Spam increases 11% over previous week: Aug 22-28, 2011
After a month of lower email spam volumes, this past week I saw an 11% increase over the previous week, which itself had a 7% increase from the week before. That makes about 18% more spam than two full weeks ago. Most troubling was the fact that a lot of this unwanted email contained malware infected attachments.
The last spam run containing infected attachments was a fake ACH Payment Canceled campaign. It started immediately after a run of fake Uniform Ticket email scams, and both contained the Zeus, a.k.a. Zbot Trojan. This is a hidden keylogger that watches for victims to login to particular banks, Trust companies, PayPal, website control panels, or trading companies. It collects the login credentials and sends them in a data stream to the criminals renting the use of the botnet responsible for sending the spam run. They then steal your money, or hack your websites.
There was also a continuation of the previous week's fake Facebook Friend Requests, containing links leading to direct downloads of Trojans. I wrote about this scam earlier this week, in this article: Beware Fake Facebook Friend Requests, Leading to Malware. To date, all of the requests I have received have contained Arabic names in the subject, but, that may change next time the miscreants behind this scam send another spam blast.
Since I noticed last Sunday that the volume of spam was staying high, I returned to using MailWasher Pro 6.4 to block spam and collect statistics that are easy to view and use in my reports. The current new version, 2011, is fully capable of blocking as much of the spam as the older version, but lacks a statistics page as of this writing.
In case you were wondering, one you can still purchase a licensed copy of MailWasher Pro 6.4, from the Firetrust website. Or, if you don't care about the Statistics readout, but want faster processing, try the new version (same link).
Here are the basic stats for the last week's spam:
Total email received: 501
Amount classified as spam: 219
Percentage of spam: 43%
Number matched by my custom filters: 208
Number caught by my Blacklist: 5
Number identified by DNS Blacklusts: 4
Reported to SpamCop: 29
Individual categories of spam follow...
Percentages of spam by category of filter.
Counterfeit Watches: 15.67%
Misc filters: 13.36%
Male Enhancement: 11.52%
Cialis (counterfeit): 11.52%
Weight Loss scams (HCG): 9.22%
Courier Scams (UPS): 9.22%
Pharmaceutical Spam: 8.76%
Software Spam: 5.99%
Zip Attachments (Zeus Trojan): 4.15%
.RU, .RO, or .UA links: 3.23%
Fake Facebook Fried Requests (Arabic names): 3.23%
My Custom Blacklist: 2.30%
DNS Blacklisted Email Servers: 1.84%
Updates to my Custom MailWasher Filters:
E-Card Scam,
Known Spam Domains ,
.RU or .UA Domain Link (2x),
Software Spam.
New filter: Fake Facebook Friend Request.
Split Software Spam into 2 new filters: Software Spam [S] and Software Spam [B] and updated both.
New Blacklist entries:
[email protected] AND [email protected]
Note: I write and publish custom spam filters for both the old and new versions of MailWasher Pro.
I use and recommend MailWasher Pro (2011) to screen my incoming POP3 email for spam, scams and virus threats, before downloading anything to my Windows Live Mail email client.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.