Big jump in spam volume

If you are wondering why your email servers are struggling, look no further.  The volume of spam over the past few days has increased markedly.  Spam received by our traps jumped up by some 30% in the last week, as measured by our Spam Volume Index, below.  We haven't seen these levels since the epidemic proportions of a year ago.  It seems the spam holiday following the takedown of the McColo network in November 2008 is now well and truly over.

As yet, we do not have an explanation for this sudden surge in spam. Output from the major botnets appears to be up across the board, although Pushdo and Rustock, in particular, have been especially busy. Pushdo now leads the Spam by Spambot chart with 27% of the spam output.

Coupled with the increase in volume is a large rise in image spam, where the crux of the spammers message is included in an image file attached to the message, as opposed to plain text.  Image spam has risen to 10% of the total spam, as seen in the Image Spam graph below.

Image spam falls in and out of favour with the spammers as they keep trying to beat the anti-spam filters. The current slew of image spam is very similar to what we have seen in the past. Note the use of subtle random patterns in the background and insertion of the URL in the image.

Most of the new image spam we are seeing is originating from Pushdo, adding weight to the idea that this botnet, or a close variant of it, has moved up another gear.  Certainly we have noticed other malware, such as Virut, active in downloading Pushdo bots.  Maybe this is the reason behind the increased activity.