Spam on the Decline, Don’t Start Celebrating Just Yet – KasperskyWritten by Malcolm James on February 11, 2013
Every so often, we all need to take a reality check. Whether it’s facing the bathroom scale after a very merry holiday season, steeling oneself for the impending tax season, or simply tackling the junk in our inboxes, the fun never seems to end. But now, according to Kaspersky Labs, we can all breathe a tad easier where email spam is concerned.
In their Spam Evolution 2012 Security Bulletin, Kaspersky notes some interesting trends over the past year in the nasty stuff called spam. Most notably, perhaps, is the decline in email spam. For the impatient sorts who just have to read the last page of a novel first, here’s a quick look at the high points:
- The average amount of email spam in 2012 was 72.1%
- 0.02% of all email traffic was phishing email
- 3.4% of all emails contained malicious attachments
Numbers don’t lie. At 72.1%, email spam is down 8.2% over 2011. According to Kaspersky’s Darya Gudkova:
“This continual and considerable decrease in spam volumes is unprecedented. Moreover, the average percentage of spam in 2012 was substantially lower than in 2010 (82.2%) and 2011 (80.3%), when botnet command centers and pharmaceutical affiliate programs were actively shut down. In 2012, the percentage of unsolicited mail was as low as it’s been over the previous five years.”
In the past few years, we’ve seen a steady decline in the number of spam emails, and there’s a plenitude of reasons for that. The main reason behind the decrease in spam volume, Kaspersky believes, is the multitude of anti-spam protection options and their increased use:
“To begin with, spam filters are now in place on just about every email system, even free ones, and the spam detection level typically bottoms out at 98%.”
The report also points out that spam has declined in part due to the more frequent practice of ISPs to use DKIM (DomainKeys Identified Mail), which digitally signs emails to verify the domain from which they’ve been sent.
Introduced in 2006, it has only been in the past few years that “email providers have started to see DKIM as an important criterion for determining whether or not an email should be delivered to its intended recipient.”
Of course, never ones to turn away from a challenge, the crooks have begun to fake DKIM signatures, something made possible because the algorithms that companies use to encrypt signatures has become relatively easy to hack.
Kaspersky’s report also points out that Web 2.0 delivery mechanisms, like context-based advertising on social networks and blogs, have become popular – and legal – ways for spammers to get their work done.
“Ads in legal advertising venues are not as irritating for users on the receiving end, they aren’t blocked by spam filters, and emails are sent to target audiences who have acknowledged a potential interest in the goods or services being promoted. Furthermore, when advertisers are after at least one user click, legal advertising can be considerably less costly than advertising through spam.”
Interestingly enough, Kaspersky used several independent studies to calculate the CPC (Cost per Click) of email spam at $4.45 for every 1 million emails sent, whereas the same metric in Facebook weighs in at a much lower ten cents per click. The offshoot, Kaspersky concludes, is that legal advertising is more effective than spam. “…classic spam categories (such as fake luxury goods, for example) are now switching over to social networks.” Kaspersky has even found IP addresses for online stores advertising on Facebook that previously used spam.
Don’t celebrate just yet
Of course, the real meat of the discussion is the way in which spammers have turned to targeted campaigns and the use of malicious attachments. In 2012, the spammers expanded their repertoire, adding to the already nauseating bevy of fake messages ranging from Facebook to your banker. Messages from a variety of airlines, hotels and coupon services came packed with dangerous payloads either in the form of direct attachments or malicious links.
Unsuspecting users “click on a link that will lead him/her to a hacked site with seeded script, which in turn will redirect the user to a malicious website with exploits.” Kaspersky notes that Blackhole was the exploit kit of choice, but that other exploit packs have also been identified.
There’s much more in this fascinating report, but ultimately, we need to ask the question: is spam going away? The answer? Of course not. The reduction in direct email spam is not surprising, since there are new vehicles for delivery, and at 72.1%, email spam still represents a formidable foe.