Yesterday (April 23rd), just after 18:00 Finnish time, I noticed a few reports on IRC channels regarding a large increase in the amout of spam. I then checked the statistics of our customer spamfilter (I work for an ISP, remember?), and sure enough, a flood of spam was coming in. In a matter of minutes, the amout of spam had increased by a factor of 4 with spikes going twice as high. To give you an idea of the figures, the number of emails blocked on average was about 2,5 times as much as it was just before McColo was blocked from the internet. Five hours later the flood came to a sudden halt. It stopped just as abruptly as it begun.
We didn't look that closely on what was the content of these messages, but apparently most of them were faked Western Union recruitment emails. They were aimed at Europe, so that might explain why SpamCop didn't see any increase in spam volume. I haven't found as detailed realtime statistics on other sources, so I can't really say how widespread this incident was outside Finland. Also, I haven't seen any reports of it on the NANOG mailinglist, so quite likely it's been a usual day on the other side of the Atlantic.
The day before yesterday, Marshal8e6 released a report on their botnet analysis, including some numbers on spambot capabilities. So just a day after a botnet research lab reports on their spambot findings, we see a sudden shitstorm hitting our filters. Coincidence? I don't think so.
|<< <||> >>|