Spam and email threat analysis for the week ending Nov 13, 2011

For the second week in a row my spam volume and percentage has dropped, this time by 5% from the previous week. Also, the number of malware bearing emails was down from previous weeks. There was a new entry into the malware scams: Postal delivery failures.

Most of last week's spam was for pharmaceuticals (including Viagra and Cialis), from fake pharmacies, male enhancement pills, Russian brides, pirated software (on Ukrainian .com.ua domains) and replica watches. There were a measurable amount of serious security threats present in three major categories: Wire Transfer and Tax Submission fraud, Courier and Postal Service scams and Money Mule job recruitment scams. These security threats came in attached files containing Trojans, or via links to malware serving websites.

I personally notified one website owner that new folders on his website, containing JavaScript includes to malware servers in Russia, were being used in spam links. Due to my taking the time to contact him, he was able to remove those threats. More people need to get involved in notifying webmasters who are unaware that their websites have been compromised by criminals.

Without any further ado, here are the categories of spam, by percentage, from November 6 through 13, 2011, as obtained from my anti-spam program: MailWasher Pro.

During the last week I received about 390 email messages, to all of my accounts. Of those, 130 were classified as spam by MailWasher Pro. That is 33% spam. My custom Blacklist did a good job of blocking all manner of spam and scams sent from domains on my blacklist.

Here are the categories of spam as classified by my custom spam filters.

Ukrainian Spam Domain Links (.com.ua) (pirated software): 28.66%
Pharmaceuticals: 15.92%
Viagra: 10.19%
Counterfeit Replica Watches: 9.55%
Blacklisted senders, from my own blacklist: 8.28%
Russian Bride Dating Scams: 7.01%
Male Enhancement: 5.10%
Tax Fraud malware scams:3.82%
Money Mule job recruiter scams:3.82%
Other, miscellaneous categories: 3.18%
DNS Blacklist Servers: 1.91%
Courier malware scams: 1.27%
URL Shortener spam links: 1.27%

The above stats were derived from MailWasher Pro and most were classified by anti-spam filters I write and publish. I frequently update these filters.

The following updates were made to my spam filters this week.

Misspelled Viagra,
Wire Transfer Fraud.
New Filter: From India.
New Filter: Tax Fraud (EFTPS).
New Filter: Postal Service Scam

I made 4 additions to my custom blacklist (individual email addresses and wildcard Regular Expressions):

*.sdfdsf@+
info.center@eftps.gov
info.manager@+.gov
@usps.net

I publish filters for both the old and new versions of MailWasher Pro. However, the new version allows for more lines of conditions than the previous ones. If you use a desktop application to send and receive POP3 email, MailWasher can act as a spam filter before you download email to your email client. You can learn more about the program, download a trial version, or purchase a subscription, at the MailWasher Pro website.

Trend Micro Internet Security products,

for home and office users, use in-the-cloud malware definitions that are updated every day, all day, as soon as new or altered strains of viruses and other malware are detected in the wild and analyzed. By offloading the bulk of these ever changing virus definitions to cloud servers, the load on your computers is greatly reduced. All users of Trend security programs are instantly protected from hostile web pages laden with malware exploits and hostile email, by the Trend Micro Smart Protection Network.