Official Google Cloud Blog: Q1'10 spam & virus trends from Postini

Official Blog

Built in the cloud. Engineered for your enterprise.

Q1'10 spam & virus trends from Postini

Wednesday, April 14, 2010

Editor's note: The spam data cited in this post is drawn from the network of Google email security and archiving services, powered by Postini, which processes more than 3 billion email connections per day in the course of providing email security to more than 50,000 businesses and 18 million business users.
In 2009, the security community started seeing diminishing returns from the takedown of malicious ISPs. After the ISP 3FN was taken down, spam levels rebounded in less than a month, and after Real Host went down, spam volumes recovered after only two days. In response, the anti-spam community turned its attention toward taking botnets offline instead.
Toward the end of 2009, Mega-D, a top-10 botnet – responsible for infecting more than 250,000 computers worldwide – was severely crippled through a carefully orchestrated campaign designed to isolate the command-and-control servers spammers were using to support the botnet. In early 2010, security professionals, along with government agencies, successfully mounted a campaign against several more targets: major botnets such as Waledac, Mariposa, and Zeus were either shut down or had their operations significantly curtailed.
However, this recent spate of botnet takedowns has not had a dramatic impact on spam levels. Although spam and virus levels did fall below Q4’09 highs, reports from Google’s global analytics show that spam levels held relatively steady over the course of Q1’10.
This suggests that there’s no shortage of botnets out there for spammers to use. If one botnet goes offline, spammers simply buy, rent, or deploy another, making it difficult for the anti-spam community to make significant inroads in the fight against spam with individual botnet takedowns.
Spam by the numbers
Overall, spam volume fell 12% from Q4’09 to Q1’10, which follows a trend of quarterly decreases in overall spam levels that started after the surge in Q2’09. This may be attributed to some of the recent takedowns, but spam volume was still 6% higher this quarter than it was during the same period in 2009, and spam volume as a percentage of total email messages is holding steady.

Recently, our data centers showed a 30% increase in the size of individual spam messages (measured in bytes) that occurred toward the end of March, as shown below.

This spike points to a resurgence of image spam, similar to what we reported in Q2’09. This is likely due to the fact that reusing image templates makes it easier and faster for spammers to start new campaigns.

As always, spammers tend to make use of predictable topics – cheap pharmaceuticals, celebrity gossip, breaking news – to encourage user clicks. In January, spammers hastened to exploit the Haiti earthquake crisis, sending pleas for donations that appeared to have been sent by reputable charitable organizations, politicians, and celebrities.

The frequency and variety of post-earthquake spam illustrates an unpleasant reality: spammers will exploit any means – even tragedies – to accomplish their objectives.

Virus levels fall after Q4’09 surge
During 2009, spam with attached viruses increased tenfold, with levels rising from 0.3% of total spam in the first half of the year to 3.7% in the second. Postini filters blocked more than 100 million virus-bearing messages per day during the worst of the attack.

Since then, spam with attached viruses leveled off to around 1.1% in Q1’10, and dropped as low as 0.7% in March. It’s good news that virus levels are currently trending down – but Q1’10 levels are still 12-fold higher than they were in Q1’09.

In fact, this virus surge may be part of the reason that there hasn’t been a significant impact on spam volume after the recent takedown of major botnets. With a host of new machines now infected and part of a botnet, it is unlikely that there would be a dip in spam proliferation.

Benefits of security in the cloud
Although the botnets that distribute spam are mindless drones, the spammers that take advantage of these botnets are a highly active and adaptable group. This is evidenced by the varied techniques and tactics that they employ in an ongoing effort to evade spam filters and deliver messages to their targets.

2010 is likely to see more botnets taken offline, but the question remains – will that have a long-term impact on spam volumes overall? So far in 2010, the effect has been limited, and the security community may begin to turn to other tactics that yield a more substantial impact on global spam volumes.

As long as the threat is there, however, Google is committed to using the power of the cloud to protect your enterprise from spam and viruses. Outsourcing message security to Google enables you to leverage our technical expertise and massive infrastructure to keep spammers from your inbox.

For more information on how Google’s security and archiving services can help your business stay safe and compliant, please visit www.google.com/postini.

