In-Depth

MessageLabs Reports (Slightly) Good News for Security Administrators

Is IT winning the battle against spam, or was a recent drop in malware and phishing volumes just a statistical blip in an otherwise upward trend?

• By Stephen Swoyer
• 02/23/2010

With one month gone in 2010, things are looking up -- though very slightly up -- in the messaging security arena, where several malicious bellwethers are moving ever so slightly downward.

Take spam traffic, for example. Last year at this time, spam volumes were depressed relative to 2008 levels. That was thanks in large part to the shuttering of the notorious McColo botnet, which occurred in late 2008. In January of this year, on the other hand, spam volumes decreased slightly -- by 0.3 percent, sequentially, from December -- according to security researcher MessageLabs, a subsidiary of Symantec Inc.

Part of that drop doubtless had to do with a late-year increase in spam traffic (following the closure of Real Host in August), which MessageLabs says started climbing back up in October.

"As the New Year arrived, spam volumes increased markedly and have sustained high levels ever since," says the company's monthly "MessageLabs Intelligence" report. Moreover, the researcher stresses, spam almost always trends upward in anticipation of the Thanksgiving, Christmas, and New Years holidays. The upshot, then, is that seasonal adjustment can account for a chunk of this putative "decline" in spam volumes.

Nor are spammers poised for a respite now that the Big Three holidays (those in November, December, and January) are behind us.

"As we move into February, MessageLabs Intelligence expects to see New Year-related spam trail off as spammers realize they have likely capitalized as much as possible on the New Year themes, moving on to the next thing, such as St. Valentine's Day-related spam," the report indicates.

MessageLabs also recorded a small decrease in spam-born virus traffic (0.03 percent since December), along with a very slight decrease in phishing attacks (down 0.11 percent since December). One positive development is that the overall share of phishing attacks -- as a percentage of all e-mail-borne threats -- fell sharply between December and January. However, phishing attacks last month still accounted for almost two-thirds of all e-mail-borne threats, but this tally was itself down 14 percent from the month prior.

On the other hand, the number of blocked malicious Web sites exploded -- jumping by almost one-third since December -- while the number of new blocked domains inched up by 0.6 percent. (Last month, two-fifths -- or 41.4 percent -- of all blocked malicious domains were new or otherwise unknown entries.)

There's a slightly positive wrinkle to this news, too: the prevalence of spam-borne malicious links also dropped -- significantly -- from December to January. Just under one-seventh of all e-mail-borne malware also contained links to malicious Web sites, according to MessageLabs. That's a decrease of a (statistically significant) 6 percent.