Google released some interesting data about the volume and types of attacks its spam detection software identified over the last quarter. According to Google, overall spam levels in the second quarter of 2009 were 53% higher than during the first quarter, and 6% higher than a year ago. Even though the total volume of spam dropped by 70% after the the takedown of the infamous McColo ISP, it only took four months for spam levels to get back to normal. Last month, 3FN, an other large ISP spam source was also shut down, but spam volume only dropped by about 30%, and chances are that the spam market will simply rebound within a few months, as new spammers get into the market.
The Return of Image Spam
Interestingly, Google also notes that image spam, which is generally filtered out quite well by modern spam detection software, has seen a major resurgence. Amanda Kleha, a member of Google's message security and archiving team, theorizes that this might be due to new spammers getting into the market after the shutdown of McColo and 3FN, and these new players are starting out with well established methods, even if they are not very effective. Kleha also notes that spammers might just be testing how well the current generation of spam filters handles these messages in order to perform statistical analysis based on which subject lines and content make it into users' inboxes.
Google also notes that one of the largest spam attacks in the last quarter was based on an old school "newsletter" template (with malevolent links and images thrown in there for good measure). This attack unleashed about 50% an average day's spam volume in only 2 hours. So while it might not have been highly sophisticated, there was surely a massive network behind it that was able to send out this huge amount of spam in such a short time.