Posted on behalf of Mat Nisbet, Malware Analyst, Symantec.cloud
On the 16th of March Rustock, the largest of the spamming botnets, was taken down. As you would expect, global spam levels started to drop, as can be seen when you look at the number of mails being delivered to one of our spamtraps.
However, on the 26th March we saw a large increase in the amount of data traffic hitting our spamtraps, despite the number of actual emails continuing to decline.
Investigation revealed that the reason for this was that the Cutwail botnet had started sending much more emails with zip file attachments than normal, meaning the average size of each mail was much higher than normal. The chart below shows that there have been a couple of spikes in early March, which may have...