Official Google Cloud Blog: Q2 2009 Spam Trends

Official Blog

Built in the cloud. Engineered for your enterprise.

Editor's Note: The spam data cited in this post is drawn from the network of Google email security and archiving services, powered by Postini, which provide email security to more than 50,000 organizations, including businesses of all sizes, government agencies, and educational institutions. To learn more about what the Gmail team is doing to keep spam out of your inboxes, check out this post.
Our "Spam Trend" update last quarter summarized the rise in both levels and types of spam, with new players and techniques entering the market. This quarter, proliferation continues, with an unpredictable pattern of drops and spikes as 2009 moves along. Overall, spam is measurably up: Q2'09 average spam levels are 53% higher than in Q1'09 and 6% higher than in Q2'08.

After last November's McColo ISP takedown, when spam volumes dropped by 70%, spammers worked overtime to fill the void. They succeeded: Within four months, spam levels rose back to pre-McColo levels. This upward trend continued through June 4, when another large ISP spam source, 3FN, was reported to have been dismantled. Spam volume immediately dropped 30% – not as extreme as McColo, but still significant. Although this created a sudden dip in spam levels, it also created an open invitation for opportunistic spammers to once again seize a market opportunity.

Over the coming months, we anticipate watching new players once again drive spam levels back up. Since June 4, spammers have already made up a significant amount of ground, climbing 14% from the initial drop.

Here's what the trend looked like, as tracked through Postini filters, over the past six months:

"Unpredictability" summarizes the overall trend as Q2'09 winds down and spammers test both new and "retro" techniques. For example, on June 18 we tracked a new attack that unleashed 50% of a typical day's spam volume in just two hours' time. This attack used a simple "newsletter" template – somewhat "old school" by today's spam standard – with malevolent links and images inserted into the content. Google's Postini filters detected more than 11,000 variants of this spam during those two hours. Because this spam enabled spoofing of the recipient domain (meaning the "from" field was falsified), distribution lists were especially hard-hit by this attack.

Resurgence of image spam

One of the other trends we're watching closely is the sudden popularity of "image spam" – a form of spam that rose to prominence in 2007, before most anti-spam filters learned how to block it. It's simple stuff: basic email with advertising content, usually containing a related image. They can also include malicious links or content – and either way, the large file size of an image spam can place a heavy load on an email network.

An image spam email might look something like this:

Evidence of the resurgence in image spam can be seen in the graph below, which shows that the actual size of spam messages, measured in bytes, is back on the rise:

There are a couple of possible explanations for the resurgence in image spam, despite the fact that most spam filters out there have adapted to the technique. One theory is that this wave is designed to test the defenses of the different spam filters out there, so that spammers can do statistical analysis on what subject lines and content have the highest probability of success.

Another is that there may be some new players entering the spam game, following the McColo and 3FN takedowns, and these new players are opening with some well-tested techniques. Either way, we're watching this trend and will share insights as we gain them in the weeks and months ahead.

Spike in payload viruses

June was also an active month for viruses sent as email attachments, otherwise known as "payload viruses." Volumes rose to their highest level in almost two years as spammers returned to yet another tried-and-true technique to expand their botnets.

As you can see in the chart below, June's activity is almost as high as the two-month payload virus surge seen in Q3'07. Fortunately, Google's Postini zero-hour heuristics detected this uprise early and kept payload attacks in the cloud and away from users' email networks.

Everything old might be new again

In summary, Q2'09 saw continued unpredictability and the resurgence of old-style spam attacks. Are spammers finally running out of original ideas? And if so, like Hollywood, are we now starting to see spam "remakes," based on originals of a few years ago? And what are spammers looking to accomplish as they unleash these remakes? Only time will tell.

For more information on how Google email security services, powered by Postini, can help your organization provide better spam protection and take a load off your network by halting spam in the cloud, visit www.google.com/postini.

Posted by Amanda Kleha, Google message security and archiving team

Google

Labels: admin , enterprise , Google Apps , Google Email Security and Archiving , hints and tips , Postini , spam and security trends

