The spam honeymoon is over. Just 12 days after the shut-down of US-based rogue ISP McColo, which led to spam levels plummeting around the world, the spam plague is gaining momentum again.
That's according to David Jacobson, technical director at Synaq, whose anti-spam detection service recorded a 66% drop in bulk unsolicited emails directed at South African corporate users following the 12 November cybercrime bust.
"Prior to the McColo shutdown, Synaq was monitoring about 6-million mails per day for clients, of which 94% was spam or viruses, and only around 5% were legitimate e-mails.
"After the plug was pulled on McColo, the number of mails being processed daily dropped to 3,2-milion per day – because the number spam mails being sent out had dropped. However, of those 3,2-million mails processed daily, 85% was spam.
"But this week, we started to experience a sharply increasing rate of number of spam mails being processed. Since Wednesday (26 November) spam volumes
are up by around 36%. In fact, we are rapidly approaching our pre-McColo shut-down levels," Jacobson says.
He believes this indicates that McColo has been able to set up shop again and is circumventing the ban on its activities by the Internet providers which accused it of hosting the command and control infrastructure for three of the world's most prolific spam botnets.
Alernatively, one or more rogue operators might have moved in on McColo's territory, he adds.
Jacobson expects spam to return to pre-McColo bust levels or even higher within the next few days.
"Spam is too lucrative an enterprise for cyber-criminals to allow it to diminish or stay dormant to too long. Spammers have probably found a way to reconnect to the millions of PCs that are infected with the viruses spammers use to send out millions of unwanted, sometimes dangerous emails.
"Individuals and corporates who relaxed their guard once McColo went down are at serious risk of a renewed, and possibly even more vigorous spam onslaught. It is essential that anti-spam defences are continuously monitored and updated to prevent spam from undermining or crippling their networks," he says.