Wiz's Computer and Website Security Blog

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have decreased 11% this week, to 55% of all my incoming email. Most of the spam was typical junkmail for counterfeit Cialis and Viagra and other illicit prescription drugs, male enhancement scams, counterfeit Chinese watches, fake diplomas, Russian dating scams and pirated software (Russian).

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses.

Sometimes, your own email address is forged as the sender, as well as being the recipient. The practice of forging the recipient's own email address in the From field is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Oct 25 - 31, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

MailWasher Pro spam category breakdown for Oct 25 - 31, 2010. Spam amounted to 55% of my incoming email this week. This represents -11% change from last week.

Here are some facts from my MailWasher Statistics for the past week. Of the 399 incoming email messages that were classified as spam, 358 were classified by my custom filters, 21 were deleted by my custom Blacklist, and 0 from the DNS Servers Blacklist (mostly the SpamCop Blocklist (SBL)). I actually saw 21 spam messages (but classified by filters set to manual deletion, for safety), all of which I reported through my SpamCop reporting account. The rest were automatically deleted by my other custom filters and Blacklist. See the updates to my filters below the spam categories list.

Note, that the Blacklist works in both the old and new versions of MailWasher Pro. You can import the Blacklist from version 6.x when you move up to MailWasher Pro 2010 and newer. You can find my most effective published Blacklist on my MailWasher Pro Custom Filters page.

About MailWasher Pro

MailWasher Pro intercepts POP3 and IMAP email before you download it to your desktop email client (e.g: Microsoft Outlook, Outlook Express, Windows Live Mail) and scans it for threats or spam content, then either manually or automatically deletes any messages matching your pre-determined criteria and custom filters. It is my primary line of defense against incoming spam, scams, phishing and exploit attacks. If you are not already using this fine anti-spam tool I invite to to read about it on my MailWasher Pro web page. You can download the latest version and try it for free for a month. Registration costs just $29.95, with an annual renewal fee of only $9.95, to cover the costs of development and the FirstAlert community spam database.

All of the spam and scams targeting my numerous accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted.

If you use a POP email client on your desktop to send and receive your email, rather than your browser, you too will benefit from the added protection that MailWasher Pro provides. I can't even begin to tell you how many dangerous attachments, exploit encoded messages, 419 fraud, as well as courier, bank, eBay and PayPal phishing scams, plus hundreds of hostile link emails it has deleted, after identifying them with my rules and its own heuristic and known spam detections.

I am available for hire to write custom MailWasher Pro filters for you or your company. They require that you have a copy of MailWasher on each computer to be customized.

Finally, many security threats will come to you via spam email; some in hostile attachments, some as "phishing" scams, some as financial fraud or money laundering scams, and many more in links to web pages rigged to serve up exploit codes or Trojan downloads.You need really good up-to-date protection to fight off the multitude of attack codes flying like machine gun bullets these days. To protect your computer from web pages rigged with exploit codes, malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security (or Internet Security Pro for travelers). It has strong realtime monitoring modules that stop rootkits and spam Trojans from installing themselves into your operating system. Also known as PC-cillin, it is very frequently updated as new and altered malware definitions become available and it checks for web based threats and new malware definitions by searching secure online servers owned by Trend Micro. This is referred to as "in-the-cloud" security. Best of all, you can try it fully functional for a month, then decide to pay to keep it or uninstall it.

See you all next week, same time, same station! Keep the sunny side up and don't take no wooden nickles!

Wiz - out

Posted by Wiz at 4:29 PM | Permalink

back to top ^

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have increased 3% this week, to 66% of all my incoming email. Most of the spam was typical junkmail for counterfeit Cialis and Viagra and other illicit prescription drugs, male enhancement scams, counterfeit Chinese watches, fake diplomas, "pics" dating scams from Russia and a few phishing scams.

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses.

Sometimes, your own email address is forged as the sender, as well as being the recipient. The practice of forging the recipient's own email address in the From field is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Oct 18 - 24, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

MailWasher Pro spam category breakdown for Oct 18 - 24, 2010. Spam amounted to 66% of my incoming email this week. This represents +3% change from last week.

