A managed security vendor has noticed a significant drop in spam in recent weeks, which it theorized could be due to many old, infected computers being replaced by shiny new systems given as Christmas presents.
SoftScan, based in the U.K., noticed a 30 percent reduction in traffic around the first week of January. The company was still looking into the reasons why but speculated it could be either a major botnet
Gone are the days of Sanford Wallace, when spammers set up a formal organization and everyone knew where to aim. Now, it’s all underground, with infected personal computers that pump out spam without the user knowing it.
Gartner estimates that 80 percent to 90 percent of all spam generated in North America comes from computers that are unknowingly infected.
“Today we have a situation where hundreds and thousand of machines are infected without their users’ knowledge. It doesn’t affect them directly, apart from perhaps the machine occasionally going slow, but that one machine in the right hands causes misery to thousands of others,” wrote SoftScan CEO Diego d’Ambra in a posting discussing the issue.
Opinions are mixed as to what could cause such a drop in spam. Randy Abrams, director of technical education at antivirus vendor ESET, thinks it was a botnet disruption. “But I don’t think it will last for long. It is also possible that security people were getting too close to the controller so the bot-herder took it down to make changes,” he told internetnews.com. “They’ll be back.”
However, Natalie Lambert, senior analyst for client security and client management at Forrester Research, believes the Christmas deployment theory is very plausible.
However, she adds “I also think that there’s always a huge uptick of spam before any holiday. Given that it was Christmas, one of the biggest holidays of the year, there’s a lot of incentive getting that spam out there.” The decline in early January could simply be the end of Christmas “promotions,” for lack of a better word.
She thinks that just replacing infected machines isn’t enough to take a 30 percent divot out of spam loads. It’s likely a combination of new spam blockers, clean machines and the end of the holidays.
Mike Irwin, COO for Webroot and formerly with Brightmail, doesn’t believe new PCs played a part. “We’ve gotten to a point where PC churn is fairly normalized. There’s seasonal PC buying, and I haven’t seen that be attributable to any decrease in spam. We’ve been through five Christmas cycles where spam is still a problem, and we haven’t seen a notable decline after the holiday,” he said.
It’s hard to determine the impact of new computers because the old systems they replaced might still be in use somewhere. “The question is how many were cleaned and how many are just repurposed or passed on with the malicious software intact?” said Abrams.
One thing everyone agreed about was that the burden remains on the consumer. “Home users who don’t use security software and download everything that says ‘free’ are almost certainly infected. Even home users who know enough to use security software are at risk,” he added.
“There is an element of social responsibility here, where folks need to ensure their desktops are clean and secure because it’s having an impact on users across the Internet,” added Irwin.
“A lot of consumers don’t even have antivirus software, or keep it up to date,” said Lambert. “You’re only as protected as your last update, and I know consumers who don’t have any antivirus software or go until the next hardware refresh to clean up their machines, those people simply aren’t protected any more.”