilgherrian at Stil@stilgherrian.com or follow him on Twitter at @stilgherrian

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Show Comments