The volume of e-mail spam is declining — down one-third from last summer’s level — while sophisticated phishing attacks and exploit kits are coming in greater numbers.

M86 Security Labs divulged the bittersweet findings Monday, Feb. 14, in its latest report that summarizes observed malicious activity online from June to December 2010. The company’s researchers produce the threat report twice a year.

“It’s good and bad. If you look back at the spam volume index, it’s a real roller coaster,” said Bradley Anstis, M86’s vice president of technical strategy, about the report’s data.

In M86’s newest report, the company charted spam volume from January 2008 to December 2010. There’s a noticeable dip at the end, which the researchers credit to botnet disclosures and the closure of the Spamit.com affiliate program. In a spam affiliate program, spammers are paid to inundate hapless Internet browsers with bogus websites and links.

“What an affiliate program basically does is they’re the interface between the actual site that wants to start marketing themselves through spam, and the actual guys who operate the spambot,” Anstis said.

M86 measures spam volume by a numeric index. The company started measuring in 2006, assigning the volume at that time as 1,000. When the spam volume doubled, it reached 2,000. The volume index at the end of June 2010 was approximately 10,000.  The company’s most recent measurement was less than 4,000.

That’s the good news. The bad news is that with the volume of spam down, attackers are finding new avenues for activity, which is why phishing and exploit kits appear to be on the rise.

Social media sites are a growing platform for cyber-criminals to lure users to take things like false surveys and obtain information. Phishers are also successfully posing as third parties, such as tax agencies, in order to scam people. They’re also refining exploit kits for other cyber-attackers who design and launch their own attacks. Exploit kits are packs of malicious programs that owners use to launch automated, malware-spreading attacks.

“Currently if you want to be a cyber-criminal, the first thing you need to do is basically buy an exploit kit,” Anstis said.

This is an example of a rising activity called malware as a service. Anstis predicts that malware as a service is heading toward arrangements where criminals sign up for a service, like an exploit kit running in the cloud. This way, they don’t have to run or install the technology on their own equipment; it’s hosted for them.

The report also mentions combined attacks employing two types of code, like Java and Adobe Flash Actionscript, to bypass security measures.

Anstis feels that the IT community must do more to inform end-users about the dangers and the types of threats they come from.

“The security industry — we need to do more and more of training, educating and enlightening people on these advanced phishing attacks and the latest sort of things that happen through social media sites,” he said.

Hilton Collins, Staff Writer Hilton Collins  |  GT Staff Writer

By day, Hilton Collins is a staff writer for Government Technology and Emergency Management magazines who covers sustainability, cybersecurity and disaster management issues. By night, he’s a sci-fi/fantasy fanatic, and if he had to choose between comic books, movies, TV shows and novels, he’d have a brain aneurysm. He can be reached at hcollins@govtech.com and on @hiltoncollins on Twitter.