Spam and email threat analysis for the week ending Dec 4, 2011
This week I saw a drop in my overall volume of email, but the percentage of spam actually declined by 2%, to 22%.
First place went to spam for the ridiculous Russian Bride scams. Second place went to spam for fake-replica name brand watches. Third place remained firmly in the grasp of male enhancement scams. Every other typical spam category paled compared to these three.
The other categories of spam last week were covered by casinos, Cialis, fake diplomas, weight loss drugs, NACHA failed deposit fraud and money mule job scams. If you have been reading my blog you know that the NACHA emails are all fraudulent and are meant to infect your computers with a bank account stealing Trojan and to draft it into a spam botnet.
Most of the online exploit attacks that succeed, like the NACHA and ACH fraud, do so by means of exploit kits that seek to compromise vulnerable versions of the Java Virtual Machine. Java is the #1 attack vector targeting user's web browsers. If you are using a non-current version of Java, or even have older versions in your Program Files directory, you are at great risk of being exploited. The exploits I refer to will place financial and auction account credential stealing Trojans on your computer, along with making it a zombie member of a spam botnet.
You can check to see if Java is installed on your Windows computers by going to Control Panel and looking for an icon named Java. If it is there, double click to open the control box, then click on the Update tab, then click the button to check for updates. Accept any updates to Java. Set the updater to automatically check every day, at a time when your PC is on. Next, use the Add/Remove Programs icon to look for older versions of Java and uninstall all but the newest version and build. Close and restart your browser to flush out any lingering out-dated version of Java.
If you don't need Java, or don't know if you need it, uninstall it completely and close the number one attack vector used by the BlackHole Exploit Kit.
The money mule scams have been covered in recent articles on my blog (search it for money mule). One is enticed by the promise of unrealistic wages for part time work at home. What the respondents don't usually know is that the ads and websites (for Rock Cruit Management, or Rock Smith Management) are placed by Russian cybercriminals. The jobs entail receiving and relaying either money stolen by Zeus or SpyEye Trojans, or goods bought on auction sites with stolen credit cards and PayPal accounts (The aforementioned Trojans also steal PayPal and eBay credentials).
In past weeks, Russian scammers were using Ukrainian registered domain names to hawk pirated software. This week, the stolen software messages are gone and have been replaced by spam for counterfeit name brand purses, glasses, shoes and watches. Virtually every other piece of email spam that contained a link led to a Russian registered website, ending in .RU.
I use a program called MailWasher Pro to prescreen all incoming email for unwanted content, or threats. The program makes use of several methods to detect and block spam. But, my favorite is the use of user-created spam filters. I write and publish my own custom MailWasher Pro spam filters. The current version of MailWasher Pro, as of this article, is version 2012, which was just introduced. My filters are written for both the new format and old format, 6.x of MailWasher, so all users can benefit from my spam filters.
The following updates were made to my spam filters this week.
Known Spam Subjects #4,
Money Mule Scam updated and split into 2 filters: Money Mule Scam #1 and Money Mule Scam #2 (split in version 6.x only. Updated in v 2011/2012);
Watches Spam updated and split into 2 new filters: [From or Subject] and [Body] (split in version 6.x only. Updated in v 2011/2012)
I made 0 additions to my custom blacklist (individual email addresses and wildcard Regular Expressions):
My Blacklist is working just fine; thank you!
I publish filters for both the old and new versions of MailWasher Pro. However, the new version allows for more lines of conditions than the previous ones. If you use a desktop application to send and receive POP3 email, MailWasher can act as a spam filter before you download email to your email client. You can learn more about the program, download a trial version, or purchase a subscription, at the MailWasher Pro website.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.