The volume of mobile spam messages touting free gift cards sharply fell after the U.S. Federal Trade Commission (FTC) filed complaints in early March against eight companies, according to antispam vendor Cloudmark.
The fraudulent messages told users they could get a free gift card for retailers such as Best Buy, Walmart and Target in exchange for people's personal information. The messages are illegal under US law.
The FTC filed eight complaints in various U.S. courts against 29 defendants, accusing them of sending upwards of 180 million messages that confused consumers and often asked them to pay in order to receive the gift cards.
Gift card spam comprised more than 50 percent of all mobile spam messages in the U.S. around Feb. 18, according to Cloudmark's report, which covers the first three months of this year. It sharply dropped to less than 10 percent following the FTC's March 7 announcement.
Those named in the spam investigation are likely "out of the spam business now," said Andrew Conway, research analyst for Cloudmark.
Gift card spam still took the top spot for the most prevalent type of SMS spam for the first quarter of the year due to high volumes in January and February, Cloudmark said. The second most frequent type was payday loan scams, followed by bogus job listings, adult content and bank account phishing schemes.
Cloudmark, which also provides antispam products to ISPs, named in its report two companies that appear to be favored by spammers: a domain registrar called Internet.bs and Panamaserver.com, a hosting service.
Internet.bs had provided domain registration services for rogue internet pharmacies but recently curbed that practice, according to LegitScript, which offers a service that verifies the legitimacy of particular online pharmacies.
Cloudmark wrote that domains registered by Internet.bs were used for command-and-control servers that were part of the SpamSoldier botnet. The SpamSoldier malware targeted Android phones, masquerading itself as a legitimate game.
Internet.bs, which has country-code top level domain belonging to the Bahamas, is owned by two Panamanian residents, which complicates legal efforts to get the domains shut down.
"Internet.bs does a lot of very dubious domain registrations," Conway said. "But to shut one down, you have to serve legal papers for a Bahamian corporation for people in Panama. That's not tenable."
Cloudmark has flagged as suspicious about 80 percent of the IP space belonging to Panamaserver.com, which allows people to pay for hosting services with a higher degree of privacy using payment services such as Web Money or Liberty reserve, Conway said. Cloudmark's customers can decide whether they want to actually block content coming from those flagged IP addresses.
The email spam seen originating from its IP block targets people in Brazil. Conway said there is no antispam law in Brazil, but Cloudmark does flag the messages as suspect.
In the last two months, Cloudmark saw a major spam run from Romania using IPv6, an Internet specification that dramatically expands the number of IP addresses. But the problem is that IPv6 addresses are so plentiful that blocking an individual address has little effect on spam.
Conway said it's better for antispam products to throttle the number of messages that can be received from a block of IPv6 addresses. Cloudmark already flags 3.3 million of Romania's 14 million IPv4 addresses as having a reputation for spam, Conway said.
As it becomes more difficult to send spam from Romania, Conway said there are signs spammers may be using IP addresses in Belarus. "Spammers will follow the line of least resistance," he said.
Send news tips and comments to email@example.com. Follow me on Twitter: @jeremy_kirk