A new report of security company Symantec says that global spam is at its lowest levels since 2008. The geographic center of spammed accounts has also shifted from Russia to Saudi Arabia. Worldwide spam is now down to one in every 1.37 emails. In the United States, spam accounts for 73.7% of all emails.
Spam levels are now the lowest they have been since McColo, a California-based ISP spam control center, was taken down in 2008. That is, in part, due to the shutdown of the spam-sending botnet Rustock in March 2011. Spam, phishing, viruses and other types of malware are all still major problems in the Internet ecosystem but it looks like progress is being made against the botnets and those that control them.
Symantec’s Intelligence Report is a combination of analysis from the Symantec.cloud MessageLabs Report and the monthly Symantec State of Spam and Phishing Report. It is the first time the company has combined the two reports.
One of the most interesting trends to emerge from the June 2011 report is that pharmaceutical spam is declining yet the prefix “wiki” is increasing in spam messages. In some cases, the two have merged, such as the WikiPharmacy that spam messages are directing users to. Other major spam targets have been tax returns in India and fake aid to Japan after its catastrophic earthquake and tsunami in March. After pharmaceutical spam (which accounts for 40% of all spam messages), adult/sex/dating was the next highest category, with 19% of all messages.
The United States is also no longer a major generator of spam. Spam messages originating from the U.S. declined from 10.7% of all spam in 2010 to 2.8% in June 2011.
Spam may be at its lowest levels in three-plus years, but that does not mean it is dying out or is not a major problem. In June there were still 39.2 billion spam messages sent.
Phishing Evolves, Grows More Targeted
Email phishing is becoming more targeted. Spammers are now using tactics known as “spear phishing” and “whale phishing” designed specifically for a small set of users.
Our enterprise editor, David Strom, reports from Symantec’s headquarters in Mountain View, Calif.
“The report shows that virus authors are getting better at micro-targeting: 75% of the malware has infected less than 50 or fewer individual PCs. One virus assembly kit called Harakit is distributed to an average of 1.6 users, meaning that it is used to deliver custom-built attacks that is targeted for a specific individual.”
Examples such as Harakit might fit in with “whale phishing” where specific, high-ranking executives are targeted with phishing emails that have been dutifully researched by the phishers and are targeted to get into the executive’s computer, which often has access to far more data than a mid-level employee.
South Africa is the most targeted location for phishing attacks with one in every 111.7 emails. The U.S. sees a phishing attempt in every 1,270 emails while Japan sees hardly any (in comparison) at all at with one in 11,179 emails.
Web-based malware is on the rise. MessageLabs identified an average of 5,415 sites each day harboring malware, adware and spyware, an increase of 70.8% from May 2011. That increases the chances of “drive-by” downloads where a user visits a site and becomes infected with malware.