Google Spouts Scary Spam Stats

You can attack spammers’ distribution and also haul them off to court, but darn it all, the dreaded mass e-mail pitches keep on coming.

That conclusion is evident in a lengthy update today from Google on the trends its seen over the past quarter.

“Proliferation continues, with an unpredictable pattern of drops and spikes as 2009 moves along,” Amanda Kleha of Google’s message security and archiving team said in a blog post on its findings.

Overall, Google (NASDAQ: GOOG) said spam is measurably up. The average spam levels for the second quarter (Q2) of this year are 53 percent higher than the earlier quarter and 6 percent higher than Q2 2008.

A report earlier this week released by MessageLabs also confirms the rise in spam levels.

Google’s spam data is culled from its network of e-mail and archiving services powered by Postini, the security firm it purchased several years ago. Google said Postini provides e-mail security to over 50,000 organizations including business, government agencies and educational institutions — a position that puts it in prime position to gauge the current state of spam.

And despite some successes, the findings aren’t pretty. Spammers took a hit last year when one of its main distribution points, the McColo ISP, was taken down in November. Although spam levels dropped by 70 percent, Google said spammers worked overtime to fill the void, and within four months, levels were back to pre-McColo levels.

Another ISP spam source, 3FN, was reportedly dismantled in June, leading to spam volumes dropping some 30 percent. But again, Google noted, a new round of spammers quickly moved in and levels went back up.

“Over the coming months, we anticipate watching new players once again drive spam levels back up,” Kleha said in the blog. “Since June 4, spammers have already made up a significant amount of ground, climbing 14% from the initial drop.”

The other significant trend is the continued rise in so-called “image spam” that started to take off in 2007.

Typical image spam includes advertising text and a related image. But Kleha said it can also include malicious links or content. “Either way, the large file size of an image spam can place a heavy load on an e-mail network,” she said.

A blast from the past?

On June 18, Google tracked a new attack that it said unleashed 50 percent of a typical day’s spam volume in just two hours’ time. What was interesting is the spammer used a simple “newsletter” template, with malicious links and images inserted into the content. Such an approach is downright old school compared to spam of recent years.

This spam enabled spoofing of the recipient domain (meaning the “from” field was falsified), resulting in wide distribution. Google’s Postini filters detected more than 11,000 variants of the spam over the course of two hours.

Kleha wondered if the resurgence of old-style spam attacks could mean spammers are finally running out of new ideas, asking, “And if so, like Hollywood, are we now starting to see spam ‘remakes’?”