Data on spam volumes, published in McAfee's December 2009 Spam report, say that new malware such as the Koobface social networking virus have helped to stoke the growth of spam.
"Only days after McColo was taken offline, it was reconnected for a brief period (about 12 hours) by its uplink provider, giving just enough time for the Rustock botnet owners to communicate with their infected machines and point them to command centers at other service providers", the McAfee report said.
"The shutdown’s effect was dramatic, yet ultimately brief. We have seen dramatic increases since November 2008 due to the relaunching of Rustock as well as the birth of botnets such as Bredo (which primarily sends fake nondelivery notifications spoofing package-delivery services such as FedEx, DHL, and UPS) and Waledac (a new version of the Storm botnet)", it continued.
Spam volumes peaked in July this year, standing at just under three times the volume directly before the McColo shutdown. In October, the last month covered by the report, traffic had decreased slightly over the summer, but still equalled over twice the pre-shutdown volume.
McColo was a rogue ISP based in the US. The network was associated with the hosting of command and control servers for botnets including Rustock. It was taken down after Washington Post journalist Brian Krebs worked with researchers to gather evidence that it was being used for online crime, and its internet access was discontinued. Shortly afterwards, spam volumes plummeted.
The long-term data detailed in the spam report will provide intelligence for future shutdowns, which are happening with increasing regularity online. In November, security appliance company FireEye orchestrated the shutdown of the Mega-D botnet, leading to a marked decrease in online spam volumes. However, based on the empirical evidence in the McAfee report, we can expect spam volumes to rise again over time.