When Microsoft destroyed Rustock, spammers lost control of a huge network of unknown size (estimates ranged from about 850,000 to more than 2 million infected computers). In the months following the take-down, the percentage of spam emails carrying malware, not including messages that pushed users to links that would deliver it, rose significantly according to Eric Park, an abuse analyst at Symantec. The trend suggested that spammers were endeavoring to regain the firepower they'd lost.
Because malware plays the vital role of "botting" more machines, the spammers devote their craftiest messages to it. Significant innovation has occurred in this area, possibly as a result of increased pressure on the command-and-control centers from law enforcement and companies, including Microsoft, filing civil actions.
Gone are the days of misspellings and amateur graphics. The emails are timely, often alluding to current events. They also cleverly play on human psychology to ensure a click-through to the website that downloads the malware. One email purporting to come from the U.S. Postal Service notifies you of a package sent using a label charged to your credit card. The recipient will want to track down the payment and obtain a refund, but the link simply promises to provide more information.
Spammers are also increasingly using social networks like Facebook and Twitter to drive users to their advertisements. Paul Judge, Barracuda's chief research officer, said the reason was simply "more eyeballs."
Say a spammer has the maximum of 5,000 friends on Facebook. If he uploads a photo and tags it with the maximum of 50 people, Judge said, he can reach 250,000 people with a single photo and accompanying link -- five times more views than result from 10 million email messages.
But in some ways the problem of spam on social networks is more intrinsic than that. The sites' core function is to bring more people together and to share their opinions. The social networks make it easy to join and easy to share content. In fact, the URL (unique resource locator) shorteners that have sprung up to further ease sharing on social networks have been a boon to spammers because they create multiple links to the same page while concealing the domain name.
Spammers have created an account -- and Judge cited estimates that as many as 30 percent of Facebook accounts are fakes that belong to spammers -- they can buy a Twitter follower for 2 cents, a Facebook friend for 3 cents or a "like" for 4 cents. Facebook accounts are also not infrequently hacked, allowing the spammer to fabricate a public recommendation of his product from the account holder.
According to Chris Grier, a computer scientist at the University of California at Berkeley who researches spam on social networks, the number of social spammers continues to grow, suggesting that they are making money.