In providing email security to more than 50,000 businesses and 15 million business users, Google security and archiving services, powered by Postini, process and cull spam from more than three billion enterprise email connections every day. This gives us strong insights into the state of the spam industry, some of which we share in regular posts to this blog.
Read on for a quick overview of spam trends and events in the first quarter of 2009.
Spammers have clearly rallied following the McColo takedown, and overall spam volume growth during Q1 2009 was the strongest it's been since early 2008, increasing an average of 1.2% per day. To put that number into context, the growth rate of spam volume in Q1 2008 was approximately 1% per day – which, at the time, was a record high.
Of course, like every year before it, 2008 set a new record for overall spam volume. But in 2008 spam growth flattened over the summer and early fall, and then fell off a cliff after the McColo takedown (daily growth declined to .8%, .3%, and then .01% in the last three quarters of the year). This pattern raises some interesting questions regarding what we can expect in the rest of 2009: Will spam growth once again flatten or decline after a strong first quarter? Or have spammers – as part of their recovery from the McColo takedown – rebuilt botnets to be capable of sustaining or even accelerating this early growth spurt?
It's difficult to ascertain exactly how spammers have rebuilt in the wake of McColo, but data suggests they're adopting new strategies to avoid a McColo-type takedown from occurring again. Specifically, the recent upward trajectory of spam could indicate that spammers are building botnets that are more robust but send less volume – or at least that they haven't enabled their botnets to run at full capacity because they're wary of exposing a new ISP as a target.
New types of spam
The most significant development in spam vectors this quarter was the appearance of location-based spam. In this type of attack, users click on a link in a spam message and are directed to a page that contains a fraudulent news headline describing a crisis or disaster in a major city nearby. The attack customizes the location for each user by determining the geolocation of the user's source IP and then identifying the nearest major city. The addition of location creates a heightened level of interest, and the user is tempted to click on the embedded video – which in turn downloads a virus to his or her machine.
Meanwhile, the economy, financial markets, job cuts, and resume help continue to be the most prominent topics spammers are employing as lures for more traditional attacks. We also saw increased spam activity around the U.S. presidential inauguration and St. Patrick's Day, in keeping with the recent propensity spammers have demonstrated for reading the news and keeping their eyes on the holiday calendar in targeting their attacks.
Virus roundup
In early 2008, a trend emerged in which we saw spam messages with attached viruses (otherwise known as "payload viruses") spiking every Sunday, possibly targeting a maintenance window to catch corporate defenses when they were undergoing scheduled updates.
This year we've seen the payload viruses spread out across every day of the week, with no immediately obvious pattern in their distribution. It's difficult to say for certain what prompted the change, but one possible explanation is that spammers switched tactics because they weren't seeing the success they'd hoped for from the focused attacks.
Of course, payload viruses have also seen a recent spike overall -- in the month of March we saw a 9x increase from February. This pales in comparison to the highs we saw last summer, but it may indicate a developing trend that's worth keeping a close eye on.
Viruses delivered as a blended threat (when a spam message directs a user to a malicious website, which then results in a virus being downloaded to the user's computer) continue to be popular with spammers. E-cards are one of the best examples of this vector, and Valentine's Day saw a flurry of activity using e-cards to direct users to malicious websites.
Conclusions
Spammers continue to prove their resilience -- whether it's bouncing back from the biggest takedown on record or finding new ways to exploit the ways we communicate for malicious purposes, they're clearly here to stay. And Google believes firmly in the power of the cloud to protect your enterprise from them: Outsourcing message security to Google enables you to leverage our technical expertise and massive infrastructure to keep spammers from your door. See howmuch spam is costing your business, learnhow much you could be saving with Google Message Security, or contact us for more information.
Posted by Amanda Kleha, Google security and archiving team
If you are an existing access provider (via the Webmaster Tools Access Provider program), you will be automatically enrolled in the new program, but will still need to integrate the new services into your control panel (with their APIs). Certain services may need additional approvals. Any hosters interested in learning more can check out the Google Services for Websites Access Provider site and sign up today.
Webmasters: let us know what you think! And if these tools aren't yet available through your hosting company, send them a link to this post and let them know we're here to help.
Posted by Nitin Mangtani and Dave Kim, Google Enteprise Search team
In addition to seeing charts, administrators can now download CSV reports of domain usage straight from the control panel.
Want to graph the data differently or perhaps even access additional information such as the number of accounts that have been idle in the last 60 days? No problem. With the Google Apps Reporting Visualization API you can retrieve a wide range of usage reports for your domain and display them using a large selection of visualizations created by the developer community.
All of these enhanced reporting and visualization features are available for Google Apps Premier, Partner, and Education Editions. Enjoy!
