The 2010 Christmas period saw a significant drop in spam levels, Symantec figures have shown.
This fall has somewhat flummoxed security researchers, especially considering the Christmas holidays are seen as a time of great activity for spammers.
The central reason behind the drop was the significant fall in activity from some mega botnets, in particular Rustock, which was the most dominant spam botnet in 2010 and appeared to have all but shut down from Christmas Day onwards.
The major Lethic and Xarvester botnets also saw a dramatic decline in activity. The former produced virtually nothing since 28 December and the latter did very little post New Year's Eve.
According to Symantec, the amount of spam hitting the security giant's spam honeypots was at its lowest since the McColo takedown in November 2008.
Why these botnets have gone on something of a hiatus remains something of a conundrum, however.
"At present we don't know why these botnets have stopped spamming, perhaps the botnet herders have decided they need a holiday too?" said Paul Wood, MessageLabs Intelligence senior analyst at Symantec Hosted Services, in a blog post.
Despite the lack of an answer as to why Rustock et al have taken a break, Wood warned people against complacency.
"As we saw after the closure of McColo in 2008, and following further takedown attempts in subsequent years, botnets rarely stay quiet for very long," Wood said.
"Even if these three botnets don't come back soon, we would expect other botnets, even new ones, to pick-up where they have left off - very soon."
It is not often security pros are left at a loss when something significant happens. The last time a serious drop in spam was recorded, in 2010, the reasons appeared to be clear as some massive botnets had been taken out by law enforcement.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Malicious WordPress plugin installed backdoor on thousands of websitesNews Widget plugin spewed spam to unsuspecting victims
-
Power stations under attack from long-running hacking campaignNews Dragonfly threat group is ramping up activities, say researchers
-
711 million data records revealed in spambot dumpNews The data contains email addresses, passwords and server information too
-
Symantec profits surge as firms prop up their cyber defencesNews The company also announced plans to sell its web certificate business
-
Security experts uncover Tinder porn site spam schemeNews Chatbots use verification offers to lure in victims
-
Symantec to pay $4.65 billion to acquire Blue CoatNews Greg Clark to become Symantec CEO, promising new cloud security
-
Spammers selling fake tickets for Rio Olympics 2016News Fraudsters have created fake ticketing websites to trick users
-
Symantec ditches reseller guilty of scamming PC users
News Silurian told people they had malware, then sold them Norton Antivirus for $249
