"Symantec cautions users to continue to be on guard against spam and malicious code attacks as attackers have traditionally tried to leverage festive session and topical global events to lure users into opening and responding to their messages," said Vincent Weafer, senior director of the Symantec Antivirus Research Center.

Launching Christmas Campaigns

Symantec warned that control systems would be reestablished and the McColo shutdown would drive spammers toward peer-to-peer botnets, which are more resilient. It also warned that the end of the year sees a large increase in spam volume, often driven by holiday spending. The profit motive encourages spammers to find a way to get their messages to victims.

Indeed, while the McColo shutdown was a significant blow to spammers, volumes will probably continue to rise in time for Christmas, according to Graham Cluley, a senior security consultant at Sophos.

"The spammers guys are back in business with their unwanted e-mail campaigns," Cluley said. "The spam levels may not have yet returned to their pre-McColo-shutdown heights, but the bad guys have been working hard ramping up their infrastructures in readiness for their Christmas campaigns."

Now, Srizbi, one of the largest botnets on the Internet, has new life. Asprox, Mega-D and Rustock are also up and running again. This time, spammers are looking to Internet service providers hosted outside U.S. borders, making them more difficult to shut down. For example, security firm FireEye is reporting at least 50,000 Srizbi machines are hosted on Estonian-based servers.

The Move to Luxury Spam

"The hackers who run the botnets will change the infrastructure of their botnets, adopting a more distributed model to mitigate the damage done by the McColo shutdown," Cluley said. "Several smaller botnets were already following this model. However, because the big (old-fashioned) botnets were still working, there was no need for them to change their methods. The closing of McColo has forced changes."

Cluley recently blogged about how spammers are beginning to put more emphasis behind spams promoting luxury goods like brand-name watches and handbags -- although typically these are cheap faked goods -- as the Christmas holiday approaches.

"The credit crunch will make people be keener than ever to bag a present at a bargain price," Cluley said, "but purchasing goods sold via spam is only going to perpetuate the problem of junk e-mail."