They're back: Spammers return from year-end break

After a 15-day hiatus of near-zero spam levels, cyber criminals have turned their systems back on

System administrators got a welcome Christmas present from the least likely of sources.

Starting Dec. 25, the cyber criminals behind the Rustock botnet took a vacation, causing spam levels to drop significantly, according to security firms Symantec and Trend Micro. The hiatus, however, did not last. On Monday, following 15 days of near-zero spam levels, the spammers turned their systems back on, inundating users with pharmaceutical-related spam.

"While levels of Rustock output appears marginally lower than before Christmas, we see no reason they won't reach those previous levels again, bringing global spam levels back up to the approximately 90 percent levels we had become so used to," Symantec wrote in an analysis of the fluctuations in spam.

Despite the short-term decrease in spam and an overall drop in spam since October 2010, the annual volume of spam for 2010 increased significantly over the previous year, according to Trend Micro. The company attributes the drop in junk email since October to efforts to take down the SpamIt affiliate network, which pays "partners" who direct people to fake pharmaceutical sites.

"It appears that the drastic fall in the number of spam reported at the end of the year was a short-term blip," wrote Matt Yang, solutions product manager for Trend Micro. "However, in the midterm, it appears that the overall spam level has at least leveled off."

Rustock was not the only botnet to take a break. Lethic and Xarvester, two botnets responsible for a much smaller volume of spam, also shut down during that time, according to Symantec.

Overall, spam dropped to nearly a third of previous levels, according to reports. The current crop of spam emanating from the Rustock botnet has subject lines such as "Dear [username] -80% now" and are branded as Pharmacy Express.

This article, "They're back: Spammers return from year-end break," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog.