Global drop in spam e-mail is 'short lived'

Pills falling out of a bottle
Spammers frequently tempt buyers with offers of cheap pharmaceuticals

A recently observed global decline in spam e-mail could prove to be short lived, researchers say.

A network of infected computers used to produce spam has sprung back to life after a lull of several weeks.

The Rustock botnet - as it is known - mysteriously stopped sending spam e-mails in early December, resulting in a massive decline in spam.

But according to security firm NetWitness, it restarted activity early on 10 January.

Overall spam levels are still below their levels in August 2010, when Rustock began to wind down its activity.

The reason for the lull was not immediately apparent, Alex Cox of NetWitness told BBC News.

Those controlling Rustock do not appear to have made major strategic changes to their spamming campaigns, he added.

Back to business

"As best we can tell, they took a holiday," said Mr Cox. "The people running Rustock are running a business - albeit an illegitimate one - so maybe they needed time off too."

Rustock's reawakening has also been detected by security firm Symantec Hosted Services.

According to Paul Wood, a senior analyst at the firm, Rustock is now pumping out more than a quarter of all spam circulating worldwide.

On 10 January alone it is expected to have sent out 67 billion junk e-mails, he said.

Rather than the spammers enjoying a Christmas break, he believes the lull in Rustock's activity was most likely because the botnet owners rented it out to new spammers.

"Previously Rustock was primarily sending out spam related to a group known as the Canadian Pharmacy. The spam we're seeing today is for Pharmacy Express," he said.

"Besides, a lot of automation exists in the spamming business. They don't need people sat at keyboard to send in out," Mr Wood added.

But while Rustock was once again sending out spam, it was too early to say whether it would reach the volumes seen in August 2010 - roughly 200 billion messages a day, said Mr Wood.

"It seems to have the capability, but we don't know whether those behind Pharmacy Express wants to reach those levels," he said.

More on this story