Spam volumes dropped from more than 379 billion messages daily to about 124 billion messages daily between August 2010 and November 2011, the report said.
“We have seen a huge drop in spam in 2011….The big spam botnets have been targeted by law enforcement and security professionals, who have taken down some big ones”, said Scott Olechowski, threat research manager at Cisco. Massive spam botnets get shutdown because they are “noisy and easy to spot and they are such a nuisance”, he told a Dec. 13 teleconference sponsored by Cisco.
“There is a real financial impact on spammers” from these efforts. Olechowski estimated that, in June 2010, spammers were generating $1.1 billion per year. That number has been cut in half, he said.
Cybercriminals are turning away from massive spam efforts to more focused attacks against high-value targets. Gains from these attacks could “quickly eclipse” the losses from the decline in spam volumes, he said.
In 2011, India had the highest percentage of spam volume, up from second place last year. Russia was second, up from fourth place, and Vietnam came in third this year. Surprisingly, the US dropped to ninth place in 2011 from first place in 2010, Olechowski said.
In addition, the Cisco Global Adversary Resource Market Share (ARMS) Race Index, designed to track the overall level of compromised resources worldwide, has been declining steadily since it began tracking in 2009.
According to data collected for this year's index, the aggregate number that represents the level of compromised resources at the end of 2011 is 6.5, down slightly from the December 2010 level of 6.8. When the index debut, the aggregate number was 7.2 on a 10-point scale. This meant enterprise networks at the time were experiencing persistent infections, and consumer systems were infected at levels capable of producing consistent levels of service abuse.
The Cisco report attributed the decline in the index to similar factors that brought down spam levels: takedown of major botnets and cybercriminals moving to high-value targets. “The prevalence of feature-rich data theft malware such as Zeus/SpyEye has enabled many criminal gangs to launch such attacks”, the report said.