Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Spam Volume Spikes After Holiday Respite

CmdrTaco posted more than 3 years ago | from the eggs-bacon-sausage-and dept.

Security 55

Trailrunner7 writes "The amount of spam hitting users' inboxes fell off a cliff in late December, with many security experts attributing the decline to the sudden disappearance of the Rustock botnet and other networks from the spam business. But the level of spam has begun to gain back some of the ground it lost today as other spammers have taken up the slack. Researchers say that after the sudden drop-off in spam volumes, things stayed fairly quiet for a time, but now it seems that other spammers have picked up where Rustock and the other spamming operations left off. The volume of spam took a big jump upward in the last 24 hours, according to researchers at Websense. The volume of spam hasn't made it all the way back to the levels of the last few months of 2010, but it seems to be on the way."

cancel ×

55 comments

Sorry! There are no comments related to the filter you selected.

Blog (1)

Dan East (318230) | more than 3 years ago | (#34841798)

I haven't noticed a spike in email spam, but my blog (which gets like 20 hits a day) has been getting a lot of spam comments over the last several days. Probably not a coincidence.

Re:Blog (3, Funny)

Monkeedude1212 (1560403) | more than 3 years ago | (#34841850)

Wait a second, you have a blog... And its NOT linked in your signature?

Are you even trying? Or why have a blog at all?

Re:Blog (1)

Cryacin (657549) | more than 3 years ago | (#34841890)

I'm quite surprised that there's no first post spam.

Re:Blog (2)

ocdscouter (1922930) | more than 3 years ago | (#34843042)

Even Spam can't be everywhere at once.

Re:Blog (1)

AmonTheMetalhead (1277044) | more than 3 years ago | (#34859170)

I've noticed a significant increase in spam on my system, about 4 times as much as i had before November,and most of them seem to be scams regarding employment offers

and people say... (0)

Anonymous Coward | more than 3 years ago | (#34841802)

...that teamwork is dead.

Frequency of Spam (5, Interesting)

ackthpt (218170) | more than 3 years ago | (#34841862)

I've watched it for years - typically when schools are closed for breaks the spam drops off considerably. Once students return to classrooms it comes back with a vengeance.

The only conclusion I can draw is that schools have labs and servers which are the main hosts for delivering spam. With labs shut down the spam engines are off-line.

Re:Frequency of Spam (1)

KublaiKhan (522918) | more than 3 years ago | (#34841938)

That, and the students' own systems. Most non-CS students aren't going to be at anything other than "normal end-user" levels of savvy--and apparently normal end-users actually buy stuff from spam, because it keeps coming, and it keeps being popular.

Re:Frequency of Spam (1)

serialband (447336) | more than 3 years ago | (#34849020)

It's mostly the student's personal systems.

Many beginning CS students today actually fall under the category of normal end user. These days, a lot more people come to college to learn a trade, not to advance their knowledge. I've seen many come into CS with absolutely no background in computers, other than running a web browser, word processor, or game. Too many fall into this category now so they've started offering even more remedial computer classes that include taking apart a computer to see what's inside, a first for many of these CS students. They've added an even more remedial "programming class" that involves drag & drop programming. I guess they don't teach "computer literacy" in elementary school anymore.

Re:Frequency of Spam (2)

TheRaven64 (641858) | more than 3 years ago | (#34841952)

I'd be inclined to blame student machines on university networks. Machines in labs are usually supervised by at least one competent admin, but these days most universities have WiFi and wired network connections for all of the students. A typical unsecured Windows machine on an asymmetric connection behind a NAT isn't nearly as much of a problem as that same machine on a public IP with a GigE connection to the Internet (I'm not sure what speed I could get on campus, but my hard disk was the bottleneck on a lot of things).

Re:Frequency of Spam (1)

Tim C (15259) | more than 3 years ago | (#34847630)

Not only that but in universities the lab machines will probably still be in use by the research groups/post-grads, and even if not they may well not be powered down over the holidays anyway.

Re:Frequency of Spam (1)

Monkeedude1212 (1560403) | more than 3 years ago | (#34841970)

The conclusion I would draw is that students send more emails during school.

You know, the kind with terrible spelling and grammer like

hey bb i w2 ttyl aftr clss k?

which no doubt registers as a false positive spam email hitting the inbox.

I think you're overlooking something... (2)

damn_registrars (1103043) | more than 3 years ago | (#34843346)

The only conclusion I can draw is that schools have labs and servers which are the main hosts for delivering spam. With labs shut down the spam engines are off-line.