Here are some facts from my MailWasher Statistics for the past week. Of the 454 incoming email messages that were classified as spam, 427 were classified by my custom filters, 24 were deleted by my custom Blacklist, and 2 from the DNS Servers Blacklist (mostly the SpamCop Blocklist (SBL)). I actually saw 21 spam messages (but classified by filters set to manual deletion, for safety), all of which I reported through my SpamCop reporting account. The rest were automatically deleted by my other custom filters and Blacklist. See the updates to my filters below the spam categories list.

Note, that the Blacklist works in both the old and new versions of MailWasher Pro. You can import the Blacklist from version 6.x when you move up to MailWasher Pro 2010 and newer. You can find my most effective published Blacklist on my MailWasher Pro Custom Filters page.

About MailWasher Pro

MailWasher Pro intercepts POP3 and IMAP email before you download it to your desktop email client (e.g: Microsoft Outlook, Outlook Express, Windows Live Mail) and scans it for threats or spam content, then either manually or automatically deletes any messages matching your pre-determined criteria and custom filters. It is my primary line of defense against incoming spam, scams, phishing and exploit attacks. If you are not already using this fine anti-spam tool I invite to to read about it on my MailWasher Pro web page. You can download the latest version and try it for free for a month. Registration costs just $29.95, with an annual renewal fee of only $9.95, to cover the costs of development and the FirstAlert community spam database.

All of the spam and scams targeting my numerous accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted.

If you use a POP email client on your desktop to send and receive your email, rather than your browser, you too will benefit from the added protection that MailWasher Pro provides. I can't even begin to tell you how many dangerous attachments, exploit encoded messages, 419 fraud, as well as courier, bank, eBay and PayPal phishing scams, plus hundreds of hostile link emails it has deleted, after identifying them with my rules and its own heuristic and known spam detections.

I am available for hire to write custom MailWasher Pro filters for you or your company. They require that you have a copy of MailWasher on each computer to be customized.

Finally, many security threats will come to you via spam email; some in hostile attachments, some as "phishing" scams, some as financial fraud or money laundering scams, and many more in links to web pages rigged to serve up exploit codes or Trojan downloads.You need really good up-to-date protection to fight off the multitude of attack codes flying like machine gun bullets these days. To protect your computer from web pages rigged with exploit codes, malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security (or Internet Security Pro for travelers). It has strong realtime monitoring modules that stop rootkits and spam Trojans from installing themselves into your operating system. Also known as PC-cillin, it is very frequently updated as new and altered malware definitions become available and it checks for web based threats and new malware definitions by searching secure online servers owned by Trend Micro. This is referred to as "in-the-cloud" security. Best of all, you can try it fully functional for a month, then decide to pay to keep it or uninstall it.

See you all next week, same time, same station! Keep the sunny side up and don't take no wooden nickles!

Wiz - out

Posted by Wiz at 2:08 PM | Permalink

back to top ^

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have increased 2% this week, to 63% of all my incoming email. Most of the spam was typical junkmail for counterfeit Cialis and Viagra and other illicit prescription drugs, male enhancement scams, counterfeit Chinese watches, fake diplomas, "pics" dating scams from Russia and a slew fake Electronic Tax Payment phishing scams.

October 1st saw the shutdown of the criminal Spamit affiliate payment network through which the spammers promoting the fake "Canadian Pharmacy" websites received commissions. They simply moved over the already operating medical and dating spam affiliate network: Bunker.biz. That operation is run out of The Ukraine and Russia, with fake pharmacy websites hosted on compromised PCs belonging to various spam Botnets. The replacements for the now dead "Canadian Pharmacy" network are Canadian Neighbor Pharmacy and Canadian Health and Care Mall. No matter what name they go by, or certificates and licenses they display, they are all fake, as are the drugs they sell. They are as Canadian as the Pope! The sole reason for their existence is to scam gullible Americans into using their credit and debit cards to buy fake pharmaceuticals.

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses.

Sometimes, your own email address is forged as the sender, as well as being the recipient. The practice of forging the recipient's own email address in the From field is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Oct 11 - 17, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

MailWasher Pro spam category breakdown for Oct 11 - 17, 2010. Spam amounted to 63% of my incoming email this week. This represents +2% change from last week.