Posted by Lily Xia and Nick Cooper, Google Apps Engineers
This screenshot shows a corporate intranet for a fictitious produce company, Organic City. Everyone who visits the site will see the welcome message, important links, and company news gadgets. Joe, a farm manager, also sees three personal gadgets that he's added: last year's harvest data, the breakdown of the company's dairy products, and an organization chart. Joe gets not only general company information but also information that is important just to him every time he visits the intranet.
Private gadgets: Until now, all gadgets had to be public, which meant anyone who knew the URL could view the source code. Now domain admins can upload gadgets to Google Apps, and only members of their domain will be able to see and add these gadgets to their Sites. You can find these gadgets in a directory with your company's domain name in the gadgets directory.
End-to-end security: We've also added support for gadgets to match the security of the site itself. If a Google Site is encrypted, then your gadget data will be encrypted from the source code to the browser.
Developers can learn more about writing gadgets on Google Code. Domain administrators should visit the Help Center to find more information about setting up a private directory for their company.
Go gadgets!
Posted by Barnaby James, Software Engineer, Google Enterprise Team
As a Google Apps Authorized Reseller and enterprise deployment partner, most of Cloud Sherpas' work focuses on helping clients migrate legacy enterprise messaging environments – Lotus Notes, Microsoft Exchange, Novell GroupWise, and others – to Google Apps. These migrations can take a long time depending upon the number of users, amount of data to be migrated and complexity of the legacy systems.
When Neal Miller, a Partner at TechCFO, came to one of our Google Apps demos, he had a more pressing problem to address: how to help the firm's partners located across the country more easily share their expertise as CFOs to benefit all of their clients. This problem was concerning to them since the company's prime asset is the partners' financial knowledge – unlocking its potential would pay dividends to TechCFO. TechCFO's solution at the time was to upload documents to the public folders in their hosted Exchange server – but it was really difficult to search for information. The partners needed something that was simpler to search, simpler to access and provided better performance. Google Sites provided us with the tool to address their needs. Additionally, we developed the Google Sites Bulk File Uploader to help manage the migration of 100's of documents into a unique nested Google Site format.
Google Sites has proven to be a tool that TechCFO can use for multiple purposes. Since the firm needs to share information and collaborate on financial strategy and planning with its clients, we also created Sites they could easily use with people outside their firewall. Each client Site provides a secure "workspace" that is only shared with that client since they may post financial models or legal documents to it. We also built TechCFO a company intranet to share HR information, announcements of new team members and other company news.
Working with TechCFO opened my eyes to another way that companies interested in Google Apps can get started – through Google's collaboration apps. Using Google Sites, TechCFO saved thousands of dollars over other collaboration options – and the firm will save even more when it moves over other applications such as Gmail and Google Calendar. Google Apps has opened up a mountain of possibilities – though sometimes you need the help of a Sherpa to get you to the top.
Cloud Sherpas (www.CloudSherpas.com) is a cloud computing systems integrator and application developer. As a leading Google Enterprise partner, Cloud Sherpas helps organizations leverage Google Apps and Google App Engine to dramatically reduce IT expenses. The company delivers deployment, change management, support and development services to commercial, enterprise and educational institutions seeking to adopt cloud computing. Cloud Sherpas is a Google Apps Authorized Reseller and enterprise deployment partner. The company also supports cloud computing solutions from EMC/Decho, TriCipher and other best-in-breed vendors.
Thanks to TwitterSheep for this cool illustration, displaying the self-proclaimed attributes in the profiles of our followers.
"Twitter?," some may ask. It's the 140-character "microblogging" site that's gained a huge fan base for both individuals and organizations – and we're glad to be joining the ranks. We think it will be a great community and home for the Google Enterprise team, and we hope that you'll follow us there. Here's how:
If you're already using Twitter, simply click here and choose "follow". If you're not using Twitter yet, sign up here – it's easy, and free – and then "follow" GoogleAtWork.
This blog won't change at all based on our use of twitter – except in one way: you can now see a stream of our twitter conversation on the right margin of this page (you may have to scroll down a bit).
If you have ideas or suggestions about how you'd like to see us use twitter, add them here – or better yet, follow us and enjoy the new voice of GoogleAtWork .
Posted by Ellen PetryLeanse, Google Enterprise Team
As those who tune in know, the Oscars aren't just about the movies – they're about the fashion. In some sense, the same holds true for the Google Search Appliance: It's not just about designing the best search experience possible. It's about being well put together.
Setting up an enterprise search solution has traditionally been an "unattractive" prospect: hordes of databases, ranks of whirring servers, blinking lights and backups disks, all strung together with a mass of twisting wires and cables. Not exactly suited to the red carpet.
At Google, our approach has been to pair simple and timeless yellow attire with the power to index 10 million documents in a single box.
We're honored to have been recognized, and ultimately, we see this as being all about our users and customers. The feedback we get from you, the work of our partners and system integrators, the efforts of IT administrators who continue to push the envelope of the appliance and what search can do – none of our work is possible without you. You...complete us.
