My Spam analysis for Nov 24 - 30, 2008
If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.
This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.
MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.
MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.
The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.
Before I get into the various categories of spam received this week, I want to mention the fact that while the volume of spam is still down from October and early November, it is definitely on the rise, with a 10% increase from last week. The volume of spam had dropped to near zero a couple of weeks ago, due to the termination of service to a server co-location hosting company, named McColo. McColo's customers were responsible for over 75% of the daily spam sent from zombie computers in several major Botnets. The "zombie" computers in these Botnets were unable to receive instructions from their mothership controllers and had mostly fallen silent; but have now begun to awaken.
When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common types of spam this week is for fake watches and various pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. Spam for the fake "Canadian Pharmacy" remained strong as usual, but was surpassed for a second week by spam caught by my "Hidden ISO Subject" filter. Most of the Hidden ISO spam is for Indian Viagra or ineffective male enhancement pills and patches.
"Canadian Pharmacy" and it's offshoot "Canadian Health and Care Mall" is a scam website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The prescription drugs and herbal remedies promoted by the fake Canadian Pharmacy come from a lab in India, named after a flower. Those prescription drugs are illegal to import into the US or Canada and may be seized by postal inspectors upon arrival.
The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, Power Gain Plus, or other herbal enlargement formulas, all of which are scams. Male enhancement pills are totally ineffective and may even be dangerous to your health.
MailWasher Pro spam category breakdown for November 24 - 30, 2008. Spam amounted to 25% of my incoming email this week, with 74 spam messages analyzed.
Hidden ISO Subject: | 27.03% |
---|---|
Blacklisted Domains/Senders: (by pattern matching wildcard rules) | 13.51% |
Fake "Canadian Pharmacy" spam (Viagra, Cialis, etc): | 13.53% |
Other filters: (See my MWP Filters page) | 10.81% |
Counterfeit Watches: | 8.11% |
Known X-Mailer Spam: | 5.41% |
Viagra spam: | 4.05% |
DNS Blacklists: | 4.05% |
Fake Diplomas: | 4.05% |
Lottery Scams: | 2.70% |
HTML Tricks: | 2.70% |
Misc. Pharmaceutical spam (inc. Viagra, Cialis, Levitra & misc. pills & herbals): | 2.70% |
Bayesian learning filter: | 1.35% |
If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).
All of the spam and scams targeting my accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted. I never buy anything that is Spamvertised and recommend you don't either! Remember, almost all spam is now sent from compromised home or business PCs, zombies in various Botnets, all of which are controlled by criminals. If you purchase anything advertised in spam messages, you have given your credit or debit card information to the criminals behind that enterprise. If you are really lucky you will only be charged for the fake items you purchased, but, if not, you might find your credit limit used up, or your bank account emptied (for debit card transactions), by cyber criminals.
Also, unsubscribing through links in botnet-sent spam messages is futile, as you never opted-in, in the first place; your email address was captured by an email harvester on an infected computer belonging to somebody you corresponded with. Instead of receiving less spam as one might expect (by unsubscribing), all it does is confirm that your email address is active and you will see even more spam than before.
Another common way your email address may get harvested by spammers is if it appears in a large C.C. (Carbon Copy) list on a computer that gets Botnetted. Many people engage in forwarding messages among all their friends. Each time they forward chain letters their address gets added to the growing list of recipients (called Carbon Copy, or CC). If just one recipient of that message has an email harvesting malware infection, all of the email addresses listed in that message will be sent home to the spammer behind that spam run.
Smart folks who want to forward or send a message to multiple recipients use B.C.C. instead of C.C. Using B.C.C. hides all of the recipients from displaying. The To field will just show "Undisclosed Recipients" in a message sent using B.C.C. This is safest for you and your friends or mailing list. All email clients have a means of displaying a B.C.C. field.