Here are some facts from my MailWasher Statistics for the past week. Of the 558 incoming email messages that were classified as spam, 479 were classified by my custom filters, 16 were deleted by my custom Blacklist and another 12 were classified by the learning and Bayesian filters. I actually saw 47 spam messages (but classified by filters set to manual deletion, for safety), all of which I reported through my SpamCop reporting account. The rest were automatically deleted by my other custom filters and Blacklist. See the updates to my filters below the spam categories list.

Note, that the Blacklist works in both the old and new versions of MailWasher Pro. You can import the Blacklist from version 6.x when you move up to MailWasher Pro 2010 and newer. You can find my most effective published Blacklist on my MailWasher Pro Custom Filters page.

About MailWasher Pro

MailWasher Pro intercepts POP3 and IMAP email before you download it to your desktop email client (e.g: Microsoft Outlook, Outlook Express, Windows Live Mail) and scans it for threats or spam content, then either manually or automatically deletes any messages matching your pre-determined criteria and custom filters. It is my primary line of defense against incoming spam, scams, phishing and exploit attacks. If you are not already using this fine anti-spam tool I invite to to read about it on my MailWasher Pro web page. You can download the latest version and try it for free for a month. Registration costs just $29.95, with an annual renewal fee of only $9.95, to cover the costs of development and the FirstAlert community spam database.

All of the spam and scams targeting my numerous accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted.

If you use a POP email client on your desktop to send and receive your email, rather than your browser, you too will benefit from the added protection that MailWasher Pro provides. I can't even begin to tell you how many dangerous attachments, exploit encoded messages, 419 fraud, as well as courier, bank, eBay and PayPal phishing scams, plus hundreds of hostile link emails it has deleted, after identifying them with my rules and its own heuristic and known spam detections.

I am available for hire to write custom MailWasher Pro filters for you or your company. They require that you have a copy of MailWasher on each computer to be customized.

Finally, many security threats will come to you via spam email; some in hostile attachments, some as "phishing" scams, some as financial fraud or money laundering scams, and many more in links to web pages rigged to serve up exploit codes or Trojan downloads.You need really good up-to-date protection to fight off the multitude of attack codes flying like machine gun bullets these days. To protect your computer from web pages rigged with exploit codes, malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security (or Internet Security Pro for travelers). It has strong realtime monitoring modules that stop rootkits and spam Trojans from installing themselves into your operating system. Also known as PC-cillin, it is very frequently updated as new and altered malware definitions become available and it checks for web based threats and new malware definitions by searching secure online servers owned by Trend Micro. This is referred to as "in-the-cloud" security. Best of all, you can try it fully functional for a month, then decide to pay to keep it or uninstall it.

See you all next week, same time, same station! Keep the sunny side up and don't take no wooden nickles!

Wiz - out

Posted by Wiz at 12:14 PM | Permalink

back to top ^

Update: As of the late evening of October 15, 2010, Facebook listened to our petition and has restored the link to Clear Chat History! Chalk another one up for the Good Guys! The link is in the top right of your Facebook Chat boxes. It only works on your end. If you want your chat partners to clear their side, ask them to do so. Otherwise, your comments remain online.

Updated with more details, on October 15, 2010, at: 10:45 AM, EST.

At the time I am writing this, Facebook does not have a means of clearing your Facebook Chat history. It is preserved over an undisclosed period of time, so that every time you close the browser, then open it again and login to Facebook, then open a Chat with a Friend, your previous chat history will still be present. This is a serious security and privacy risk. If somebody else uses your computer, and opens the same browser and goes to your Facebook page (Facebook automatically logs you in every time!), they can open the Chat box and click on names of your Friends. Each Friend with whom you have recently chatted will reveal the entire chat history, until the Facebook servers finally delete it.

If the person reading your Facebook page is your employer, or a spy, or a jealous companion, they can read every word exchanged between you and your Chat partners. If you allow third party Facebook applications to access your profile, they can also access your chat history!

There is an ongoing petition, based on Facebook members "Liking" the topic, about getting Facebook to reinstall the previously present, now removed link to delete individual chat histories. I have posted several comments about this matter. Now, there is a workaround being discussed, involving a snippet of JavaScript and copying/pasting it into the browser's address bar while viewing a Chat partner's profile. It is confusing to the less technically savvy Facebook users. I shall try to 'splain it in plain English.

