Spam is becoming increasingly prevalent. It clogs up our inboxes and wastes our valuable time as we wade through the messages to determine if any genuine emails have slipped through the cracks. However, spam causes much more damage than you may even realize.

Millions of Internet email users enjoy sending and receiving email messages as a free component of their Internet service. This enables you to save the cost of envelopes and postage and to communicate quickly and easily with friends and family worldwide. Unfortunately, the increase in spam means the free email services are not actually free.

Web Hosts and Internet service providers pay for bandwidth to provide their free email services to consumers. By increasing the mass spam email messages that are sent, the companies end up increasing their operating costs. You may be wondering how all of this affects you.

Being forced to send mass emails raises the costs for Internet service providers. In order to help pay for these services and reduce their overhead costs, the ISPs have to charge consumers more. This means you end up having to pay more for your Internet services.

Certain ISPs charge outside companies to spam or add pop-ups to your homepages to lower their costs. Because the advertisers are forced to pay for their pop-ups, consumers who use their services usually end up receiving a lower rate.

Other companies are able to keep their costs down by using affiliations to assist them. By using a search engine affiliation, these companies can provide you with a more competitive rate to use their services. They also employ improved pop-up prevention which is an added bonus.

Threat Research & Content Engineering (TRACE) is a group of security analysts who continuously monitor and prevent online security threats. According to their security researchers, approximately 85 percent of all spam email messages are being generated by only 6 botnets which include Mega-D.

The Srizbi botnet is currently responsible for generating 39 percent of the spam in February, taking over from the previously dominant Mega-D botnet which was taken down by the operators for 10 days in January. The second-place botnet is Rustock which generates approximately 21 percent of the spam, followed by Mega-D at 9 percent. The top six offenders include Hacktool.spammer with 8 percent, Pushdo with 6 and Storm that generates 2 percent.

A sales engineer for Marshal, Glen Meyers, confirmed “We can’t tell who owns these botnets, but Mega-D, the number one source in January, went quiet for 10 days in February, and the others ramped up, advertising some of the same products.” Most of the spam email messages created by the Rustock, Srizbi and Mega-D botnets promote male enhancement drugs like Viagra and herbal remedies. Therefore, there is a possibility that the same people are responsible for these botnets.

Meyers provides another possibility: “The advertiser is told by the botnet operator that he’s shutting down and looks for an alternate source. We can’t know that from looking at the spam.” He also confirms that although they can determine that the spambots are coming from a new source, they are unsure whether they are being controlled by the same advertisers or the same spammers. Regardless, “it appears the botnet operators are actually competing with each other” according to Meyers.

The Storm botnet is comprised of approximately 85,000 zombie computers and was the main generator of spam last year. However, it is currently responsible for only 2 percent of all spam. Meyers believes the Mega-D operators shut down their botnet due to fear of the publicity it generated: “It’s been around for more than a year, and when we announced in January that it was the number one botnet, it spooked them and they took things offline.”

Mega-D re-emerged in late February, generating 21 percent of all spam. At its peak which occurred in January, it was responsible for one-third of all the spam. Srizbi quickly overtook the botnet, using celebrities in its spam campaigns to lure unsuspecting users. The researchers at Sophos, a security vendor, have noted the re-emergence of the Pushdo botnet that was common with spammers in late 2007.

According to Richard Wang, the manager of Sophos’ US labs, variants of Pushdo were created on a weekly basis during the summer of 2007. However, the botnet’s activity level subsided during the first few months of 2008. According to Wang, “we haven’t seen much activity from Pushdo for a few weeks.” However, his security team recently noted a very large amount of spam being generated from a new variant of Pushdo.

The creators of Pushdo codes change them frequently in order to defeat the perimeter defenses used by many organizations. Instead of writing itself to disk, the spam generally delivers a payload that is encrypted and will infect the memory of the computer. Wang confirmed that it’s difficult to determine whether Pushdo is being generated by a group or a single individual.