Wiz's Computer and Website Security Blog

Today I received an unusual phishing scam that I traced to Lagos, Nigeria. It is disguised as an urgent message from the Windows Live Team, to all Hotmail subscribers. The subject was: "LAST WARNING (ACCOUNT ALERT)" - in all capital letters - as is typical of Nigerian 419 scammers. The email claims that Hotmail is overloaded with free user accounts and must prune unused accounts to free up resources. What a bunch of hooey! Anyway, the intended victim is asked for his or her Hotmail address and password (Microsoft already knows this), date of birth (why would Microsoft need that?) and your location. The details are supposed to be filled out in the enclosed form and submitted to the scammers.

This is a phishing scam looking to steal active Hotmail accounts for use as spam sending zombies, using Hotmail's good reputation to avoid email sender blockades. The phished date of birth information can be crosschecked against other stolen or looked up details about you, or they can read your personal details saved in your Hotmail account profile, to perform identity theft. This information would then be sold to more advanced cyber criminals.

The scam email I received today was sent from the IP address 62.173.55.107 which is part of the CIDR 62.173.32.0/19, which covers all IPs between 62.173.32.0 and 62.173.63.255. This CIDR is registered to ipNX Nigeria Limited, in Lagos, NG.

I discuss methods of preventing these Nigerian scam emails from reaching your desktop email clients, or forum members, in my extended comments.

Continue reading "New Nigerian phishing scam targets Hotmail users" »

Posted by Wiz at 5:13 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

The volume of spam coming to my various honeypots and user accounts has increased slightly this week. This indicates to me that some of the Botnets that lost their Control and Command servers following the forced shutdown of colocation host Pricewert have found other server hosts that allow illegal activities. Thus, sleeping zombie bots are awakening and spamming again.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week was for various fake pharmacies, which sell illicit and counterfeit pharmaceuticals like Viagra, weight loss scams and phishing scams.

See my extended comments for this week's breakdown of spam by category, for June 22 - 28, 2009 and the latest additions to my custom MailWasher Pro filters

Continue reading "My Spam analysis for June 22 - 28, 2009" »

Posted by Wiz at 1:33 PM | Permalink

Here is a summary of this week's vulnerabilities and exploits in the wild, as reported by Secunia, Websense and other security firms. Actually, this has been a quieter week than most.

Websense has been following a website code injection event they named the "Nine Ball Mass Injection," which is a follow-up to the "Beladen" and "Gumblar" mass injection attacks last month This is a situation where cyber criminals exploit vulnerable web application scripts that have not been secured by the webmasters who operate those websites. Too many webmasters use free scripts that are rarely, if ever updated to patch announced vulnerabilities. Hackers send out automatic scripts (a.k.a. robots, spiders) that try to upload hostile files to any website they come across. Once they find an unpatched point of entry they are able to alter the codes on any web pages (usually the home page) they want. In the past, hackers would deface home pages with gibberish or slogans for their causes. Now, it is criminals who sneak in dangerous hidden codes that redirect innocent visitors to hostile websites, where malware is attempted to be downloaded to the victims' computers. Most are successful, because most people do not, or cannot keep up with patches released by every vendor of the add-ons and plug-ins used by their browsers.

Most of the malware being downloaded by the Nine Ball and similar exploits is fake security applications that pretend to scan you computer, announce so many threats found, then demand payment to remove those threats. These are tandem malware programs, with part one being the fake alerts and part two being the fake remover. After you pay to unlock the remover, it only removes the alerts its sister placed there in the first place. You will have submitted your credit or debit card information to cyber criminals in the Former Soviet Union and can expect to have your accounts drained shortly.

The rest of this weeks vulnerabilities and exploits are in my extended comments.

Continue reading "Weekly roundup of vulnerabilities and exploits in the wild" »

Posted by Wiz at 2:42 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

The volume of spam coming to my various honeypots and user accounts has decreased again this week. This is probably attributable to the forced closure of Pricewert, a spam-friendly hosting company, where Botnet command and control (C&am;C) servers and malware hosting was carried out by its customers, with no action taken by the company to halt those activities. With the C&C controllers offline their Botnets cannot receive updates or new instructions and fall silent, like zombies. Spammers then find other means of delivering their crap to us.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the fake pharmacies, which sell illicit and counterfeit pharmaceuticals, Nigerian 419 scams, and dating scams. Also, the volume of phishing scams targeting customers of various banks and credit cards remained strong again this week.

See my extended comments for this week's breakdown of spam by category, for June 15 - 21, 2009 and the latest additions to my custom MailWasher Pro filters

Continue reading "My Spam analysis for June 15 - 21, 2009" »

Posted by Wiz at 4:29 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam, spam, spam, spam, spam, spam, spam (from the old Monty Python routine)! The volume of spam coming to my various honeypots and user accounts has held steady this week, still at a relatively low volume (some spammers do prune honeypot accounts from their lists). Some of this is also attributable to the forced closure of Pricewert, a spam-friendly hosting company, where Botnet command and control servers and malware hosting was carried out by its customers, with no action taken by the company to halt those activities.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the fake pharmacies, which sell illicit and counterfeit pharmaceuticals, Nigerian 419 scams, fake Cialis and Viagra. Also, the volume of phishing scams targeting customers of various Australian banks and credit card holders remained in the running this week.

