A managed security vendor has noticed a significant drop in spam in recent weeks, which it theorized could be due to many old, infected computers being replaced by shiny new systems given as Christmas presents.

SoftScan, based in the U.K., noticed a 30 percent reduction in traffic around the first week of January. The company was still looking into the reasons why but speculated it could be either a major botnet (define) going offline or possibly new Christmas computers replacing older ones that were unknowingly infected.

Gone are the days of Sanford Wallace, when spammers set up a formal organization and everyone knew where to aim. Now, it's all underground, with infected personal computers that pump out spam without the user knowing it.

Gartner estimates that 80 percent to 90 percent of all spam generated in North America comes from computers that are unknowingly infected.

"Today we have a situation where hundreds and thousand of machines are infected without their users' knowledge. It doesn't affect them directly, apart from perhaps the machine occasionally going slow, but that one machine in the right hands causes misery to thousands of others," wrote SoftScan CEO Diego d'Ambra in a posting discussing the issue.

Opinions are mixed as to what could cause such a drop in spam. Randy Abrams, director of technical education at antivirus vendor ESET, thinks it was a botnet disruption. "But I don't think it will last for long. It is also possible that security people were getting too close to the controller so the bot-herder took it down to make changes," he told internetnews.com. "They'll be back."

However, Natalie Lambert, senior analyst for client security and client management at Forrester Research, believes the Christmas deployment theory is very plausible.

However, she adds "I also think that there's always a huge uptick of spam before any holiday. Given that it was Christmas, one of the biggest holidays of the year, there's a lot of incentive getting that spam out there." The decline in early January could simply be the end of Christmas "promotions," for lack of a better word.

She thinks that just replacing infected machines isn't enough to take a 30 percent divot out of spam loads. It's likely a combination of new spam blockers, clean machines and the end of the holidays.

Mike Irwin, COO for Webroot and formerly with Brightmail, doesn't believe new PCs played a part. "We've gotten to a point where PC churn is fairly normalized. There's seasonal PC buying, and I haven't seen that be attributable to any decrease in spam. We've been through five Christmas cycles where spam is still a problem, and we haven't seen a notable decline after the holiday," he said.

It's hard to determine the impact of new computers because the old systems they replaced might still be in use somewhere. "The question is how many were cleaned and how many are just repurposed or passed on with the malicious software intact?" said Abrams.

This article was first published on InternetNews.com. To read the full article, click here.