After one of the quietest spam periods in Commtouch recorded history, spammers are clearly back at work. The quiet period neatly matches the Christmas-New Year holiday season but also seems to add the Russian New Year and Russian Orthodox Christmas (Friday 7th of January). Outbreaks resumed on the 9th. The graph below shows received global traffic in Commtouch’s GlobalView Network.
The renewed spam campaigns are reported to be emanating from the Rustock botnet. A typical email detected in the last day as part of the outbreak is shown below.
The emails all redirect via Russian and Polish domains to “Pharmacy Express”. In our view this is a competitor of the “Canadian Pharmacy” chain that was linked to Spamit and which closed down in late 2010.