IBM X-Force Finds Spammers Keep Normal Work Week, Hours

(Illustration: Shutterstock)

A recent study by the IBM X-Force Kassel, a research team that operates “massive spam honeypots” to examine the trends in unsolicited emails, has found that most spammers keep normal business hours and operate predominantly during the usual work week.

“Over 83 percent of all spam was sent during weekdays, with significant drops on weekends across the different geographies where spam messages originated. Over the six-month period we analyzed, the biggest day for spam was Tuesday, followed by Wednesday and Thursday,” wrote Limor Kessem, IBM executive security advisor, and Mark Usher, researcher with X-Force Content Security. “In the different zones on the globe, X-Force data showed that spammers like to get their sleep at night, even though there was an undercurrent of some spam activity that persists 24 hours a day.”

According to Kessem and Usher this trend is likely due to the fact that spammers want to send targeted attacks at times when their targets are most likely to open them.

However, the research found that there are spammers working at all hours of the day, in part due to spam bots that can be scheduled in advance.

“Botnets such as Necurs never sleep, and their zombie members can be programmed to spew out spam at any time of day,” said Kessem and Usher.

India and South America, the two regions with the highest spam volume, most closely followed the above trend of spamming hours. However, China and North America, who ranked third and sixth in spam volume respectively, did not follow the trend.

“The similarity found between North America and China was somewhat surprising. In those regions, spam was the most constant and consistent throughout the week, without a notable drop at any point,” Kessem and Usher wrote.

“Nowadays, malware is more sophisticated than ever, and its delivery methods are not falling short. Spammers and spam botnets launch millions of malicious messages every day, hoping to get through to potential victims, infect new endpoints, invade another organization and keep rolling the cash laundromat that drives cybercrime,” Kessem and Usher wrote. “By learning their methods and tracking their activity, defenders can better manage risk and keep their organizations safer from spam.”

Recent