Security vendor IronPort Systems has issued its 2007 Internet Security Trends Report (available in PDF format with registration) which finds that overall spam volumes in 2006 dwarfed figured from 2005—and that spam surges in November 2006 were higher still as the end-of-year holiday season began to ramp up.
In October 2005, IronPort recorded an average of about 31 million spam messages a day; in October 2006, that level jumped to an average of 63 million a day, an increase of over 100 percent. But during November, two surges from November 13 to 22 and November 26 to 28 saw averages ov 85 billion spam messages a day. “The October-to-November increase is higher than any other month we’ve measured,” said David Mayer, a product manager at IronPort Systems.
IronPort reports that spam is using increasingly sophisticated techniques to get around antispam technologies and message filters, including “image spam” which embeds the entire spam message in an obfuscated graphic to bypass keyword analysis, as well as a sharp increase in the number of domains registered by spammers so URLs in their messages don’t appear on blacklists.
Spammers are also adopting techniques used by malware developers, such as trying out new spamming techniques in limited quantities to see how well they bypass filters. Once they’ve found a technique which seems to bypass filters, spammers launch a massive campaign and try to get as much spam delivered as possible before filters update to reject the messages—one such campaign dropped the overall effectiveness of IronPort’s filters by more than 10 percentage points for a short time. Spammers rely on the amount of time it takes antispam vendors, registrars, and hosting providers to identify new forms spam and spammer-maintained domains, then move on to new hosts and bot-net controlled PCs once filters, authorities, blacklists, and registrars catch up.