From my experience the computer labs at most colleges are managed fairly well, they don't tend to end up compromised often.

Remember now that most college kids these days live in dorms, and they have their own PCs on the colleges high-speed internet connection in those dorms. It's more likely that when the college kids return to their dorms they boot their (infected) Windows PCs back up and they are again running 24/7. Same kids likely didn't use their PCs much while they were at home for the holidays. It is generally much more difficult for college IT departments to make sure that the students are using halfway decent practices on their personal systems.

Re:Frequency of Spam (0)

Anonymous Coward | more than 3 years ago | (#34843398)

Or it could just be that the spammers go on vacation but either way I have noticed the same thing.

I said this in the last thread where we were talking about the disabling of the botnet and nobody believed me when I said it would return to normal after the holidays.

Spam always drops off during holidays and then spikes back to normal afterwards.

Re:Frequency of Spam (1)

Neil Boekend (1854906) | more than 3 years ago | (#34846370)

claiming to have said something smart, predictive and true while being AC doesn't sound reliable. Of course it's checkable whether someone said it, but I could just as easily say I control the biggest spam botnet now. Someone does, but you can't know whether I do (unless you are the controller. In that case: DIE).
If you want to use "told ya so" you should login.

About Time (1)

ticketswapz (1974628) | more than 3 years ago | (#34841866)

I was wondering how many women are out there waiting to see me and good deals on pills to make my nether region bigger, larger and stronger!

I'm shocked (1)

commodore64_love (1445365) | more than 3 years ago | (#34841880)

The spammers were shut-down, and then they came back. Wow. I never could have predicted that. /end sarcasm. Maybe governments should just give-up the idea that they can silence speech, and find some other way to deal with it (filtering). Which is pretty much what we've always done (if I don't want to hear a politician speaking, I just walk away until his voice can't be heard).

Re:I'm shocked (2)

blair1q (305137) | more than 3 years ago | (#34842426)

You do have a right not to be harrassed, no matter the media. The government can't stop someone from speaking to someone who wants to hear what they're saying, but it can stop them from speaking to someone who doesn't want to hear what they're saying, if that doesn't also interfere with speaking to people who do want to hear. And it can treat commercial and political speech differently.

Spammers know they're breaking the law by harassing random people with random commercial messages they don't want to get.

The fact that it's hard to silence them is not proof they have a right to do what they're doing. It's only proof that the machinery is inadequately designed to apply the law to them consistently. They should be applying the law to themselves, but they don't, because they're criminals. And they like it that way.

Re:I'm shocked (1)

commodore64_love (1445365) | more than 3 years ago | (#34843946)

Email hardly qualifies as harassment, especially since it is so easily ignored (don't click on it) (and/or filter it to a spam folder).

Re:I'm shocked (2)

DamonHD (794830) | more than 3 years ago | (#34846228)

That's simply nonsense.

I get tens of thousands of SPAMs each day (last time I counted) which take significant system resources to deal with the initial filtering of and quite considerable extra time on my part to deal with what is left. Time that I might like to spend, say, with my children, or working on business projects. Real opportunity costs as well as resource costs. And repeated unwanted approaches from people I've asked to leave me alone sure feels like harassment (including big legit companies that should know better).

And I also do lose 'ham' messages as collateral damage with some unpleasant consequences for my business; I am smarting from a case just this last week or so.

So, just because it seems not to be a problem for *you* doesn't mean it isn't a real measurable problem generally.

Rgds

Damon

Re:I'm shocked (2)

nigelo (30096) | more than 3 years ago | (#34842460)

...if I don't want to hear a politician speaking, I just walk away until his voice can't be heard).

Now if only that worked with certain /. users, or am I overlooking the tool that allows that sort of filtering?

Re:I'm shocked (1)

John Hasler (414242) | more than 3 years ago | (#34842712)

> ...am I overlooking the tool that allows that sort of filtering?

Good question. My newsreader has a killfile. Would be nice to have one here.

Re:I'm shocked (1)

Zak3056 (69287) | more than 3 years ago | (#34847026)

Good question. My newsreader has a killfile. Would be nice to have one here.

Add the user to your foes list, and set your modifier for foes to -6, and your threshold to some value greater than or equal to 0?

Re:I'm shocked (1)

nigelo (30096) | more than 3 years ago | (#34865406)

Yep. Got it.
Thanks.

Note: Thresholds are adjusted by clicking on the score shown next to the Subject of a comment, and *not* by visiting your preferences, where there is no option to adjust thresholds.

