Spam levels significantly dropped at the start of this month, although volumes appeared to be creeping back up again this week.
Symantec attributed the fall, in particular the notable drop on 3 October, to dips in major botnet output.
On that day, spam output from both the Cutwail and Rustock botnets went down sharply, as did spam emanating from "unknown/other" sources.
"We think that fewer bots were sending spam for both Rustock and Cutwail on that day, causing the decrease in output," said Dan Bleaken, senior malware data analyst at Symantec Hosted Services, on a company blog.
"This would happen if bots were reassigned to some other task, the bots were lost, or if demand from spammers simply wasn't there."
Bleaken suggested the closure of a spam affiliate named Spamit, a "mainstay of the so-called Canadian Pharmacy' business," could have been the cause of the fall.
"Approximately two-thirds of all spam is related to pharmaceutical products, and a great deal of that is related to Canadian Pharmacy websites and related brands, which sell a variety of pills/drugs for anything from male enhancement, to weight loss, to stress relief," he explained.
"It's an enormous money making machine in the shadow economy, and spammers line up to work with affiliate schemes such as Spamit, distributing enormous volumes of rapidly changing spam and taking commission for their efforts."
If Rustock, a botnet which puts out a significant portion of pharmaceutical spam, was heavily reliant on Spamit, then this could have caused the drop earlier this month, Bleaken said.
Cutwail, which covers more bases in terms of spam types, including pharma spam, could also have been hit but to a lesser extent than botnet giant Rustock.
"Many Cutwail spammers would have happily carried on with business as usual," Bleaken added.
-
Seized database helps Europol snare botnet customers in ‘Operation Endgame’ follow-up stingNews Europol has detained several people believed to be involved in a botnet operation as part of a follow-up to a major takedown last year.
-
Horabot campaign targeted businesses for more than two years before finally being discoveredNews The newly-discovered Horabot botnet has attacked companies in the accounting, investment, and construction sectors in particular
-
Brand-new Emotet campaign socially engineers its way from detectionNews This latest resurgence follows a three-month hiatus and tricks users into re-enabling dangerous VBA macros
-
Microsoft says “it’s just too difficult” to effectively disrupt ransomwareNews The company details its new approach to combatting cyber crime as the underground industry drains $6 trillion from the global economy
-
Beating the bad bots: Six ways to identify and block spam trafficIn-depth Not all traffic is good. Learn how to prevent bad bots from overrunning your website
-
Ukraine's vigilante IT army now has a DDoS bot to automate attacks against RussiaNews The 270,000-strong IT Army of Ukraine will now combine supporters' cloud infrastructure to strengthen the daily attacks against their invaders
-
Microsoft's secure VBA macro rules already being bypassed by hackersNews Recent analysis of Emotet activity has revealed a shift away from malicious Office documents to drop malware
-
Emotet infrastructure has almost doubled since resurgence was confirmed
News Researchers confirm the infrastructure has also been upgraded for a "better secured", more resilient operation
