Berlin, January 12, 2012 – The spam and malware landscape is changing. This is shown by analysis conducted by the eleven Research Team on the spam trends of 2011. Never before have there so many and such significant fluctuations in spam volumes as in 2011. For 2012 the eleven researchers expect spam to be send primarily isn short, massive and frequent waves which increase the risk of system overload for e-mail infrastructures. E-mail users should also pay closer attention: No longer can spam and phishing e-mails be recognized at first glance. This increases the risk of giving up access information for online banking, credit cards etc.

Spam volume 2011: Record fluctuation

2011 spam trends were characterized by the most significant in the history of spamming since 2003. Massive declines in spam of considerably over 50% occurred repeatedly throughout the year, the most recent being in December 2011. As compared to the prior month, spam volumes declined by 70.4%, which was the primary reason for the significant decline in spam volumes to only 19% of the value from December 2010. However, eleven experts see no reason to give the all-clear just yet. Spam declines of up to 80% occurred at the turn of the year 2010/2011 and as a result of the takedown of the Rustock botnet in March 2011; however, spam volumes increased considerably again each time. That meant that spam volumes had returned to 78% of the value prior to the Rustock takedown by November 2011.

There were also significant shifts in countries of origin and topics for spam e-mails. The primary reason was the shutdown of the world’s largest botnet, Rustock, on March 16, 2011. Before that point, a major percentage of global spam came from western industrial nations: the USA had held the top position for months. The dominant spam topic was pharmaceutical advertisements, comprising up to 70% of all spam. After Rustock, countries such as the USA, the United Kingdom and Germany all disappeared from the top-ten lists. The USA only came in 14th in November. The new spam leaders were emerging nations, particularly from Asia, led by India. Similar changes also occurred in spam topics: after the Rustock takedown, casino spam became the primary spam subject, accounting for over 50% of all spam. Casino spam was also a main reason behind the significant spam growth starting in August 2011. December’s spam decline was also caused by the absence of casino waves.

Another unsettling trend this year was the significant increase in localized spam in which spammers specifically targeted German e-mail users. One reason for such spam is the search for so-called “money mules,” i.e. individuals who make their accounts available for money laundering. A second reason is the increased number of online fraudsters (phishers and scammers) who want to access confidential data this way. These e-mails were once detectable due to their poor translation quality; such scammers, however, have become smarter and know that an error-free text creates more trust.

The three most important spam trends for 2011

1. The spam trends allow for clear conclusions to be drawn about the geographic and thematic distribution of leading botnets. The most important spam topics – pharmaceutical and casino spam – come from different sources. Pharmaceutical spam mostly comes from western industrialized nations, while casino spam primarily comes from emerging nations in Asia and Eastern Europe.
2. The spamming trend has shifted from continual propagation toward short, yet massive, waves, which are particularly typical of casino spam. Such waves often only last approximately 30 minutes and can repeat up to three times a day. There can also be longer breaks, some of which last several weeks.
3. The close connection between spam and malware dissemination has continued. Spam declines are often accompanied by significant jumps in malware levels, which primarily serve to disseminate Trojans and thus to rebuild lost botnet resources. This was the case at the turn of the year 2010/2011, as well as after the Rustock shutdown.

Spam tends 2012: Access data become primary focus

1. Spamming will continue to shift from continued dissemination to short, yet massive and frequent, waves. Spam peaks that develop in the short term can lead to overload situations for e-mail servers.
2. There is a growing trend toward quality over quantity for spam, phishing, and malware. Instead of sending as many e-mails as possible, they are now being designed in such a way that the opening rate is many times higher than to date. This goal is accomplished, for example, through targeted malware and particularly through phishing campaigns geared toward specific countries and target groups. In general, spam and phishing campaigns are becoming increasingly professional. Both e-mails as well as counterfeit Web sites can hardly be differentiated from the originals these days. Initiators are becoming increasingly successful in their efforts to create the impression that the e-mail in question is particularly important and that the link or attachment must be opened.
3. Spammers will increasingly attempt to diversify their infrastructures as a result of the recent botnet takedowns. The eleven Research Team has already seen a rise in attempts to hijack legitimate mailboxes with the intent of using them to send spam. E-mail login data will be a preferred phishing target in 2012.
4. The use of popular events for spam and malware campaigns will continue to increase. Popular topics as bait for spam, phishing, and malware are being used even today.
5. At the same time, spam, phishing, and malware will continue to blend together. In 2011, the number of multipurpose mailings in which phishing pages included a malicious code, for example, increased considerably.

Download:

eleven on Twitter: http://www.twitter.com/elevensecurity

eleven – E-mail security "Made in Germany"

eleven is a leading e-mail security provider based in Germany. Its eXpurgate technology, which is unique worldwide, offers a spam filter and e-mail categorization service that protects the user reliably from spam and phishing, detects potentially dangerous e-mail and can distinguish between individual messages and any kind of mass e-mail. eXpurgate also offers numerous virus protection options and a powerful e-mail firewall.

Over 45,000 companies of all sizes use eXpurgate to check and categorize more than a billion e-mail messages every day. Customers include Internet service providers and telecommunication carriers such as T-Online, O2, Vodafone and freenet as well as many well-known companies and public institutions, including Air Berlin, the Federal Association of German Banks, DATEV, the Free University of Berlin, Landesbank Berlin, Mazda, RTL, ThyssenKrupp and Tobit Software AG. For more information, visit our website at: http://www.eleven.de.

Company contact:

eleven GmbH
Sascha Krieger
Hardenbergplatz 2
10623 Berlin
Phone: +49 (0)30 / 52 00 56-0
E-mail: presse@eleven.de
http://www.eleven.de

Media contact:

consense communications gmbh
Stefanie Weigl
Nymphenburger Straße 86
80636 Munich
Phone: +49 (0)89 / 23 00 26-0
http://www.consense-communications.de