Here is part of what a Facebook member posted. It works for me and some others, but confuses the hell out of too many members.

have the chat box of the person you're chatting with open or minimized. go to their profile.
{snip}
copy and paste the line below and replace their id in the address bar with the number after id= and hit the enter key. {snip}

javascript:chatDisplay.tabs[id].clearHistory();

I just tested that (full) procedure and it worked as advertised, but took extra steps that were not described in detail. Here are the actual steps I took, in outline form:

1. With the Chat box open and the Chat history present, right-click on that person's small photo inside the Chat box;


2. From the flyout right button options, use the left button to select "Open in new tab" or else "Open in new window", depending on if your browser allows you to use new tabs for opening hyperlinks.


3. Look at address bar on the new browser tab or window, where the link from the profile picture opened. The address bar or location bar as it's called in Firefox, is where the URL of a web page is shown. E.g.: http://whatever.com. On right half of the Facebook URL there is "/profile.php?id=" - without the quotes, and either their Facebook user name or a long series of numbers;


4. Click the mouse pointer on the first number after the = symbol, hold down left mouse button, then wipe mouse to the right, across all the rest of the member's name or numbers, then let go of mouse button;
   
   Example: If the address bar shows /profile.php?id=123456789012345, you would want to highlight just the group of numbers I have underlined. If the ID is the actual member's name, rather than a number code, copy it instead.


5. Press CTRL and C together on your keyboard, to copy the now highlighted user id name or number


6. Open Notepad, or another text editor.
   
   Windows method: Right-click your mouse or pointer anywhere in a blank area of your desktop display and hover the pointer over New, then move sideways to the little down arrow that appears and go down the list of options until you highlight Text Document. With your left mouse button, click to select Text Document. This will open a blank instance of Windows Notepad.
   
   Now, paste in the copied name or numbers by pressing the CTRL and V keys together.


7. Hit the Enter key to create a new line in the new Notepad document window


8. Highlight, Copy (Ctrl and C) and Paste (Ctrl and V) this code into a new line in the Notepad document:
   
   javascript:chatDisplay.tabs[id].clearHistory();


9. Highlight and delete the letters [id] inside the square brackets, but not the brackets themselves.


10. Highlight and re-copy the ID name or numbers you copied and pasted into Notepad, in step six (from the member's Facebook ID)


11. Paste those numbers inside the square brackets where the word "id" was before you deleted it. Here's how it would look in my example id:
    javascript:chatDisplay.tabs[123456789012345].clearHistory();


12. Now, copy and paste that code, but with the member's actual name or ID number in the brackets, into the address bar where that member's profile page was opened, in step #2, overwriting the existing facebook.com URL. You must replace the URL that was in the address bar with this code. Do not just add it in.


13. With that JavaScript code in the address or location bar, press the ENTER key. If the Chat box is open on the other person's profile page, you will see the entire chat history disappear in front of your eyes!

A quick tutorial on how to highlight, copy and paste text in text documents.

You are reading this because you were instructed to copy and paste some text, or code, from one place into another, and is is Greek to you. I will try to explain it in plain English.

Copying and pasting text involves several keyboard combinations, and/or mouse/pointer actions, as follows. This is how I do it.

1. Highlight the desired text with your mouse or pointer.
   
   Do this by clicking and holding down the left mouse/pointer button at start of the word, code, line, or entire paragraph(s) of characters, then move the mouse or pointer sideways (and down for multiple lines) to the other end of the desired sequence to be copied. When you reach the end of the section, stop moving and let go of the left mouse button. If the letters are dark, on a light or white background, like on this blog, the selection you wiped the mouse pointer across will be highlighted in a dark blue color and the letters and characters will change to white. If the page you are copying from has light letters on a dark background to begin with, highlighting will produce an opposite color scheme.


2. Copy the highlighted text to a virtual clipboard that holds it temporarily.
   
   Press the Ctrl and C keyboard keys together


3. Using the left mouse/pointer button, click in the location, page, paragraph, space between words, input field, address bar, or document, where the copied selection is to be pasted.