Re:I'm shocked (2)

melikamp (631205) | more than 3 years ago | (#34843556)

I agree. Spam is forever and fighting it by shutting down spammers will accomplish nothing, even on the medium run. The amount of spam is rigidly capped from below by the presence of netizens who will follow ANY instructions on the belief that they are ordering a cheap aphrodisiac. The only way to get rid of spam is to get rid of stupid people, but that won't do, since they are also the foundation of the modern democracy. I kid, I kid :) Seriously though, we will always have our stupid people, and therefore we are stuck with spam. Have individuals filter if they choose to, case closed.

Re:I'm shocked (1)

Neil Boekend (1854906) | more than 3 years ago | (#34846384)

What? Are you comparing ripping people off with fake viagra to free speech?
if (yes) {you=moron};
else {Please elaborate};

Re:I'm shocked (0)

Anonymous Coward | more than 3 years ago | (#34848248)

You forgot:

you.newsletter.subscribers.add(this);

What a redundant summary (5, Interesting)

noidentity (188756) | more than 3 years ago | (#34841884)

The headline and summary repeat the point way too many times:

1. Spam Volume Spikes After Holiday Respite

2. The amount of spam hitting users' inboxes fell off a cliff in late December, with many security experts attributing the decline to the sudden disappearance of the Rustock botnet and other networks from the spam business. But the level of spam has begun to gain back some of the ground it lost today as other spammers have taken up the slack.

3. Researchers say that after the sudden drop-off in spam volumes, things stayed fairly quiet for a time, but now it seems that other spammers have picked up where Rustock and the other spamming operations left off.

4. The volume of spam took a big jump upward in the last 24 hours, according to researchers at Websense. The volume of spam hasn't made it all the way back to the levels of the last few months of 2010, but it seems to be on the way.

Re:What a redundant summary (1)

Anonymous Coward | more than 3 years ago | (#34842316)

The headline and summary repeat the point way too many times:

1. Spam Volume Spikes After Holiday Respite

2. The amount of spam hitting users' inboxes fell off a cliff in late December, with many security experts attributing the decline to the sudden disappearance of the Rustock botnet and other networks from the spam business. But the level of spam has begun to gain back some of the ground it lost today as other spammers have taken up the slack.

3. Researchers say that after the sudden drop-off in spam volumes, things stayed fairly quiet for a time, but now it seems that other spammers have picked up where Rustock and the other spamming operations left off.

4. The volume of spam took a big jump upward in the last 24 hours, according to researchers at Websense. The volume of spam hasn't made it all the way back to the levels of the last few months of 2010, but it seems to be on the way.

Not only is it redundant, but it's wrong... "But the level of spam has begun to gain back some of the ground it lost today as other spammers have taken up the slack." When the spam volume dropped, very specific spams stopped. Those spam messages are showing up again, and the volume reflects the overall change in spam traffic.

Unknown sender and no subject (5, Interesting)

sirdude (578412) | more than 3 years ago | (#34841976)

Every now and then, I trawl through my gmail spam folder looking for false positives. These sojourns also serve to give me an idea of the amount of spam and type of spam that's floating around. When a botnet goes down, my spam levels go down to around 2000 and odd. When the botnets are supposedly back, they tend to return to the 5000 level. What I've noticed in the last few months however, is the significant number of invalid spam e-mails - those with no subject and no sender name or sender e-mail address. These are by far the most common type of message in my spam folder at the moment and I was wondering wtf was going on. I know spammers suck. But do they now also suck at spam?

Re:Unknown sender and no subject (5, Interesting)

SomeJoel (1061138) | more than 3 years ago | (#34842042)

I can think of 3 possible answers, in decreasing likelihood:
1) They didn't type in the right parameters into the script they're running.

2) They are not wasting cycles populating the messages until they verify that the messages will actually be delivered.

3) The empty messages are used by the botnet controllers to show potential customers how effective their botnets are, similar to "Your ad here!" billboards.

Re:Unknown sender and no subject (2)

Em Adespoton (792954) | more than 3 years ago | (#34842330)

4) The empty messages are used to mess with anti-spam solutions.

However, I think most of the time it's a combination of 1 and 2.

