The Spam Resurgence

20 November 2013

After years of decline and relatively stagnant growth, spam threats were being eclipsed by other types of malware. However, the third quarter of 2013 witnessed a drastic global spike in spam volume for the first time in nearly three years, and increased by 125% since last quarter. Most of the spike occurred in the last four weeks of the quarter, and August 2010 was the last time that spam volume was so high.

Snowshoe Spammers Proliferate
While there are various contributions to the volume of spam, McAfee Labs researchers discovered that the majority of it has come from “snowshoe spammers.” The term was coined because this spam spans many IP addresses to avoid rapid ISP eviction. Snowshoe spam typically involves rented servers within hosting facilities that will send spam until it is noticed. This type of spam reigned this quarter, representing 85% to 95% of high-volume spam subjects.

McAfee Labs researchers speculate that the majority of snowshoe spam is being unintentionally driven by legitimate marketing firms that are purchasing and using mailing lists from illegitimate sources. The “snowshoe spammers” or marketing firm affiliates will sell their mailing lists or services to legitimate firms, but will then use any technique at hand to increase their distribution and response rates. While these types of snowshoe spam messages don’t necessarily carry malware, users may have trouble discerning the difference.

Regional Breakdown
Snowshoe spam wasn’t the only type to leave its tracks across the world this quarter. Below are some popular spam campaigns throughout the world:

  • Australia and the United States suffered a large amount of delivery service notifications.
  • Belarus spammers favored “419” scams, which plead with users to send money to some person in need who promises to reward the user for their efforts.
  • Russia spam often uses drug and online bride offers to lure users into a trap.