4. Paste in copied text by pressing the Ctrl and V keys together.

If you have difficulty controlling the mouse pointer when highlighting sections, or lines of text. you can use the keyboard instead. It will simplify things if you are able to at least left click with your pointer, or trackball and left button, at the general place where you want to copy text. Then, use the up/down and left/right arrow keys to get to the starting point. Press the Shift key and hold it down with your left hand, then use the arrow keys, or the Home, or End key to highlight as much text as desired. With the text highlighted, use the aforementioned combination of Ctrl and C to copy, and Ctrl and V to paste it in elsewhere.

That's all I've got to say about tha-at! Remember, you learned this from Wiz Feinberg, on Wiz's Computer and Website Security Blog. My home page is at http://www.wizcrafts.net.

Posted by Wiz at 1:24 AM | Permalink

back to top ^

During the middle of August, 2010, public details began to emerge about a long-standing vulnerability afflicting dozens of popular programs and how they load dynamic link library files (.dll). Soon after the details were published, hacker sites began posting exploit codes. Now, cybercriminals are using these vulnerabilities in multi-exploit kits, in attacks against your applications, browsers and their plug-ins.

On August 23, 2010, Microsoft published an advisory about the DLL vulnerability, then updated it on Aug 31. In that advisory one can read about recommended workarounds and mitigating factors. There is a link on that page to a MS Fix-It tool page, titled: "A new CWDIllegalInDllSearch registry entry is available to control the DLL search path algorithm" - which requires one to first apply a Registry fix shown on that page. Be forewarned, this is a lot of highly technical stuff. I recommend that anybody capable of reading through the Microsoft advisory and workaround pages apply the fixes as soon as possible. The rest will have to wait until a suitable patch is available via Windows Updates.

At the time I posted this article, the security firm Secunia has identified 176 programs and operating systems that can be exploited by directing one of these applications to load a remotely hosted hostile file, when the targeted program opens, or opens an associated file. The exploited files are .dll libraries, which just about every Windows program uses as includes to add functionality to the main program executable. The .dll files are actually executable files, but only when called by another executable. They are technically referred to as Portable Executable, or PE files.

Of these 176 programs, Microsoft is responsible for 20, including numerous operating systems, like Windows XP, Vista and 7, its MS Office applications, and the Windows Live Mail email client. ALl remain unpatched as of October 11, 2010. Watch for some possible fixes on Patch Tuesday, October 12, 2010. Hopefully, some, is not all of the vulnerable Microsoft programs will be patched. It has almost been two months since the public disclosure. C'mon, Microsoft!

Seven popular Nero and Roxio CD burning programs are affected, as are media players WinAmp and RealPlayer. BlackBerry Desktop Software version 3 through 5 are vulnerable. Even QuickBooks 2010 made the vulnerable list!

You can look over the complete list of vulnerable programs, and see which ones have had patched versions released. If you see apps that you are using on this list, and they are unpatched, your best protection is to reduce your user privileges. If you use Windows XP, a Limited User account is the safest. For Windows XP Professional, Vista and 7, a Standard (XP Power User), or Limited account is safer than an Administrator account. Operating with reduced user privileges also reduces any danger of exploitation, or lessens the impact of exploitation to just that account, rather than the entire operating system.

If you are browsing the Internet with Internet Explorer, try switching to Mozilla Firefox instead. Firefox has already been patched against the .dll loading vulnerability.

Posted by Wiz at 3:27 PM | Permalink

back to top ^

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have increased 3% this week, to 61% of all my incoming email. Most of the spam was typical junkmail for fake Cialis and Viagra, illicit prescription drugs, male enhancement scams, counterfeit Chinese watches, fake diplomas and a few fake Electronic Tax Payment scams. I also saw one new Twitter scam, which may be something to watch for next week.

October 1st saw the shutdown of the affiliate payment network through which the promoters (spammers) of the fake "Canadian Pharmacy" websites received commissions. These sites have plagued the Internet for about 4 years until now. The operation and creation of website templates was run out of Russia, but the fake websites were all hosted on compromised PCs belonging to various spam Botnets. The drugs they delivered, if they delivered any at all, were counterfeit and made in China and India. All were illegal to import into the USA or Canada and many unwary buyers had their drugs seized by Customs. It is an established fact that the Canadian Pharmacy websites have absolutely nothing to do with Canada. All of the testimonials, logos and certificates on those site were either stolen or fake.