Re:Unknown sender and no subject (-1)

Anonymous Coward | more than 3 years ago | (#34846534)

thanks for info i want to thought about it http://www.39articles.net/

Some charts supporting this (4, Informative)

Khopesh (112447) | more than 3 years ago | (#34842012)

(alphabetically)

SANS Internet Storm Center [sans.edu] (I can't get the graph working, ymmv)
SenderBase [senderbase.org]
SpamCop [spamcop.net] (a feed to SenderBase)
Symantec [symantec.com]
ThreatPost (TFA) [threatpost.com]
Websense Monthly reports [websense.com] (December not yet available, Websense is TFA's source)

An observation: spammers celebrate holidays too; it's hard to recover from a series of shutdowns while dealing with family affairs. I hope their holidays were joyful and full of lasting distractions...

Espanol (1)

blair1q (305137) | more than 3 years ago | (#34842022)

Getting about half as much as ever since mid last-year. And I don't know why, but 9/10ths of the spam I get now is in Spanish, much of it from South America.

slashdot is broken (0)

Anonymous Coward | more than 3 years ago | (#34842044)

Anon posts won't show in slashdot - might want to fix that.

BTW : Slashdot sucks.

Re:slashdot is broken (0)

Anonymous Coward | more than 3 years ago | (#34842138)

But I see your post.

Re:slashdot is broken (1)

iammani (1392285) | more than 3 years ago | (#34842534)

Why would you reply anonymously to a person who cannot see Anonymous posts?

Re:slashdot is broken (0)

Anonymous Coward | more than 3 years ago | (#34843096)

Two reasons:

1. To make him look foolish to everyone else.
2. To reinforce his feeling of loneliness.

My 2010 spam graph, ~15k users, ~1k domains (2)

millisa (151093) | more than 3 years ago | (#34842258)

I hadn't looked at one of the bigger mail setups I manage and was surprised to see it wasn't all fluff.

Spam levels are about 1/6th of this time last year [arcadium.org]
(The 'rejected' are mostly sqlgrey bounces which kills most the spam. The extra grey on the tips is the spam getting through to the actual scanners which looks about the same).

Re:My 2010 spam graph, ~15k users, ~1k domains (1)

freedumb2000 (966222) | more than 3 years ago | (#34842724)

Between greylisting, filtering out dynamic ips and some sanity checks with postfix there isn't really much spam getting through. So little in fact that I have stopped scanning email content which means absolutely no false positives.

Russian Orthodox Xmas (2)

SpamIsLame (1021333) | more than 3 years ago | (#34842624)

I made a bet (which I have now lost) that spam volumes would rise to their pre-xmas levels by Jan. 13th. This was in response to the numerous news items that popped up in newspapers such as the Guardian and New York Times back on Jan. 5th or so.

The reason I felt confident in that wager is because in Russia, Orthodox Christmas takes place on January 7th [source [russian-crafts.com] ].

Looks like our Russian friends just got back a little earlier than expected. This happens every January. You can practically set your watch by it (if you wear a watch.)

Sheesh, can't a guy take a vacation? (1)

WillAffleckUW (858324) | more than 3 years ago | (#34842734)

Work work work.

Sometimes you just need a break, you know?

It's all about timing.... (1)

Lord_of_the_nerf (895604) | more than 3 years ago | (#34843154)

After Christmas is usually when I find I need to 'satisfy my woman'.

It also helps if I can afford next Christmas, so I also need to 'recover millions of dollars from the Nigerian government'.

Re:It's all about timing.... (0)

gmhowell (26755) | more than 3 years ago | (#34845178)

After Christmas is usually when I find I need to 'satisfy my woman'.

Sorry dude. After hitting it the other 364 days of the year, I thought I should be nice and let you get in on her once.

There Is No Reason To Be Surprised... (2)

damn_registrars (1103043) | more than 3 years ago | (#34843388)

Anyone who actually expected the volume to stay down either doesn't know whats going on here, or was deliberately trying to fool themselves. Sure every once in a while something will happen that will cause a downward tick in the spam delivery rates. But in the end the rate always comes back up.

We need to ask ourselves why this is - and the answer is fairly simple.

It's the economy, stupid. People aren't sending out spam to piss you off (as much as you might like to think so). They are sending out spam to make money. And as long as there is money to be made by sending out spam, there will continue to be spam. We all know how obscenely little money it costs to send out email - hence the profit margins can be huge even when the payment is rather small.

Hence the only way to stop spam is to go after the motivation - the money. If you can distance the spammers from their money, they will lose the incentive to send spam. As long as that incentive remains, so does the spam. We can dismantle botnets, make more filters, or even dismember spammers themselves. None of that is worth a damn as long as there is money to be made. Even when spammers have been murdered it didn't matter because there is always someone else who wants a cut of the action and is willing to pick up where the last guy left off.

