Symantec Hosted Services reveals huge drop in spam

Spam levels have dropped to their lowest since the much publicised shutdown of the rogue ISP McColo in 2008, according to the latest research from Symantec Hosted Services' MessageLabs Intelligence team.

Malware data analyst Mathew Nisbet revealed in a blog post that the amount of spam hitting the firm's spam honeypots has dropped dramatically since 25 December, mainly owing to a reduction in output from the key Rustock, Lethic and Xarvester botnets.

"Since 25 December, Rustock seems to have all but shut down, consistently accounting for below 0.5 per cent of all spam worldwide," he wrote.

"MessageLabs Intelligence has seen virtually nothing from Lethic since 28 December, and Xarvester since 31 December."

Other major botnets like Gheg and Cutwail seem to be unchanged at the present time, Nisbet added.

However, the bad news for security professionals is that the drop in spam is unlikely to last, the expectation being that, if Rustock, Lethic and Xarvester don't come back soon, others will take their place.

Nisbet admitted that the sudden drop was a surprise to the researchers at MessageLabs Intelligence.

The firm recently predicted that cyber criminals are likely to change the way they control botnets in 2011, in order to escape detection and make malware attacks and spam campaigns even harder to prevent.

So-called steganographic techniques could help hide botnet commands from discovery by intrusion detection systems.