IT security firm Barracuda Networks is predicting that spam volumes will rise to more than 95 per cent of all email in 2009, despite a crackdown on several major spam outfits in recent months.

The company's research found that spam levels in 2008 remained largely unchanged compared with the previous year, making up between 90 and 95 per cent of total email attempts.

However, the growing use of botnets could push this figure over the 95 per cent mark next year, according to Barracuda.

"As the end of the year quickly approaches, many are asking if spam levels can get any worse in the new year," said Stephen Pao, vice president of product management at Barracuda.

"There are a couple factors that we predict may cause spam to increase slightly in 2009, but it is equally important to note that the level of legitimate email is also increasing each year."

Barracuda reckons that we could also see a rise in spam levels from countries not previously known for sending spam, such as Brazil and Turkey which feature second and fifth on Barracuda's top 10 spam countries list.

"What is interesting is where both of these countries rank on the list relative to the 'usual suspects' of China and Russia in terms of spam-originating countries," explained Pao.

"We believe that this is due in part to residential broadband penetration and a proliferation of datacentres in various countries around the world. As broadband availability increases, the reach and control of botnet activity also grows. Unsecured datacentres are ripe for hacking and hosting malicious content. "

The problem of spam was also highlighted in Cisco's recent annual security report, which said that spam accounts for nearly 200 billion messages every day, approximately 90 per cent of worldwide email, the lower end of Barracuda's estimates.

Cisco puts the US as the biggest source, also highlighting Turkey and Brazil as the second and fifth biggest contributors by region.

Both companies also highlighted the growing sophistication of the techniques used by hackers to circumvent spam filters, including using legitimate email accounts from hijacked PCs, identity obfuscation and clever social engineering.

"Phishing attacks are certainly not new, but the levels of sophistication can be quite astounding," said Pao.

"We believe that the combination of social engineering and sender identity obfuscation techniques will continue to merge, making it even more essential that customers use caution when accessing applications or providing personal information via URLs provided in emails."