IT and Cyber Security: Spam Flow in the First Quarter of 2011

Kaspersky Lab has released its spam report in the first quarter of 2011. Experts conclude that malefactors are rapidly restoring their positions, lost after closure of a number of major botnets in late 2010.

Within first three months of 2011 the share of mail spam was increasing steadily. As a result, the amount of spam detected in mail traffic in the first quarter of 2011 averaged 78.6%, an increase of 1.4 percentage points compared with the previous quarter, though still 6.5 percentage points lower than last year’s figure. The average share of unsolicited messages in mail traffic is almost certain to exceed 80% in the next quarter.

Among the most important events of Q1 2011 was the closure of the Rustock botnet command centers on 16 March. Rustock, one of the leaders in spam distribution, is an old botnet of a very complex design. However, shutting down Rustock did not impact spam traffic as dramatically as last year’s Pushdo/Cutwail and Bredolab botnet closures: the quantity of spam reduced by 2-3 percentage points for a day or two before bouncing back again. It seems the cybercriminals had either prepared for such an event in advance or were very quick to respond to the situation – thus the closure of the command centers did not seriously affect the total volume of spam.

In Q1 2011 the amount of spam originating from eastern and western Europe fell by 5.64 and 2.36 percentage points respectively. Africa joined the list of the most active spam senders: the volume of unsolicited messages coming from African countries accounted for 3.66% of the worldwide spam total, exceeding that of the USA and Canada. The amount of spam distributed from this region previously did not exceed 1% of the total volume. These figures are in line with Kaspersky Lab’s forecasts that botnets would start shifting to regions with less effective or non-existent anti-spam legislation.

The volume of malicious attachments in mail traffic continues to remain as high as it was last year averaging 3.5%. In the first quarter of 2011, spammers preferred to revert to tried and trusted techniques. They tried to imitate users’ emails. Fake user messages and personal correspondence remain popular with the spammers. Kaspersky Lab advises all users to keep their eyes open and to check the authenticity of emails before opening any attachments or clicking on any links.