After the shutdown of McColo, which was aiding the distribution of about half of all spam on the internet globally, spam volumes dropped. However, since mid-November, spam volumes have been slowly inching their way back up as old botnets are being brought back online and potential new botnets are being created.
At this point, spam volumes have slowly crept back up to 80 percent of their pre-McColo shutdown levels (when reviewing daily averages):
The types of spam being seen in new attacks are similar to what was being sent around the Internet prior to the shutdown. The spam messages can be categorized into the following groups:
- Replica watches
- Generic pharmacy
- Erectile dysfunction drugs
- Weight loss
The spam is being sent from various countries around the world and is associated with botnets. The top three senders of spam reviewed for this post were Brazil, the United States, and Russia.
Geographic origins of this spam:
The makeup of the spam is varied. Some of the messages are very short, containing only a single URL, while others are slightly longer with some basic HTML that links to images. The longer spam messages contain both text and HTML parts. When looking at the URLs contained in spam, URLs containing the .cn top level domain (TLD) make up almost 10% of the URLs in spam, holding the second spot in the top eight TLDs appearing in spam, behind the .com TLD only.
TLD breakdown for URLs appearing in spam:
Some sample spam messages: