My Spam analysis for the week of Nov 16 - 22, 2009
This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.
MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.
Spam levels have decreased 1% this week from last week's level. Furthermore, there has been a big drop in the number of male enhancement scam emails I have captured. This is almost entirely due to the hijacking and sinkholing of the Ozdok/Mega-D Botnet. That Botnet was taken down last week by the efforts of FireEye, a security firm that hijacked the Ozdok Bot command structure and redirected requests for updates from the zombies in the Botnet to a blackhole/sinkhole IP. They also notified all of the companies hosting the Command and Control servers used by the Botnet and those servers were all taken offline. This was all accomplished in a mere 24 hours, thanks to a lot of co-operation and investigative work.
Before the takedown, Mega-D was responsible for most of the World-wide plague of male enhancement spam messages, going back to at least 2007 (or late 2006). Those are the messages promoting unreal enlargement results from various bogus pills and herbals.
The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week was for fake Viagra and other unlicensed prescription drugs from China. Not surprisingly, the Nigerian scammers were busy again last week, promoting their advance fee fraud 419 scams. 100% of all email coming to me, with African IPs in the headers, are 419 scams. I have a MailWasher Pro filter to detect and block African Senders.
Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."
You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details)
See my extended comments for this week's breakdown of spam by category, for Nov 16 - 22, 2009 and the latest additions to my custom MailWasher Pro filters.
MailWasher Pro spam category breakdown for Nov 16 - 23, 2009. Spam amounted to 9% of my incoming email this week. This represents a -1% change from last week.
| Viagra: | 17.65% |
|---|---|
| Unlicensed Prescription Drugs: | 17.65% |
| Known Spam Subject: | 11.76% |
| "RIPE" IP Space: | 11.76% |
| Nigerian 419 Scams: | 11.76% |
| Pharmaceutical Spam: | 5.88% |
| Pills: | 5.88% |
| Phishing Scams: | 5.88% |
| APNIC sender: | 5.88% |
| African Sender: | 5.88% |
MailWasher Pro intercepts POP3 and IMAP email before you download it to your desktop email client (e.g: Microsoft Outlook, Outlook Express, Windows Live Mail) and scans it for threats or spam content, then either manually or automatically deletes any messages matching your pre-determined criteria and custom filters. It is my primary line of defense against incoming spam, scams, phishing and exploit attacks. If you are not already using this fine anti-spam tool I invite to to read about it on my MailWasher Pro web page. You can download the latest version and try it for free for a month. Registration is only required once, for the life of the program.
To protect your computer from web pages rigged with exploit codes, malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security. It has strong realtime monitoring modules that stop rootkits and spam Trojans from installing themselves into your operating system. Also known as PC-cillin, it is very frequently updated as new and altered malware definitions become available and it checks for web based threats and new malware definitions by searching secure online servers owned by Trend Micro. This is referred to as "in-the-cloud" security.
All of the spam and scams targeting my accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted. MailWasher Pro is able to forward messages marked as spam to SpamCop, which then sends a confirmation email to you, containing a link. You must click on the enclosed reporting link and open it in your browser, then manually submit your report. This is how SpamCop wants it done.
Get Norton 360 Version 4.0 - All-In-One Security.
If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.
Wiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. 