Spam and email threat analysis for the week ending Dec 11, 2011
This past week, I had a 2% increase in my percentage of spam, vs legitimate email, bring my spam percentage to 24%. This, coupled with the big decrease of last week, brings spam levels to the lowest this year. Much of this decline in spam has to do with the takedowns of several major spam botnets. It also has to do with spammers finding it more lucrative to use social networks to conduct their illicit business.
Overall, it was a quiet week, threat-wise. I only received 10 messages leading to malware servers and none that carried malware in attached files. Of these malware threats, 2 spoofed Bank Of America, 2 spoofed the BBB, 2 were fake contract links, 1 fake changelog, and 3 ACH or FDIC scams.
Although I didn't personally see any, I read that other security researchers and honeypots have captured spam email containing links to fake update notices for Adobe Acrobat and Reader and Adobe X Suite Advanced and fake "License keys" for Adobe InDesign. All of these led to the installation of Trojan Horse programs that steal banking credentials and force the infected machine to become part of a spam and attack botnet.
Please go directly to www.adobe.com (type it into your browser's address bar) to obtain any updates or licenses for Adobe products. Do not click on links in email messages. 99.99999% are fraudulent and lead to malware exploit kits.
Top Spam Categories for the week ending on December 11, 2011:
These statistics were obtained from MailWasher Pro, an anti spam program that goes between email servers and your desktop email client.
Interestingly, Turkish hosted online casinos were the top category of spam. I created some new rules for my MailWasher Pro spam filters to detect and delete the new Casino Spam. There were 15 casino spam messages.
The second biggest category was my custom Blacklist, which automatically deleted 14 spam and scam email messages. The processing of the Blacklist precedes any custom filters, making it more efficient on the CPU than the filters. The Blacklist is loaded with the program. Any messages not containing a Blacklisted sender or domain are passed on to my custom spam filters.
The lesser categories of spam are as follows:
Pharmaceutical spam had just 8 messages.
Male enhancement, Russian Brides and counterfeit watches each had 7 spam messages.
Cialis and Viagra accounted for 6 messages.
My Russian (.ru) domain filter blocked 5 spams.
Fake diplomas and unlicensed prescription drugs each had 4 spam emails.
The remaining 12 messages were for various types of spam offerings, from scams to weight loss berries and some URL shortener links to possibly dangerous destinations.
The following updates were made to my spam filters this week.
Casino Spam,
Diploma Spam [B regexp]
Money Mule Scam (#2 for v 6.x),
Unlicensed Prescription Drugs
I made 2 additions to my custom blacklist (individual email addresses and wildcard Regular Expressions):
[email protected]
[email protected]
I publish filters for both the old and new versions of MailWasher Pro. However, the new version allows for more lines of conditions than the previous ones. If you use a desktop application to send and receive POP3 email, MailWasher can act as a spam filter before you download email to your email client. You can learn more about the program, download a trial version, or purchase a subscription, at the MailWasher Pro website.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.