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses.

Sometimes, your own email address is forged as the sender, as well as being the recipient. The practice of forging the recipient's own email address in the From field is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Oct 4 - 10, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

MailWasher Pro spam category breakdown for Oct 4 - 10, 2010. Spam amounted to 61% of my incoming email this week. This represents +3% change from last week.

Effective August 22, 2010, the custom filters are written for all versions of MailWasher versions. There is a brand new version 2010 that was just released in July, 2010, which uses a totally different xml filter format. After many hours of hand editing, I have converted the old filters into the new xml format. You can download my spam filters from my MailWasher Pro spam filters page

Here are some facts from my MailWasher Statistics for the past week. Of the 423 incoming email messages that were classified as spam, 391 were classified by my custom filters, 17 were deleted by my custom Blacklist, and 7 from the DNS Servers Blacklist (mostly the SpamCop Blocklist (SBL)). I actually saw 44 spam messages (but classified by filters set to manual deletion, for safety), all of which I reported through my SpamCop reporting account. The rest were automatically deleted by my other custom filters and Blacklist. See the updates to my filters below the spam categories list.

There were 4 updates made to my custom spam filters this week. The latest updates to my custom MailWasher Pro filters were to these filters:

Pics Spam
Pills Spam
Twitter Scam
Viagra Spam [From]

Blacklist updates this week:

None

Note, that the Blacklist works in both the old and new versions of MailWasher Pro. You can import the Blacklist from version 6.x when you move up to MailWasher Pro 2010 and newer.

About MailWasher Pro

MailWasher Pro intercepts POP3 and IMAP email before you download it to your desktop email client (e.g: Microsoft Outlook, Outlook Express, Windows Live Mail) and scans it for threats or spam content, then either manually or automatically deletes any messages matching your pre-determined criteria and custom filters. It is my primary line of defense against incoming spam, scams, phishing and exploit attacks. If you are not already using this fine anti-spam tool I invite to to read about it on my MailWasher Pro web page. You can download the latest version and try it for free for a month. Registration costs just $29.95, with an annual renewal fee of only $9.95, to cover the costs of development and the FirstAlert community spam database.

All of the spam and scams targeting my numerous accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted.

If you use a POP email client on your desktop to send and receive your email, rather than your browser, you too will benefit from the added protection that MailWasher Pro provides. I can't even begin to tell you how many dangerous attachments, exploit encoded messages, 419 fraud, as well as courier, bank, eBay and PayPal phishing scams, plus hundreds of hostile link emails it has deleted, after identifying them with my rules and its own heuristic and known spam detections.

I am available for hire to write custom MailWasher Pro filters for you or your company. They require that you have a copy of MailWasher on each computer to be customized.

Finally, many security threats will come to you via spam email; some in hostile attachments, some as "phishing" scams, some as financial fraud or money laundering scams, and many more in links to web pages rigged to serve up exploit codes or Trojan downloads.You need really good up-to-date protection to fight off the multitude of attack codes flying like machine gun bullets these days. To protect your computer from web pages rigged with exploit codes, malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security (or Internet Security Pro for travelers). It has strong realtime monitoring modules that stop rootkits and spam Trojans from installing themselves into your operating system. Also known as PC-cillin, it is very frequently updated as new and altered malware definitions become available and it checks for web based threats and new malware definitions by searching secure online servers owned by Trend Micro. This is referred to as "in-the-cloud" security. Best of all, you can try it fully functional for a month, then decide to pay to keep it or uninstall it.

See you all next week, same time, same station! Keep the sunny side up and don't take no wooden nickles!

Wiz - out

Posted by Wiz at 2:37 PM | Permalink

back to top ^

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have decreased 2% this week, to 58% of all my incoming email. Most of the spam was typical junkmail for counterfeit Chinese watches, fake Cialis and Viagra, illicit prescription drugs and male enhancement scams. There were also some new variations of malware in attachments scams, in fake CV resumes in zip files. There was a dangerous link spam campaign, posing as LinkedIn messages, leading to serious exploit attacks and the Zeus banking credential stealing Trojan. Finally, there was spam for fake diplomas, and some pirated OEM software, hosted on Russian domains.