Posted by Gopal Shah, Google Postini Services team

Google

Labels

#innovationupgrade
#InspireGirls
#moregoogleapps
#SysAdminDay
#tbt
#throwbackthursday
#top10trust
100% web
50states
ad contest
add-ons
admin
Admin console
admin sdk
AirPlay
Android
Android for Work
Android for Work Live
Android Marshmellow
Android Nougat
Android security
Android security tips
Apps Adventures
apps script
apptuesday
Armed Forces Day
Asia Pacific
Atmosphere Live
Audi
Audi Connect
audit
Australia
big data
Big Query
bigquery
Boston
browser
Chomebox for Meetings
Chrome
Chrome Device Management
Chrome digital signage
Chrome for Business
Chrome for Work
Chrome Frame
Chrome OS
Chromebit
Chromebooks
Chromebooks for Business
Chromebooks for Education
Chromebooks for Work
Chromebox for digital signage
Chromebox for meetings
Chromebox for signage
Chromeboxes
Chromecast
City 24/7
Classroom
Clearing Kosovo
Cloud
cloud computing
cloud computing gonegoogle
cloud computing gonegoogle Google Apps
cloud computing gonegoogle Google Apps google docs small business success story
cloud computing gonegoogle Google Apps google docs small business success story switch
cloud datastore
cloud platform
Cloud Platform Live
cloud print
cloud series
cloud services
cloud sql
collaboration
Colorado
Connectors
contacts
Control Panel
customer
customer love
Customer story
Customer support
Customer testimonial
data centers
data processing amendment
data protection
Developer
developers
Digital Learning Day
Docs
documents
DPA
Drawings
Drive for Education
drive sharing
Earth
earth and maps
EC
education
Education on Air
EMC
EMM
Energy
enterprise
EU
events
FedEx
Fedex.com
Finance
Firebase
Forms
franchises
GAFE
Gartner
GE
geo
Global Partner Summit
gmail
Gone Google
gonegoogle
Google AdWords
Google App Engine
Google Apps
Google Apps Blog
Google Apps for Business
Google Apps for Education
Google Apps for Government
Google Apps for Work
Google Apps Marketplace
Google Apps Reseller
Google Apps Script
Google Apps Vault
Google BigQuery
Google Calendar
Google Calendar app
Google Certified Teachers
Google Chrome
Google Chromebases
Google Classroom
Google Cloud Datastore
Google Cloud DNS
Google Cloud Platform
google cloud storage
Google Cloud Vision API
google commerce search
Google Compute Engine
Google Doc
Google Docs
Google Domains
Google Draw
Google Drive
Google Drive for Work
Google Earth
Google Earth Engine
Google Earth Enterprise
Google Earth Images
Google Earth Pro
Google Email Security and Archiving
Google Enterprise
Google Enterprise Search
Google Expeditions
Google for Education
Google for Education Partner Program
Google for Education Training Center
Google for Entrepreneurs
Google for Work
Google for Work and Google for Education Partner Program
Google for Work partner program
Google Forms
Google Green
google groups
Google Hangout
Google Hangouts
Google I/O
Google Keep
Google Maps
Google Maps API
Google Maps APIs
Google Maps Coordinate
Google Maps Engine
Google Maps Engine Pro
Google Maps Engine public data program
Google Maps for Business
Google Maps for Work
Google Maps Gallery
Google Maps Tracks API
Google Message Continuity
google message security
Google Mobile Device Management
Google My Maps
Google My Maps Pro
Google Places API
Google Play
google play for education
Google Prediction API
Google Research tool
Google Science Fair
Google Search Appliance
Google Security Key
Google Sheets
Google Site Search
google sites
Google Slides API
Google Smart Lock
Google spreadsheets
Google Springboard
google storage
Google Storage for Developers
Google Translate
Google Vault
Google Video
Google Wave
google+
Google+ api
Google+ Communities
googlenew
government
GSA
GSA 7.0
GSA for Commerce
guest post
HALO Trust
Hangout on Air
Hangouts on Air
HEAT
hints and tips
HIPAA
Inbox
Inbox by Gmail
innovation
international trade
Internet Explorer
intranet
io2011
iOS
iPad
IT
K-12
Kubernetes
large business
MAM
manufacturing
Mapping a better world
marketplace
marketplace highlights
mashups
MCCs
MDM
medium business
migration
mobile
mobile management
model contract clauses
moms
Mother's Day
mpstaffpick
MyHEAT
NAVMAN
new features
news
Niagara International Transportation Technology Coalition
non-profit
noteworthy
offline
OpenID Connect
Parters
partner
Partner Showcase
partners
Place Summaries
Postini
privacy
product ideas
productivity
Quickoffice
Receptionist's Day
reports
Reseller
retail
RSA
Safer Internet Day
SBW2013
SBW2014
sbweek
SCCs
Search
Security
Security Key
small business
Small Business Week
Small businesses
SMB
spam and security trends
Startups
success story
support
switch
System Admin
T Dispatch
Teamwork 2015
Thanksgiving
Transport and Logistics
Trust
UK
university
University of Calgary
Updates
utilities
Veteran Owned Businesses
Veterans Day
Veterans Day 2013
Veterans Day 2014
viewpoint
VNX
wallet
webinar
webmaster
Winter
women in tech
Women's History Month
Work Resolutions
World Bank

Feed

Googleon

Company-wide

Official Google Blog
Public Policy Blog
Student Blog

Products

Android Blog
Chrome Blog
Lat Long Blog

Developers

Developers Blog
Ads Developer Blog
Android Developers Blog

Google
Privacy
Terms