Hay says that one of the major reasons for the drop in spam volumes was a reduction in spam output from Rustock, one of the major spamming botnets of recent times.
"We noticed the decline starting around 20th September and dropping to negligible levels by the 23rd September. This happened at the same time as initial reports surfaced that the notorious SpamIt.com operation was shutting down", he said in a security blog posting.
Spamit.com, he noted, is an underground group of email spam affiliates closely linked to GlavMed, which in turn is responsible for one of the largest and oldest affiliate programmes called 'Canadian Pharmacy.'
In recent times, he went on to say, Canadian Pharmacy has been the dominant spammed programme, simultaneously spammed by most of the major spamming botnets.
As reported by Infosecurity at the end of September, the Spamit.com spam affiliate programme - which is responsible for the promotion of spam via a number of outlets worldwide using financial incentives - closed at the end of that month.
Also known in Russian circles to have links with the Glavmed sponsorship scheme – and thought to have close links to the Russian Business Network – Spamit was known to be responsible for large volumes of illegal spamming of Canadian and US pharmacy websites.
Back at M86 headquarters, and Hay said that the incident of the Rustock botnet – another major source of spam – has apparently ceased operations, although, he says, it has not gone away.
"Its control servers are still up, we have observed Rustock spamming in our lab, and some of our customers are still experiencing a low level of Rustock spam hitting their servers", he said.
And other botnets – including Pushdo and Grum – have been quiet, says M86, which notes that the SpamIt.com closure has had a major impact on the volume of spam output, as some botnet operators/spammers have lost one of their major affiliate programmes, or in other words, sources of cash.
"How long it will last is another question entirely. There are competing affiliate programs for botnet operators to sign up for. We have noticed that one of the smaller botnets, Xarvester, who we have previously linked to Spamit.com has already swapped from Canadian Pharmacy to Ultimate Replicas", he said.
"And it may well be that SpamIt.com and Canadian Pharmacy have gone into hiding, and after a brief hiatus, will re-emerge in another guise. Only time will tell. In the meantime we are not complaining", he added.