The LinkedIn attack was coordinated and sent (via Botnets) by the same people behind the malware infected fake CV resumes (Zeus Trojan). They are headquartered in The Ukraine and 5 of them were just arrested this week. Another 11 were arrested in The UK and dozens more were arrested or had warrants issued in the USA. Almost all are Russians, Ukrainians and people from other Eastern European countries. Quite a few in the US are Russian students here on J1 Student Visas.

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses.

Sometimes, your own email address is forged as the sender, as well as being the recipient. The practice of forging the recipient's own email address in the From field is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Sept 27 - Oct 3, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

MailWasher Pro spam category breakdown for Sept 27 - Oct 3, 2010. Spam amounted to 58% of my incoming email this week. This represents -2% change from last week.

Effective August 22, 2010, the custom filters are written for all versions of MailWasher versions. There is a brand new version 2010 that was just released in July, 2010, which uses a totally different xml filter format. After many hours of hand editing, I have converted the old filters into the new xml format. You can download my spam filters from my MailWasher Pro spam filters page

Here are some facts from my MailWasher Statistics for the past week. Of the 492 incoming email messages that were classified as spam, 467 were classified by my custom filters, 11 were deleted by my custom Blacklist, and 4 from the DNS Servers Blacklist (mostly the SpamCop Blocklist (SBL)). I actually saw 65 spam messages (but classified by filters set to manual deletion, for safety), all of which I reported through my SpamCop reporting account. The rest were automatically deleted by my other custom filters and Blacklist. See the updates to my filters below the spam categories list.

There were 5 updates and 1 new filter added to my custom spam filters this week. The latest updates to my custom MailWasher Pro filters were to these filters:

Courier Scam #3
Porn Spam
Viagra Spam [From]
Yahoo Spam
New filter: LinkedIn Scam (added and updated)

Blacklist updates this week:

None

Note, that the Blacklist works in both the old and new versions of MailWasher Pro. You can import the Blacklist from version 6.x when you move up to MailWasher Pro 2010 and newer.

About MailWasher Pro

MailWasher Pro intercepts POP3 and IMAP email before you download it to your desktop email client (e.g: Microsoft Outlook, Outlook Express, Windows Live Mail) and scans it for threats or spam content, then either manually or automatically deletes any messages matching your pre-determined criteria and custom filters. It is my primary line of defense against incoming spam, scams, phishing and exploit attacks. If you are not already using this fine anti-spam tool I invite to to read about it on my MailWasher Pro web page. You can download the latest version and try it for free for a month. Registration costs just $29.95, with an annual renewal fee of only $9.95, to cover the costs of development and the FirstAlert community spam database.

All of the spam and scams targeting my numerous accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted.

If you use a POP email client on your desktop to send and receive your email, rather than your browser, you too will benefit from the added protection that MailWasher Pro provides. I can't even begin to tell you how many dangerous attachments, exploit encoded messages, 419 fraud, as well as courier, bank, eBay and PayPal phishing scams, plus hundreds of hostile link emails it has deleted, after identifying them with my rules and its own heuristic and known spam detections.

I am available for hire to write custom MailWasher Pro filters for you or your company. They require that you have a copy of MailWasher on each computer to be customized.

Finally, many security threats will come to you via spam email; some in hostile attachments, some as "phishing" scams, some as financial fraud or money laundering scams, and many more in links to web pages rigged to serve up exploit codes or Trojan downloads.You need really good up-to-date protection to fight off the multitude of attack codes flying like machine gun bullets these days. To protect your computer from web pages rigged with exploit codes, malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security (or Internet Security Pro for travelers). It has strong realtime monitoring modules that stop rootkits and spam Trojans from installing themselves into your operating system. Also known as PC-cillin, it is very frequently updated as new and altered malware definitions become available and it checks for web based threats and new malware definitions by searching secure online servers owned by Trend Micro. This is referred to as "in-the-cloud" security. Best of all, you can try it fully functional for a month, then decide to pay to keep it or uninstall it.

See you all next week, same time, same station! Keep the sunny side up and don't take no wooden nickles!

Wiz - out

Posted by Wiz at 3:18 PM | Permalink

back to top ^