Claims worldwide spam levels have declined 30 percent over the Christmas period due to the loss of one botnet are so far unfounded.
UK-based security firm SoftScan stated in the first week of January this year they discovered a 30 percent reduction in spam, citing the possible cause being the result of a major botnet temporarily losing control of its clients.
Security companies have yet to see an equal drop-off globally and suggest that decrease may be in the UK only.
Experts from Marshal's TRACE (Threat Research and Content Engineering) team have drilled into both UK and Asian traffic and have yet to find the reduction, however discovered a more sinister matter - one malicious worm, discovered in September, may in fact be responsible for the deluge of Christmas spam and new year phishing e-mails.
Bradley Anstis, Asia Pacific director of research and product development for Marshal said after accounting for weekend drops in spam and the expected general increase in spam in December one should notice a drop-off in January; however that has not happened this year.
Anstis said in the middle of November last year, phishing e-mails as a percentage of global spam were at a year low at just under 0.5 percent. This figure spiked at 2.25 percent at the start of December and fell to 1.4 percent around January 7.
"The worm responsible, Stration, was found by Kaspersky in September and Marshal in October, but the problem is we have not seen a drop-off in spam and we have honeypots all around the world and we have drilled into UK and Asian traffic," Anstis said.
"That worm alone, by itself was responsible for 27 percent of all e-mail threats in October, which would make it the most successful botnet ever seen, but the big worry about Stration is that it is self-morphing, which gave us quite a concern, and from a technical viewpoint it is a step forward for bot writers because it was designed for longevity and to step around technology.
"If you look at the time the drop-off happened, and remember you are looking at a percentage of all spam, in January phishing spam was rising and legitimate spam dropped off."
This is an alarming trend, according to Antsis. Antsis said the TRACE team has started to notice alarming similarities between phishing and spam e-mails and said perhaps there is more money to be made from spammers sending out phishing e-mails than on-selling e-mail addresses to organized crime.
"This would mean to me the spammers we hurt from day one are latching onto good money from phishing attacks and I suspect they are now working in cahoots," Antsis said.
"Traditionally they used to sell the lists to phishing organizations, but they have now worked out they can make more money from phishing attacks, which may become the big security threat of 2007 as successful phishing is not just an e-mail now but a number of different elements intended to surround victims."