14 DAY TRIAL // Security researchers are baffled by the fact that three of the world's largest spamming botnets, Rustock, Lethic and Xarvester appear to have halted their activities at the end of December.
According to Mathew Nisbet, malware data analyst at Symantec, the current spam levels are at their lowest point since the takedown of the McColo rogue ISP in November 2008.
Several security vendors have reported low spam figures for December or even the entire last quarter of 2010.
This period coincided with the closure of the Spamit rogue pharmacy affiliate program and the arrest of the suspected Bredolab and Mega-D botnet runners.
But Nisbet points out that spam levels have plummeted since around 25th of December, with Rustock 2010's dominant spam botnet almost shutting down.
According to data from M86 Security, at its peak, Rustock accounted for nearly 60% of the world's spam traffic, but started reducing its output since the middle of September.
"Since 25th December, Rustock seems to have all but shut down, with the amount of spam coming from it consistently accounting for below 0.5% of all spam worldwide," Nisbet says.
In Rustock's absence, another botnet known as Lethic was left in the lead. Lethic's spam volume peaked at 30% in November and continued at high rates until December 28, when it suddenly went silent.
Xarvester, a smaller botnet responsible for between 5% and 10% of the world's spam traffic also ceased its activities on December 31.
Security researchers have no idea what caused this unusual behavior, except that it happened between Christmas and New Year's Eve. "[...] Perhaps the botnet herders have decided they need a holiday too?" Nisbet wonders.
One thing is clear though - this sudden drop is not expected to last. Spam is a very profitable business for cybercriminals and an important source for money needed to fund other illegal activities.