Spam levels significantly dropped at the start of this month, although volumes appeared to be creeping back up again this week, according to Symantec.
The vendor attributed the fall, in particular the notable drop on 3 October, to dips in major botnet output.
On that day, spam output from both the Cutwail and Rustock botnets went down sharply, as did spam emanating from “unknown/other” sources.
“We think that fewer bots were sending spam for both Rustock and Cutwail on that day, causing the decrease in output,” said Dan Bleaken, senior malware data analyst at Symantec Hosted Services, on a company blog.
“This would happen if bots were reassigned to some other task, the bots were lost, or if demand from spammers simply wasn’t there."
Bleaken suggested the closure of a spam affiliate named Spamit, a “mainstay of the so-called ‘Canadian Pharmacy’ business,” could have been the cause of the fall.
“Approximately two-thirds of all spam is related to pharmaceutical products, and a great deal of that is related to Canadian Pharmacy websites and related brands, which sell a variety of pills/drugs for anything from male enhancement, to weight loss, to stress relief,” he explained.
“It’s an enormous money making machine in the shadow economy, and spammers line up to work with affiliate schemes such as Spamit, distributing enormous volumes of rapidly changing spam and taking commission for their efforts.”
If Rustock, a botnet which puts out a significant portion of pharmaceutical spam, was heavily reliant on Spamit, then this could have caused the drop earlier this month, Bleaken said.
Cutwail, which covers more bases in terms of spam types, including pharma spam, could also have been hit but to a lesser extent than botnet giant Rustock.
"Many Cutwail spammers would have happily carried on with business as usual,” Bleaken added.