September 27, 2010

Tips on How to Avoid Spam Before it Reaches Your Server

The following is a guest article submitted by Veronica Henry, on behalf of GFI Software, a leading software developer that produces network and messaging security solutions for SMBs. More information about GFI anti-spam solution can be found at http://www.gfi.com/mes.

Spam comes in two varieties: the more harmless advertising form, or the more malicious - released with the intent to pilfer data. In either instance though, service disruption is a real possibility. Precious network bandwidth may become clogged, bringing company operations to a standstill. And proprietary or customer sensitive data breach can result in additional financial and reputation damages.

The question of how to avoid spam begins with the discussion of how your email address winds up in the hands of spammers. There are a number of ways, from employee misuse to directory harvest attacks. The answer then, lies in first learning to protect your online identity.

For many end-users, how to prevent spam is an afterthought. They may have grown accustomed to clicking the "spam" button on their email clients and giving no further thought to how their own actions may contribute to the problem. Consequently, corporations should consider employee education a critical component to their spam eradication policies.

Simple steps like not clicking on suspicious links or not copying other employees on chain emails could go a long way towards not introducing the problem into the work environment.

While a good initial strategy, in truth, these steps are often not enough. Sooner or later, an offender will appear in your inbox. So, in order to address the issue in the most efficient manner, a software-based solution is called for.

There are two forms of anti-spam software in this category: host (or pc) or server based. For the enterprise, a server solution, managed by skilled system administrators, is probably best. It works by identifying potential spam and filtering such that only legitimate emails are forwarded to the intended recipient on the corporate network. This can alleviate employees of the productivity-sapping task of managing spam, and can ease the strain on already taxed server resources.

Spam is a problem that doesn't show any signs of waning, so having a solid software-based solution, that is customizable, will ensure that your corporate network will become less susceptible to spam and its associated risks.

Additional readings:

Bayesian Spam Filtering
Why spamming is an easy business - and the problems it causes

This guest post was provided by Veronica Henry on behalf of GFI Software, a leading software developer that produces network and messaging security solutions for SMBs. More information about GFI anti-spam solution can be found at http://www.gfi.com/mes

All product and company names herein may be trademarks of their respective owners.

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

September 26, 2010

My Spam analysis & filter updates for the week of Sept 20 - 26, 2010

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have increased a whopping 12% this week, to 60% of all my incoming email. Most of the spam was typical junkmail for counterfeit Chinese watches, fake Cialis and Viagra, illicit prescription drugs and male enhancement scams. There was a continuation of a strange type of spam, with the subject "hello" and the body text: "How are you?" There were also some new variations of malware in attachments scams, such as fake UPS invoices and fake CV resumes in zip files. Finally, there was a measurable amount of spam for fake diplomas and pirated OEM software, hosted on Russian domains.

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses.

Sometimes, your own email address is forged as the sender, as well as being the recipient. The practice of forging the recipient's own email address in the From field is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Sept 20 - 26, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

MailWasher Pro spam category breakdown for Sept 20 - 26, 2010. Spam amounted to 60% of my incoming email this week. This represents +12% change from last week.

Effective August 22, 2010, the custom filters are written for all versions of MailWasher versions. There is a brand new version 2010 that was just released in July, 2010, which uses a totally different xml filter format. After many hours of hand editing, I have converted the old filters into the new xml format. You can download my spam filters from my MailWasher Pro spam filters page

Here are some facts from my MailWasher Statistics for the past week. Of the 478 incoming email messages that were classified as spam, 437 were classified by my custom filters, 25 were deleted by my custom Blacklist, and 16 from the DNS Servers Blacklist (mostly the SpamCop Blocklist (SBL)). I actually saw 65 spam messages (but classified by filters set to manual deletion, for safety), all of which I reported through my SpamCop reporting account. The rest were automatically deleted by my other custom filters and Blacklist. See the updates to my filters below the spam categories list.

finger pointing right MailWasher Pro by Firetrust
Fake Cialis & Viagra (dangerous): 23.22%
Pills: 11.92%
Pharmaceutical Spam (dangerous & illegal): 11.30%
Male Enhancement Scams (fake & dangerous): 10.88%
Watches (junk knockoffs): 9.41%
Other Filters (misc filters with small percentages): 8.37%
Blacklisted Senders (dating scams & Viagra, etc): 5.23%
Exploit Codes: 5.02%
Known Spam Domain Links (mostly .RU - Russian): 3.97%
DNS Blacklists (SpamCop, Spamhaus, etc): 3.35%
Diploma scams: 2.93%
Russian Sender: 2.30%
Pirated Software: 2.09%

There were 10 updates and 3 new filters added to my custom spam filters this week. The latest updates to my custom MailWasher Pro filters were to these filters:

Courier Scam #1
Exploit Link
Known Spam Domains
Unlicensed Prescription Drugs
Viagra Spam [From] (2x)
Misspelled Viagra Spam [S] (2x)
Twitter Scam
Zipfile Attachment
New filter: CV Zipfile Attachment
New filter: hello - how are you
New filter: JS Exploit HTML Attachment

Blacklist updates this week:

None

Note, that the Blacklist works in both the old and new versions of MailWasher Pro. You can import the Blacklist from version 6.x when you move up to MailWasher Pro 2010 and newer.

About MailWasher Pro

MailWasher Pro intercepts POP3 and IMAP email before you download it to your desktop email client (e.g: Microsoft Outlook, Outlook Express, Windows Live Mail) and scans it for threats or spam content, then either manually or automatically deletes any messages matching your pre-determined criteria and custom filters. It is my primary line of defense against incoming spam, scams, phishing and exploit attacks. If you are not already using this fine anti-spam tool I invite to to read about it on my MailWasher Pro web page. You can download the latest version and try it for free for a month. Registration costs just $29.95, with an annual renewal fee of only $9.95, to cover the costs of development and the FirstAlert community spam database.

All of the spam and scams targeting my numerous accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted.

If you use a POP email client on your desktop to send and receive your email, rather than your browser, you too will benefit from the added protection that MailWasher Pro provides. I can't even begin to tell you how many dangerous attachments, exploit encoded messages, 419 fraud, as well as courier, bank, eBay and PayPal phishing scams, plus hundreds of hostile link emails it has deleted, after identifying them with my rules and its own heuristic and known spam detections.

I am available for hire to write custom MailWasher Pro filters for you or your company. They require that you have a copy of MailWasher on each computer to be customized.

Finally, many security threats will come to you via spam email; some in hostile attachments, some as "phishing" scams, some as financial fraud or money laundering scams, and many more in links to web pages rigged to serve up exploit codes or Trojan downloads.You need really good up-to-date protection to fight off the multitude of attack codes flying like machine gun bullets these days. To protect your computer from web pages rigged with exploit codes, malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security (or Internet Security Pro for travelers). It has strong realtime monitoring modules that stop rootkits and spam Trojans from installing themselves into your operating system. Also known as PC-cillin, it is very frequently updated as new and altered malware definitions become available and it checks for web based threats and new malware definitions by searching secure online servers owned by Trend Micro. This is referred to as "in-the-cloud" security. Best of all, you can try it fully functional for a month, then decide to pay to keep it or uninstall it.

See you all next week, same time, same station! Keep the sunny side up and don't take no wooden nickles!

Wiz - out

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

September 19, 2010

My Spam analysis & filter updates for the week of Sept 13 - 19, 2010

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have decreased 5% this week, to 48% of all my incoming email. Most of the spam was typical junkmail for counterfeit Chinese watches, fake Cialis and Viagra, illicit prescription drugs and male enhancement scams. There was also a new type of spam in the wild, with the subject "hello" and the body text: "How are you?" I'm not sure if this was a dry run for a spam blast, or if the reply to addresses are being monitored by Botmasters, or spammers.

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses.

Sometimes, your own email address is forged as the sender, as well as being the recipient. The practice of forging the recipient's own email address in the From field is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Sept 13 - 19, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

MailWasher Pro spam category breakdown for Sept 13 - 19, 2010. Spam amounted to 48% of my incoming email this week. This represents -5% change from last week.

