On Monday, January 14 2019, we saw a sudden spike in spam of the Emotet and Snowshoe Marketing variety from our detection tools.
Here is our data from the Monday and 30 days prior. It shows that Emotet has been fairly inactive for the past two weeks, with a tremendous spike on Monday. Emotet is a banking trojan that is mainly spread by email spam, and is one of the more prominent malware strains of today.
Here is our data for snowshoe marketing spam. This particular type of marketing comes scattered across many different IP subnets, and uses ‘throwaway/disposable’ domains to pump out spam. It has been fairly active for the past week, but has increased in output by at least 50% on Monday.
A good theory behind the reason of this spike, which has been expressed and agreed upon by some security researchers, is that the timing falls in line with the end of ‘Russian Christmas‘. This may suggest a connection between these two forms of spam campaigns and the actors behind them. What this means is that we should expect more spam in our inboxes from here onward.
Of course, with good spam filters or anti-spam products in place, this would only mean more messages in your ‘junk’ folder, or more blocked connections at the SMTP level.