My Spam analysis for the week of Feb 22 - 28, 2010
This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.
MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.
Spam levels have decreased 5% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.
The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a typical variety of categories of spam, including a lot of spam for counterfeit watches, illicit drugs, fake Viagra, Canadian Pharmacy scams, pirated software, casinos and fake diplomas. My updated blacklisted senders list proved effective again this week, auto-deleting over 9% of all incoming spam (see my extended content for details).
Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."
You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).
See my extended comments for this week's breakdown of spam by category, for Feb Feb 22 - 28, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.
MailWasher Pro spam category breakdown for Feb 22 - 28, 2010. Spam amounted to 47% of my incoming email this week. This represents a -5% change from last week.
Pharmaceutical Spam: | 20.34% |
---|---|
Viagra: | 19.31% |
Known Spam Domains: | 12.41% |
Counterfeit Watches: | 10.69% |
Other Filters (misc filters): | 10.00% |
Blacklisted Senders (dating scams & Viagra, etc): | 9.31% |
Casino Spam: | 3.79% |
Canadian Pharmacy: | 3.10% |
Phishing Scam: | 3.10% |
Diploma Scams: | 3.10% |
Exploit Link: | 2.41% |
Software (Pirated) Spam: | 2.07% |
DNS Blacklisted Servers: | 0.34% |
This was a busy week for updates to my custom spam filters. The latest updates to my custom MailWasher Pro filters were to these filters:
African Sender
Casino Spam
Male Enhancement [B]
Nigerian 419 Scam #3 [S F R]
Nigerian 419 Scam #5 [B]
RIPE
Russian Sender
PayPal Phishing Scam #1
Pharmaceuticals [S]
Phishing Scam [S or F]
Phishing Scam [B]
Software Spam
Unlicensed Prescription Drugs
Viagra.com Spam
(New Filters Added This Week)
(New) Blogger Exploit Link
Split Nigerian 419 Scams into 6 filters & disabled original
The following recent MailWasher Pro Email Blacklist entries were able to block over 9% of this week's spam. Some weeks will have higher percentages of blacklisted senders, depending on which Botnets are used to send those messages, with forged sender names and email addresses. Since the Blacklist is processed before the custom filters, the processing time and cpu load is greatly reduced.
+@+.cn
+@+.de
+@+.hk
+@+.jp
+@+.kr
+@+.ru
+@+.tw
[email protected]
+@*.hinet.net
+@*ukrtel.net
[email protected]
[email protected]
[email protected]
[email protected]
notification*@googlemail.com
[email protected]
[email protected]
About MailWasher Pro
MailWasher Pro intercepts POP3 and IMAP email before you download it to your desktop email client (e.g: Microsoft Outlook, Outlook Express, Windows Live Mail) and scans it for threats or spam content, then either manually or automatically deletes any messages matching your pre-determined criteria and custom filters. It is my primary line of defense against incoming spam, scams, phishing and exploit attacks. If you are not already using this fine anti-spam tool I invite to to read about it on my MailWasher Pro web page. You can download the latest version and try it for free for a month. Registration costs just $39.95 and is only required once, for the life of the program.
All of the spam and scams targeting my accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted. MailWasher Pro is able to forward messages marked as spam to SpamCop, which then sends a confirmation email to you, containing a link. You must click on the enclosed reporting link and open it in your browser, then manually submit your report. This is how SpamCop wants it done.
If you use a POP email client on your desktop to send and receive your email, rather than your browser, you too will benefit from the added protection that MailWasher Pro provides. I can't even begin to tell you how many dangerous attachments, exploit encoded messages, 419 fraud, as well as courier, bank, eBay and PayPal phishing scams, plus hundreds of hostile link emails it has deleted, after identifying them with my rules and its own heuristic and known spam detections.
Finally, many security threats will come to you via spam email; some in hostile attachments, some as "phishing" scams, some as financial fraud or money laundering scams, and many more in links to web pages rigged to serve up exploit codes or Trojan downloads.You need really good up-to-date protection to fight off the multitude of attack codes flying like machine gun bullets these days. To protect your computer from web pages rigged with exploit codes, malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security (or Internet Security Pro for travelers). It has strong realtime monitoring modules that stop rootkits and spam Trojans from installing themselves into your operating system. Also known as PC-cillin, it is very frequently updated as new and altered malware definitions become available and it checks for web based threats and new malware definitions by searching secure online servers owned by Trend Micro. This is referred to as "in-the-cloud" security. Best of all, you can try it fully functional for a month, then decide to pay to keep it or uninstall it.
See you all next week, same time, same station! Keep the sunny side up and don't take no wooden nickles!
Wiz - out