Effective August 22, 2010, the custom filters are written for all versions of MailWasher versions. There is a brand new version 2010 that was just released in July, 2010, which uses a totally different xml filter format. After many hours of hand editing, I have converted the old filters into the new xml format. You can download my spam filters from my MailWasher Pro spam filters page

Here are some facts from my MailWasher Statistics for the past week. Of the 338 incoming email messages that were classified as spam, 298 were classified by my custom filters, 28 were from my custom Blacklist, and 6 from the DNS Servers Blacklist (mostly the SpamCop Blocklist (SBL)). I actually saw 46 spam messages (but classified by filters set to manual deletion, for safety), all of which I reported through my SpamCop reporting account. The rest were automatically deleted by my other custom filters and Blacklist. See the updates to my filters below the spam categories list.

finger pointing right MailWasher Pro by Firetrust
Fake Cialis & Viagra (dangerous): 25.00%
Pharmaceutical Spam (dangerous & illegal): 14.76%
Male Enhancement Scams (fake & dangerous): 11.45%
Pills: 9.94%
Blacklisted Senders (dating scams & Viagra, etc): 8.43%
Watches (ripoffs): 7.53%
Other Filters (misc filters with small percentages): 6.93%
Known Spam Domain Links (mostly .RU - Russian): 5.42%
Pirated Software: 4.22%
Charset=iso-8859-2: (Latvia, etc) 2.11%
DNS Blacklists (SpamCop, Spamhaus, etc): 1.81%
Porn "Pics" Spam: 1.51%
Blocked Countries: 0.90%

There were 6 updates to my custom spam filters this week, and 2 updates to the blacklist. The latest updates to my custom MailWasher Pro filters were to these filters:

Pharmaceuticals [B]
Pics Spam (2x)
Viagra [From]
Viagra [S]
Watches Spam

Blacklist updates:

[email protected] (New)
*viagr+@+ (updated)

Note, that the Blacklist works in both the old and new versions of MailWasher Pro. You can import the Blacklist from version 6.x when you move up to MailWasher Pro 2010 and newer.

About MailWasher Pro

MailWasher Pro intercepts POP3 and IMAP email before you download it to your desktop email client (e.g: Microsoft Outlook, Outlook Express, Windows Live Mail) and scans it for threats or spam content, then either manually or automatically deletes any messages matching your pre-determined criteria and custom filters. It is my primary line of defense against incoming spam, scams, phishing and exploit attacks. If you are not already using this fine anti-spam tool I invite to to read about it on my MailWasher Pro web page. You can download the latest version and try it for free for a month. Registration costs just $29.95, with an annual renewal fee of only $9.95, to cover the costs of development and the FirstAlert community spam database.

All of the spam and scams targeting my numerous accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted.

If you use a POP email client on your desktop to send and receive your email, rather than your browser, you too will benefit from the added protection that MailWasher Pro provides. I can't even begin to tell you how many dangerous attachments, exploit encoded messages, 419 fraud, as well as courier, bank, eBay and PayPal phishing scams, plus hundreds of hostile link emails it has deleted, after identifying them with my rules and its own heuristic and known spam detections.

I am available for hire to write custom MailWasher Pro filters for you or your company. They require that you have a copy of MailWasher on each computer to be customized.

Finally, many security threats will come to you via spam email; some in hostile attachments, some as "phishing" scams, some as financial fraud or money laundering scams, and many more in links to web pages rigged to serve up exploit codes or Trojan downloads.You need really good up-to-date protection to fight off the multitude of attack codes flying like machine gun bullets these days. To protect your computer from web pages rigged with exploit codes, malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security (or Internet Security Pro for travelers). It has strong realtime monitoring modules that stop rootkits and spam Trojans from installing themselves into your operating system. Also known as PC-cillin, it is very frequently updated as new and altered malware definitions become available and it checks for web based threats and new malware definitions by searching secure online servers owned by Trend Micro. This is referred to as "in-the-cloud" security. Best of all, you can try it fully functional for a month, then decide to pay to keep it or uninstall it.

See you all next week, same time, same station! Keep the sunny side up and don't take no wooden nickles!

Wiz - out

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

September 12, 2010

My Spam analysis & filter updates for the week of Sept 6 - 12, 2010

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have increased 1% this week, to 54% of all my incoming email. Most of the spam was typical junkmail for counterfeit Chinese watches, fake Cialis and Viagra, illicit prescription drugs and male enhancement scams.

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses.

Sometimes, your own email address is forged as the sender, as well as being the recipient. The practice of forging the recipient's own email address in the From field is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Sept 6 - 12, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

MailWasher Pro spam category breakdown for Sept 6 - 12, 2010. Spam amounted to 53% of my incoming email this week. This represents -1% change from last week.

Effective August 22, 2010, the custom filters are written for all versions of MailWasher versions. There is a brand new version 2010 that was just released in July, 2010, which uses a totally different xml filter format. After many hours of hand editing, I have converted the old filters into the new xml format. You can download my spam filters from my MailWasher Pro spam filters page

Here are some facts from my MailWasher Statistics for the past week. Of the 703 incoming email messages that were classified as spam, 316 were classified by my custom filters, 11 were from my custom Blacklist, and 4 from the DNS Servers Blacklist (mostly the SpamCop Blocklist (SBL)). I actually saw 32 spam messages (but classified by filters set to manual deletion, for safety), all of which I reported through my SpamCop reporting account. The rest were automatically deleted by my other custom filters and Blacklist. See the updates to my filters below the spam categories list.

finger pointing right MailWasher Pro by Firetrust
Fake Cialis & Viagra (dangerous): 27.49%
Pharmaceutical Spam (dangerous & illegal): 15.71%
Male Enhancement Scams (fake & dangerous): 14.50%
Known Spam Domain Links (mostly .RU - Russian): 13.29%
Pills: 7.55%
Watches (ripoffs): 6.95%
Other Filters (misc filters with small percentages): 3.93%
Blacklisted Senders (dating scams & Viagra, etc): 3.32%
Porn "Pics" Spam: 2.72%
Canadian Pharmacy: 1.51%
Pirated Software: 1.21%
DNS Blacklists (SpamCop, Spamhaus, etc): 1.21%
Russian Sender: 0.60%

There were 5 updates to my custom spam filters this week, and no updates to the blacklist. The latest updates to my custom MailWasher Pro filters were to these filters:

Courier Scam
Pics Spam
Viagra [S]
Misspelled Viagra [S]
Watches

The following recent MailWasher Pro Email Blacklist entries were able to block 3.32% of this week's spam. Some weeks will have higher percentages of blacklisted senders, depending on which Botnets are used to send those messages, with forged sender names and email addresses. Since the Blacklist is processed before the custom filters, the processing time and cpu load is greatly reduced.

+@+.br
+@+.cn
+@+.de
+@+.es
+@+.gr
+@+.hk
+@+.in
+@+.jp
+@+.kr
+@+.ru
+@+.tw
+@+.ua
+@+.vn
[email protected]
+@*.hinet.net
+@*ukrtel.net
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
notification*@googlemail.com
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
*discount*@yahoo.com
*viagra*@+
[email protected]
lovepil*@yahoo.com
[email protected]
+@+.net.co
lovepil*@yahoo.com
oemsoftware*@+
softwareoem*@+
*[email protected]
medical*@yahoo.com
+@+.roma6ka.com
[email protected]
[email protected]
dr.max+@+.+
drmax+@+
goodstuff@+
nope@+
n?pes@+

Note: The blacklist expressions in large type are usually extremely effective! Note, that is you set a custom filter to Take Precedence over the Friends list, it also overrides the Blacklist, which is in the same file.

Note, that the Blacklist works in both the old and new versions of MailWasher Pro. You can import the Blacklist from version 6.x when you move up to MailWasher Pro 2010 and newer.

About MailWasher Pro

MailWasher Pro intercepts POP3 and IMAP email before you download it to your desktop email client (e.g: Microsoft Outlook, Outlook Express, Windows Live Mail) and scans it for threats or spam content, then either manually or automatically deletes any messages matching your pre-determined criteria and custom filters. It is my primary line of defense against incoming spam, scams, phishing and exploit attacks. If you are not already using this fine anti-spam tool I invite to to read about it on my MailWasher Pro web page. You can download the latest version and try it for free for a month. Registration costs just $29.95, with an annual renewal fee of only $9.95, to cover the costs of development and the FirstAlert community spam database.

All of the spam and scams targeting my numerous accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted.

If you use a POP email client on your desktop to send and receive your email, rather than your browser, you too will benefit from the added protection that MailWasher Pro provides. I can't even begin to tell you how many dangerous attachments, exploit encoded messages, 419 fraud, as well as courier, bank, eBay and PayPal phishing scams, plus hundreds of hostile link emails it has deleted, after identifying them with my rules and its own heuristic and known spam detections.

I am available for hire to write custom MailWasher Pro filters for you or your company. They require that you have a copy of MailWasher on each computer to be customized.

Finally, many security threats will come to you via spam email; some in hostile attachments, some as "phishing" scams, some as financial fraud or money laundering scams, and many more in links to web pages rigged to serve up exploit codes or Trojan downloads.You need really good up-to-date protection to fight off the multitude of attack codes flying like machine gun bullets these days. To protect your computer from web pages rigged with exploit codes, malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security (or Internet Security Pro for travelers). It has strong realtime monitoring modules that stop rootkits and spam Trojans from installing themselves into your operating system. Also known as PC-cillin, it is very frequently updated as new and altered malware definitions become available and it checks for web based threats and new malware definitions by searching secure online servers owned by Trend Micro. This is referred to as "in-the-cloud" security. Best of all, you can try it fully functional for a month, then decide to pay to keep it or uninstall it.

See you all next week, same time, same station! Keep the sunny side up and don't take no wooden nickles!

Wiz - out

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

September 6, 2010

My Spam analysis & filter updates for the week of Aug 30 - Sept 5, 2010

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have decreased 1% this week, to 53% of all my incoming email. I saw a few new fake FedEx courier infected attachment exploits this week. These contain the Bredolab Trojan downloader that downloads and installs the Zeus banking credentials stealer. All the the rest of the spam was typical junkmail for counterfeit Chinese watches, fake Cialis and Viagra, illicit prescription drugs, male enhancement scams and fake diploma scams.

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses.

Sometimes, your own email address is forged as the sender, as well as being the recipient. The practice of forging the recipient's own email address in the From field is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Aug 30 - Sept 5, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

MailWasher Pro spam category breakdown for Aug 30 - Sept 5, 2010. Spam amounted to 53% of my incoming email this week. This represents -1% change from last week.

Effective August 22, 2010, the custom filters are written for all versions of MailWasher versions. There is a brand new version 2010 that was just released in July, 2010, which uses a totally different xml filter format. After many hours of hand editing, I have converted the old filters into the new xml format. You can download my spam filters from my MailWasher Pro spam filters page

Here are some facts from my MailWasher Statistics for the past week. Of the 375 incoming email messages that were classified as spam, 307 were classified by my custom filters, 7 were from my custom Blacklist, and 0 from the DNS Servers Blacklist (mostly the SpamCop Blocklist (SBL)). I actually saw 16 spam messages (but classified by filters set to manual deletion, for safety), all of which I reported through my SpamCop reporting account. The rest were automatically deleted by my custom filters and Blacklist. See the updates to my filters below the spam categories list.

finger pointing right MailWasher Pro by Firetrust
Fake Cialis & Viagra (dangerous): 31.85%
Pharmaceutical Spam (dangerous & illegal): 14.33%
Watches (ripoffs): 11.78%
Known Spam Domain Links (mostly .RU - Russian): 9.87%
Male Enhancement Scams (fake & dangerous): 8.92%
Counterfeit goods (cufflinks, etc): 7.64%
Other Filters (misc filters with small percentages): 5.10%
Diploma scams (don't fall for these!): 3.50%
Blacklisted Senders (dating scams & Viagra, etc): 2.23%
Canadian Pharmacy: 1.59%
HTML Tricks: 1.59%
Known Spam [From]: 1.59%

There were 6 updates to my custom spam filters this week, and no updates to the blacklist. The latest updates to my custom MailWasher Pro filters were to these filters:

Counterfeit Goods
Courier Scams #3 and #4
Misspelled Viagra
Twitter Scam
Watches

The following recent MailWasher Pro Email Blacklist entries were able to block ~2.2% of this week's spam. Some weeks will have higher percentages of blacklisted senders, depending on which Botnets are used to send those messages, with forged sender names and email addresses. Since the Blacklist is processed before the custom filters, the processing time and cpu load is greatly reduced.

+@+.br
+@+.cn
+@+.de
+@+.es
+@+.gr
+@+.hk
+@+.in
+@+.jp
+@+.kr
+@+.ru
+@+.tw
+@+.ua
+@+.vn
[email protected]
+@*.hinet.net
+@*ukrtel.net
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
notification*@googlemail.com
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
*discount*@yahoo.com
*viagra*@+
[email protected]
lovepil*@yahoo.com
[email protected]
+@+.net.co
lovepil*@yahoo.com
oemsoftware*@+
softwareoem*@+
*[email protected]
medical*@yahoo.com
+@+.roma6ka.com
[email protected]
[email protected]
dr.max+@+.+
drmax+@+
goodstuff@+
nope@+
n?pes@+

Note: The blacklist expressions in large type are usually extremely effective! Note, that is you set a custom filter to Take Precedence over the Friends list, it also overrides the Blacklist, which is in the same file.

Note, that the Blacklist works in both the old and new versions of MailWasher Pro. You can import the Blacklist from version 6.x when you move up to MailWasher Pro 2010 and newer.

About MailWasher Pro

MailWasher Pro intercepts POP3 and IMAP email before you download it to your desktop email client (e.g: Microsoft Outlook, Outlook Express, Windows Live Mail) and scans it for threats or spam content, then either manually or automatically deletes any messages matching your pre-determined criteria and custom filters. It is my primary line of defense against incoming spam, scams, phishing and exploit attacks. If you are not already using this fine anti-spam tool I invite to to read about it on my MailWasher Pro web page. You can download the latest version and try it for free for a month. Registration costs just $29.95, with an annual renewal fee of only $9.95, to cover the costs of development and the FirstAlert community spam database.

All of the spam and scams targeting my numerous accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted.

If you use a POP email client on your desktop to send and receive your email, rather than your browser, you too will benefit from the added protection that MailWasher Pro provides. I can't even begin to tell you how many dangerous attachments, exploit encoded messages, 419 fraud, as well as courier, bank, eBay and PayPal phishing scams, plus hundreds of hostile link emails it has deleted, after identifying them with my rules and its own heuristic and known spam detections.

I am available for hire to write custom MailWasher Pro filters for you or your company. They require that you have a copy of MailWasher on each computer to be customized.

Finally, many security threats will come to you via spam email; some in hostile attachments, some as "phishing" scams, some as financial fraud or money laundering scams, and many more in links to web pages rigged to serve up exploit codes or Trojan downloads.You need really good up-to-date protection to fight off the multitude of attack codes flying like machine gun bullets these days. To protect your computer from web pages rigged with exploit codes, malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security (or Internet Security Pro for travelers). It has strong realtime monitoring modules that stop rootkits and spam Trojans from installing themselves into your operating system. Also known as PC-cillin, it is very frequently updated as new and altered malware definitions become available and it checks for web based threats and new malware definitions by searching secure online servers owned by Trend Micro. This is referred to as "in-the-cloud" security. Best of all, you can try it fully functional for a month, then decide to pay to keep it or uninstall it.

See you all next week, same time, same station! Keep the sunny side up and don't take no wooden nickles!

Wiz - out

Facebook Twitter LinkedIn Pinterest Instapaper Google+ Addthis

back to top ^

Blog Links

Sponsored Message

I recommend Malwarebytes to protect your computers and Android devices from malicious code attacks. Malwarebytes detects and blocks spyware, viruses and ransomware, as well as rootkits. It removes malware from an already infected device. Get an 18 month subscription to Malwarebytes here.

If you're a fan of Robert Jordan's novels, you can buy boxed sets of The Wheel Of Time, here.

As an Amazon and Google Associate, I earn commissions from qualifying purchases.


CIDR to IPv4 Address Range Utility Tool | IPAddressGuide
CIDR to IPv4 Conversion



About the author
Wiz FeinbergWiz's Blog is written by Bob "Wiz" Feinberg, an experienced freelance computer consultant, troubleshooter and webmaster. Wiz's specialty is in computer and website security. Wizcrafts Computer Services was established in 1996.

I produce this blog and website at my own expense. If you find this information valuable please consider making a donation via PayPal.

Follow @Wizcrafts on Twitter, where I post short updates on security issues, spam trends and things that just eat at my craw.

Follow Wizcrafts on Twitter


Malwarebytes' Anti-Malware is the most frequently recommended malware removal tool in malware removal forums, like Bleeping Computers. It is extremely effective for removing fake/rogue security alerts, Bots, Spyware and the most prevalent and current malware threats in the wild. Learn about Malwarebytes Anti-Malware.


MailWasher Pro is an effective spam filter that protects your desktop email client. Using a combination of blacklists and built-in and user configurable filters, MailWasher Pro recognizes and deletes spam before you download it. MailWasher Pro reveals the actual URL of any links in a message, which protects you from most Phishing scams. Try it free for 30 days.





Creative Commons License This weblog is licensed under a Creative Commons License.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
Powered by Movable Type

back to top ^