Are we winning the war on spam?

Commstock says yes, but the battleground will surely shift from email to social networks' walled gardens

Global spam numbers in the first quarter of 2012 were down 40 per cent compared with a year ago, according to security firm Commstock's latest quarterly Internet Threats Trend Report released today.

Indeed, spam is now running at under two-thirds of the levels seen immediately before the takedown of the Rustock botnet in March 2011. Then the average was more than 150 billion messages per day. Today, a mere 94 billion.

These figures are bound to be confirmed by the rest of the vendors as they spam journalists' inboxes with their own quarterly portfolios of factoids.

Factoids like the promotion of fake pharmaceuticals continuing to be the most common type of spam, up eight percentage points to 38.5 per cent of the total.

Commstock said the US tax season provided an opportunity for spammers to target both consumers and accountants with blended attacks — email linking to a website that attempts to install malware.

"The scale of a February attack was so large that it certainly must have reached many CPAs — but also many other individuals. Many of the recipients (accountant or not) may have clicked on the links out of sheer curiosity," Commstock said.

Spam still constitutes 75 per cent of all email sent, but Commstock is upbeat.

"There is no sign of a return to pre-Rustock spam levels," the report said. "At this point it is tempting to conclude that the decade-long growth of spam has been permanently reversed. Time will tell."

Commstock attributes the continuing reduction of spam to the post-Rustock takedowns of further botnets, increased law enforcement activities against the spammers and the industries they support such as fake pharmaceuticals, and criminals moving into more lucrative activities such as banking fraud.

But the latter provides a clue to spam's future.

Criminals moving into more lucrative activities.

Commstock's own report describes how GlavTorg, a spam affiliate program specialising in replica handbags and clothing, closed at the end of January.

"The spam-subject cloud for the end of January shows no evidence of GlavTorg related products. In addition the spam levels for the period show no obvious influence (increase or decrease) around the dates of the announcement or the date when payments were stopped. Spammers have apparently easily realigned their activities."

Indeed, spam for counterfeit goods actually increased 5 percentage points this quarter to 19.8 per cent. Replica spam remains the second most common variety.

As the botnet takedowns become more successful, surely spammers will simply move to the popular social networks, Facebook and Twitter.

Twitter already sees significant spam levels. Spam tweets seem almost trivial to spot. Yet there's little incentive for Twitter to make a real effort to stop them. Not when the company still needs to justify its $8.4 billion valuation on annual revenues still down around $100 million.

It's nearly two years since Twitter claimed they'd reduced spam to under 1 per cent of tweets. My prediction? Expect this to increase substantially, and soon.

As for Facebook, well, that's a bounteously rich ecosystem for spammers to exploit. My prediction? Well-organised spam apps, followed by a market for Facebook anti-spam.

Contact Stilgherrian at or follow him on Twitter at @stilgherrian

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.

More about Facebook

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stilgherrian

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place