Labels

#innovationupgrade
#InspireGirls
#moregoogleapps
#SysAdminDay
#tbt
#throwbackthursday
#top10trust
100% web
50states
ad contest
add-ons
admin
Admin console
admin sdk
AirPlay
Android
Android for Work
Android for Work Live
Android Marshmellow
Android Nougat
Android security
Android security tips
Apps Adventures
apps script
apptuesday
Armed Forces Day
Asia Pacific
Atmosphere Live
Audi
Audi Connect
audit
Australia
big data
Big Query
bigquery
Boston
browser
Chomebox for Meetings
Chrome
Chrome Device Management
Chrome digital signage
Chrome for Business
Chrome for Work
Chrome Frame
Chrome OS
Chromebit
Chromebooks
Chromebooks for Business
Chromebooks for Education
Chromebooks for Work
Chromebox for digital signage
Chromebox for meetings
Chromebox for signage
Chromeboxes
Chromecast
City 24/7
Classroom
Clearing Kosovo
Cloud
cloud computing
cloud computing gonegoogle
cloud computing gonegoogle Google Apps
cloud computing gonegoogle Google Apps google docs small business success story
cloud computing gonegoogle Google Apps google docs small business success story switch
cloud datastore
cloud platform
Cloud Platform Live
cloud print
cloud series
cloud services
cloud sql
collaboration
Colorado
Connectors
contacts
Control Panel
customer
customer love
Customer story
Customer support
Customer testimonial
data centers
data processing amendment
data protection
Developer
developers
Digital Learning Day
Docs
documents
DPA
Drawings
Drive for Education
drive sharing
Earth
earth and maps
EC
education
Education on Air
EMC
EMM
Energy
enterprise
EU
events
FedEx
Fedex.com
Finance
Firebase
Forms
franchises
GAFE
Gartner
GE
geo
Global Partner Summit
gmail
Gone Google
gonegoogle
Google AdWords
Google App Engine
Google Apps
Google Apps Blog
Google Apps for Business
Google Apps for Education
Google Apps for Government
Google Apps for Work
Google Apps Marketplace
Google Apps Reseller
Google Apps Script
Google Apps Vault
Google BigQuery
Google Calendar
Google Calendar app
Google Certified Teachers
Google Chrome
Google Chromebases
Google Classroom
Google Cloud Datastore
Google Cloud DNS
Google Cloud Platform
google cloud storage
Google Cloud Vision API
google commerce search
Google Compute Engine
Google Doc
Google Docs
Google Domains
Google Draw
Google Drive
Google Drive for Work
Google Earth
Google Earth Engine
Google Earth Enterprise
Google Earth Images
Google Earth Pro
Google Email Security and Archiving
Google Enterprise
Google Enterprise Search
Google Expeditions
Google for Education
Google for Education Partner Program
Google for Education Training Center
Google for Entrepreneurs
Google for Work
Google for Work and Google for Education Partner Program
Google for Work partner program
Google Forms
Google Green
google groups
Google Hangout
Google Hangouts
Google I/O
Google Keep
Google Maps
Google Maps API
Google Maps APIs
Google Maps Coordinate
Google Maps Engine
Google Maps Engine Pro
Google Maps Engine public data program
Google Maps for Business
Google Maps for Work
Google Maps Gallery
Google Maps Tracks API
Google Message Continuity
google message security
Google Mobile Device Management
Google My Maps
Google My Maps Pro
Google Places API
Google Play
google play for education
Google Prediction API
Google Research tool
Google Science Fair
Google Search Appliance
Google Security Key
Google Sheets
Google Site Search
google sites
Google Slides API
Google Smart Lock
Google spreadsheets
Google Springboard
google storage
Google Storage for Developers
Google Translate
Google Vault
Google Video
Google Wave
google+
Google+ api
Google+ Communities
googlenew
government
GSA
GSA 7.0
GSA for Commerce
guest post
HALO Trust
Hangout on Air
Hangouts on Air
HEAT
hints and tips
HIPAA
Inbox
Inbox by Gmail
innovation
international trade
Internet Explorer
intranet
io2011
iOS
iPad
IT
K-12
Kubernetes
large business
MAM
manufacturing
Mapping a better world
marketplace
marketplace highlights
mashups
MCCs
MDM
medium business
migration
mobile
mobile management
model contract clauses
moms
Mother's Day
mpstaffpick
MyHEAT
NAVMAN
new features
news
Niagara International Transportation Technology Coalition
non-profit
noteworthy
offline
OpenID Connect
Parters
partner
Partner Showcase
partners
Place Summaries
Postini
privacy
product ideas
productivity
Quickoffice
Receptionist's Day
reports
Reseller
retail
RSA
Safer Internet Day
SBW2013
SBW2014
sbweek
SCCs
Search
Security
Security Key
small business
Small Business Week
Small businesses
SMB
spam and security trends
Startups
success story
support
switch
System Admin
T Dispatch
Teamwork 2015
Thanksgiving
Transport and Logistics
Trust
UK
university
University of Calgary
Updates
utilities
Veteran Owned Businesses
Veterans Day
Veterans Day 2013
Veterans Day 2014
viewpoint
VNX
wallet
webinar
webmaster
Winter
women in tech
Women's History Month
Work Resolutions
World Bank

Feed

Googleon

Company-wide

Official Google Blog
Public Policy Blog
Student Blog

Products

Android Blog
Chrome Blog
Lat Long Blog

Developers

Developers Blog
Ads Developer Blog
Android Developers Blog

Google
Privacy
Terms

Official Blog

Q2 2009 Spam Trends

Labels

Archive

Feed

Useful Links

Company-wide

Products

Developers