Re:There Is No Reason To Be Surprised... (0)

Anonymous Coward | more than 3 years ago | (#34845146)

And as long as there is money to be made by sending out spam, there will continue to be spam.

But that's the thing- what money? Is there actually anyone who buys stuff from spam? I don't know anyone. Everyone I know hates spam. So, who's buying?

Re:There Is No Reason To Be Surprised... (1)

plover (150551) | more than 3 years ago | (#34848374)

So, who's buying?

Obviously there are a lot more stupid, gullible, flaccid, short-penised, small-breasted, painkiller-addicted, bankrupt, acne-scarred, illegal immigrants than you realize.

Longer term stats (2)

RedToad (972413) | more than 3 years ago | (#34843394)

Yes, there was a holiday period dip, as usual. What is different is the longer term (12 month) view
http://www.senderbase.org/home/detail_spam_volume?displayed=last18months&action=&screen=&order= [senderbase.org]

June 2010 . . . . . 339 Billion/day average
December 2010 . . 92 Billion/day average
December 2009 . .205 Billion/day average
So comparing December with the 2010 peak, or comparing December year to year, there is a huge decrease in the last quarter on 2010.

The steady decline from September to December is most likely attributable to the exposure of Igor Gusev in the Russian media, Russian police action in seizing his computers, and the immediate shut-down of his GlavMed affiliate program that was funding the spammers and providing the pharmacy fraud and fake watch scams.

NOT from .cn / .kr (2)

jackdub (1938908) | more than 3 years ago | (#34843616)

My organization expects NO legitimate mail from characters in these locations.

Therefore we use the following : http://www.okean.com/thegoods.html [okean.com]

in addition to other spam-filtering practices.

Props to the guy for maintaining this.

Re:NOT from .cn / .kr (1)

tlhIngan (30335) | more than 3 years ago | (#34849038)

I'm trying to find a way to devise a high-bit recipe for my procmail rules. I get a lot of spam in foreign languages, so a first-cut pass by eliminating emails outside of the ASCII character set (0-127, remember) would cut down my spam volume by more than 70% or so.

Won't help those who use languages with no representation outside of ASCII, but since I don't read the other languages, it would be great for me. Especially since I'm somehow getting inundated with spam to russian sounding email addresses on my domain.

Re:NOT from .cn / .kr (1)

Karellen (104380) | more than 3 years ago | (#34850784)

It would also filter any legitimate email mentioning prices in £, € or ¥ (do friends ever email you telling you how cheap/expensive things were on holiday?), or containing smart quotes like “ and ” (do friends have email clients which insert these?) or the occasional useful mathematical symbol like ±, ×, ÷ (do you know maths geeks?), or if they make fun of Overly® Protected Products© (do you know anyone prone to humorous hyperbole?), or talking about Mëtäl Bänds (do you know anyone who likes metal?), or .... need I go on?

a change did take effect (1)

ralphdaugherty (225648) | more than 3 years ago | (#34844702)

The level of spam did fall off a cliff, but what replaced it is the most aggressive posting spam efforts I've seen. And no, this has little to do with American household PC's. It is a very widespread Ukranian controlled botnet based on the range of IP addresses coming from Ukraine.

Of course most everywhere else in the world as well, but from US IP addresses they are mostly server range addresses. (in other words, very little consumer broadband addresses involved and instead proxy addresses, server host companies, etc.)

This is a focused effort, almost all the spam are links to allegedly buy deals too good to be true, etc. I assume the sites download malware and also try to get credit card info to make a purchase.

There are some amazing locations on earth these latest attempts are coming from to get around blocks, even saw a Cuban IP address, Macedonia, and some other locations I haven't got hit with spam registrations from before. This is a very widespread botnet.

  rd
 

Re:a change did take effect (1)

Doctor_Wibble (605056) | more than 3 years ago | (#34846290)

This more or less reflects what I have been seeing (on a low volume private mail server) but the dropoff for me started around late October with connections staying at relatively normal levels but the amount of spam coming in falling to almost zero.

Curiosity (i.e. tcpdump) turned up the reason - what looked like a spammer 'template typo' that was causing emails to fail relatively silently with a protocol error, so they never got far enough to be counted as anything. It looks like they have fixed it now and are trying to make up for lost time.

I don't know which botnet was responsible so I couldn't say how widespread this was but I don't think it's entirely coincidental.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?