My Spam analysis for July 28 - Aug 4, 2008
I'm writing this two days late, due to other commitments over the weekend.
This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.
MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.
MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.
The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category; "Other."
For the last couple of weeks most of the spam/scam email I saw or auto-deleted, was in the form of ludicrous news headlines in the subject and body and a single link to website where your computer is bombarded with multiple exploits. Should your computer be too well protected to fall for the automatic exploits there is one left trick that is netting as many victims as the auto-exploits do. The web page presents you with a fake PornTube or YouTube player containing a notice that you must click to download a missing video codec to play the movie. Of course, the only thing downloaded when one clicks on the image is a copy of a Trojan installer file and your computer instantly becomes a Zombie member of a Botnet.
The most recent spate of video exploit link spam has a subject and sender containing the words "Daily Top 10" and has multiple stacked lines of "news" links, all leading to a single web page with a payload named "get_flash_update.exe" - or a variation thereof. This is malware that has been identified as being either a "Zlob" or "Storm/Nuwar" Trojan variant. If you are lured to a web page containing such a link (mouse-over links to see their destination in your browser's status bar, on the bottom), and you survive the automatic attempts to exploit browser vulnerabilities, do not click on those executable links!
MailWasher Pro spam category breakdown for July 28 - August 4, 2008 (one extra day). Spam amounted to 42% of incoming email this week.
| Other filters: (See my MWP Filters page) | 21.33% |
|---|---|
| Exploit link to Trojan download: | 21.33% |
| Blacklisted Domains/Senders: (by pattern matching wildcard rules) | 11.33% |
| Loans/Bankruptcy/Insurance Scams: | 9.33% |
| Known Spam Subjects: | 6.00% |
| "Opera Mail" Spam: | 4.67% |
| "Apple Mail" Spam: | 4.67% |
| Angelina Jolie Video Exploits: | 4.67% |
| Counterfeit Watches: | 4.00% |
| Male enhancement spam (subject or body): | 3.33% |
| Pharmaceutical spam (inc. Viagra, Cialis, Levitra & misc. pills & herbals): | 3.33% |
| Digits or Consonants forged sender: | 2.67% |
| DNS Blacklists: | 2.67% |
| Bayesian learning filter: | 1.33% |
If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).
Get Norton 360 Version 4.0 - All-In-One Security.
If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.
Wiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. 