Since the shutdown of hosting company McColo in mid-November 2008, spam volumes have slowly made their way back to "normal," said internet security software company Symantec in its April 2009 monthly spam repot.
"Old botnets are being brought back online, and new botnets are being created," the report noted. "Spam volumes are now at 91 per cent of their pre-McColo shutdown levels."
A botnet (or zombie) is a term given to a computer that has been compromised and is being used for various criminal-related interests such as sending spam, hosting websites that advertise spam and acting as DNS servers for zombie hosts.
Popular spam topics
Commenting on popular spam subjects, Symantec noted that mortgage, Conflicker, Tax Day and terror-related spam have been found to be most common.
According to the security report, spammers continue to attempt to disguise themselves as the IRS and other tax authorities, dangling tax refund offers in front of unsuspecting users. These offers are aimed towards recipients who may be unaware that the IRS "does not initiate communication with taxpayers through e-mail."
"The purpose of these attacks is often to collect personal details, including date of birth and debit/credit card information," said Symantec. "In addition to spammers disguising themselves as the IRS and other tax authorities, Symantec has recently observed that spammers have been offering ways to save money on tax preparation as a means to enter a user's inbox."
On the Conflicker topic, Symantec said: "We have found spam samples attempting to capitalise on the frenzy over Conficker (a.k.a. Downadup), offering the latest in anti-virus security software that purportedly protects users from the Conficker threat. Some of these spam messages even use names and images of software much like Symantec's own Norton AntiVirus 2009."
The report suggested avoiding terror-related malware spam. "With the ominous subject line 'Take care about yourself!', fear mixed with excitement might propel some recipients to disregard security consequences and click on URLs that link to malware," noted the Symantec report. "In this recent example, geolocation services were used to target the recipient of the message. Depending on the relative location of the message recipient, the location of the terrorist attack differs."