Spam rate increase is seen

Published: 2009-10-07
Last Updated: 2009-10-07 19:44:09 UTC
by Joel Esler (Version: 3)
13 comment(s)

Thanks to a reader (Thanks Bob), who wrote in this morning asking if we have seen an increase in spam lately, I can personally confirm that yes, I have seen more spam in my inbox lately.

Bob sent us a couple interesting graphics, the first being a graph of how much of a spam increase there has been recently:

Secondly another graph he sent in was an interesting correlation.  It was how many viruses have been blocked by ClamD.

 

As I said, I've noticed a big increase in spam lately in my own personal email as well.  

What about the rest of the readers?  Have you guys experienced similar?

UPDATE:  Several people have wrote in saying they have seen the same thing.  Thank you for writing in.

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler

Keywords: Spam
13 comment(s)

Comments

Spam has to be the greatest annoyance of the internet. It doesn't matter whether you use Linux or a Mac. It doesn't matter whether you run the best virus protection that there is. You still have spam to deal with in one way or another.

Filters work to a degree (I currently have 133K spam messages in my spam folder at work), but ultimately resources are wasted (server space, network bandwidth, etc). And I have had problems with false positives in the past leading to communication breakdowns.

There doesn't seem to be any sort of institutional top-down plan for putting an end to this once and for all (esp for virus-laden spam). All of the efforts seem to be focused on preventing individual machines from getting infected with viruses and educating users. And my feeling is that this is a lost cause - there are too many idiot users who will click on any old thing, and there are too many people who aren't computer literate who don't know what virus protection really is.

If I go away for vacation, when I come back I see page after page of spam. There are times that I am simply tempted to shut down my personal email and wash my hands of the whole mess..

"There doesn't seem to be any sort of institutional top-down plan for putting an end to this once and for all (esp for virus-laden spam)."

we need one of those team-america-world-police squads hunting down spammer sanctuaries like hosting providers and domain registrars. >:)
We have a Postfix/Spamassassin gateway in front of our Exchange server. Very little spam makes it to the end user, when more starts trickling through it's usually a sign I need to update spamassassins rules.<BR><BR>Anyway, I'm more wondering what people are using to create graphs of their spam detection rates?
I don't see such increase on our antispam gateways. It is still sky high but not higher than usual (since early september).
It isn't just hosting providers. Infected machines and botnets send out gobs and gobs of the spam email.

The SMTP protocol is another one of the old ones. In theory you can require authentication, but many don't.

And for that matter, at each hop a simple message is added with an IP address, but these can be forged. In theory one could fix things so that at each hop the server signs the message with a signing certificate. If enough sites did this, then it would be easier to track down where the things really originate.

Individual infected machines send out gobs of messages. Open relays aren't as common as they used to be, but an infected machine can still relay mail through the ISP's SMTP server. How do we stop this?

I know - some of these ideas are half-baked, but I am just frustrated, and the problem gets worse all the time. How long will it be before people will be forced to use web-based email clients and ISPs will no longer offer access to a SMTP server to non-business users.
We've remediated a few mass mailing worms in the last 24 hours and noticed a major uptick in Vundo/Virtumonde activity. Common indicators have been malicious files in user profile or system32 matching: java01.exe, document.htm/jpg/chm .exe (it's either htm, jpg or chm and yes a lot of spaces before the .exe extension), and file.exe.
I had not noticed it because we get so much of it. But, looking at the comparison of the past Sunday to the previous, there was over an 18 percent increase in messages we filtered [4.67 Mil to 3.84 Mil the prior].

Increase in Filtered Messages
From Prior Weekday [TOTAL Spam for Day]
-----------------
9/29 Tues (-3.5%) [4.28 Mil]
9/30 Wed 1.4% [4.61 Mil]
10/1 Thu (-0.2%) [4.41 Mil]
10/2 Fri 7.7% [4.65 Mil]
10/3 Sat 10.0% [4.77 Mil]
10/4 Sun 18.3% [4.67 Mil]
10/5 Mon 12.9% [4.79 Mil]
10/6 Tues 5.4% [4.54 Mil]

I had not noticed it because we get so much of it. But, looking at the comparison of the past Sunday to the previous, there was over an 18 percent increase in messages we filtered [4.67 Mil to 3.84 Mil the prior].

Increase in Filtered Messages
From Prior Weekday [TOTAL Spam for Day]
-----------------
9/29 Tues (-3.5%) [4.28 Mil]
9/30 Wed 1.4% [4.61 Mil]
10/1 Thu (-0.2%) [4.41 Mil]
10/2 Fri 7.7% [4.65 Mil]
10/3 Sat 10.0% [4.77 Mil]
10/4 Sun 18.3% [4.67 Mil]
10/5 Mon 12.9% [4.79 Mil]
10/6 Tues 5.4% [4.54 Mil]

Our spam gateway is reporting an increase (~10%average daily) in blocked spam as well going back to 9/21-ish.

Aside from the reported increase in certain virus distributions we've seen lately, this could also be the "usual" early onset of "Holiday Spam". I havne't specifically looked in my quarantine yet, mostly because I really hate looking in there (ok... I hate our "spam FW", but it's what I'm stuck with here at work.
We have seen the same increase.

I noted the comment about tracing the bad guys via IP addresses and other IT means. The bad guys are working for cold hard cash. Cash they get from others via credit cards, wire transfers and other means. Transfers that are easily traceable by any competent AND interested government.

I have been wondering for several years why governments have not gone after them.

Diary Archives