See my extended comments for this week's breakdown of spam by category, for June 8 - 14, 2009 and the latest additions to my custom MailWasher Pro filters

Continue reading "My Spam analysis for June 8 - 14, 2009" »

Posted by Wiz at 12:42 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam, spam, spam, spam, spam, spam, spam (from the old Monty Python routine)! The volume of spam coming to my various honeypots and user accounts has held steady this week, still at a relatively low volume (some spammers do prune honeypot accounts from their lists). The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the fake pharmacies, which sell illicit and counterfeit pharmaceuticals, Nigerian 419 and lottery scams, Cialis and Viagra. Also, the volume of phishing scams targeting customers of various Australian banks and credit card holders remained steady this week.

See my extended comments for this week's breakdown of spam by category, for June 1 - 7, 2009 and the latest additions to my custom MailWasher Pro filters

Continue reading "My Spam analysis for June 1 - 7, 2009" »

Posted by Wiz at 4:05 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

The volume of spam coming to my various honeypots and user accounts has been steadily increasing over the past month. This is due to the activity of various wounded spam Botnets coming back to life (after the takedown of McColo), or new ones like the Russian Cutwail Botnet, being pressed into service. The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the fake Canadian Pharmacy, which sells illicit and counterfeit pharmaceuticals, Nigerian 419 scams, fake watches and Viagra, "stud" tips and male enhancement scams (same websites). I also saw an increase in Australian banking phishing scams this week.

See my extended comments for this week's breakdown of spam by category, for May 25 - 31, 2009 and the latest additions to my custom MailWasher Pro filters

Continue reading "My Spam analysis for May 25 - 31, 2009" »

Posted by Wiz at 3:47 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

I am still seeing a greatly reduced amount of spam, possibly due to me being white-listed by spammers, trying to avoid my honeypots, or because of troubles spammers might be having controlling their Botnets. Nonetheless, the types of spam I am getting are most likely the same types you are getting, just in a different quantity. The classifications can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the fake Canadian Pharmacy, which sells illicit and counterfeit pharmaceuticals, spam for unsubstantiated Acai Berry weight loss remedies and the usual male and female enhancement scams. I also saw an increase in bank Phishing scams this week.

See my extended comments for this week's breakdown of spam by category, for May 18 - 24, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for May 18 - 24, 2009" »

Posted by Wiz at 3:09 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

I am still seeing a greatly reduced amount of spam, possibly due to me being white-listed by spammers, trying to avoid my honeypots, or because of troubles spammers might be having controlling their Botnets. Nonetheless, the types of spam I am getting are most likely the same types you are getting, just in a different quantity. The classifications can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the offshore knockoff pharmaceuticals, like Viagra, bogus weight loss remedies and male enhancement scams. Other classifications, like Blocked Countries, usually include counterfeit drug promotions, sometimes in embedded images, or in vertical text and html tricks.

See my extended comments for this week's breakdown of spam by category, for May 11 - 17, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for May 11 - 17, 2009" »

Posted by Wiz at 4:07 PM | Permalink

Takeaway

This is a technical article about securing a Perl "FormMail" script against spammers who attempt to hijack these scripts for use as spam relays. For those not in the know, FormMail, written in the "Perl" scripting language, is one of the original mailer scripts freely available for general use on websites. It is used by millions of webmasters to send email from a web page form. However, unbeknown to many webmasters, older versions of FormMail are totally insecure and can be exploited as spam relays.

History of FormMail

The original version of FormMail was written in 1995 by Matt Wright and was made available for free on his website: Matt's Script Archive. Unfortunately, the early versions of his FormMail script were very insecure and easily turned into spam relays. This fact was seized upon in 2002 by spammers who used bots to scour websites in search of these exploitable scripts, by name or variations thereof. In response, on April 19, 2002, Matt rewrote his FormMail script to secure it better and released it as version 1.91. This was to become the final version of Matt's FormMail. It remains mostly insecure to this day, yet is in use by website owners around the World who haven't learned about the exploits targeting FormMail.

Several years ago I wrote an in depth web article describing the vulnerabilities in Matt's FormMail, partially titled: FormMail Security Vulnerabilities and Solutions, in which I also recommended a drop in secure replacement script known as NMS FormMail, which was developed by a group of calling themselves the London Perl Mongers. My article is still a valuable resource and will bring most webmasters up to speed on what they need to do to protect their websites from FormMail exploiters. Following my recommendations will certainly help to secure any FormMail scripts you may be using. It will also protect your email account(s) from being harvested by creating alias numbers for them, in NMS FormMail, instead of using plain text addresses to submit to. But, there's more you can do that wasn't covered in my original article.

Securing FormMail - 101

One of my recommendations was renaming your FormMail script to something other than its default spelling: formmail.pl. While this makes it a little harder to locate the script for hostile bots it is useless at protecting it against human spammers. All they need to do is to read the source code of your contact, or feedback pages to get the name of the script that processes your forms and mails comments to you. Then they can go after that script by its new name to try to exploit it for use as a spam relay. If it really is an insecure version of Matt's FormMail it will be used as a spam relay! If you are running your website on an Apache web server, as most of us are, there are special codes, called Mod_Rewrite Directives, that can be applied to a particular server file named .htaccess to completely hide the name of the renamed script, protecting it from being used as a spam relay. If you are allowed to add these directives you can make your FormMail script invisible to spammers.

Read the rest of the details in my extended comments.

Continue reading "Securing FormMail scripts against spambots" »

Posted by Wiz at 2:15 AM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

I am still seeing a greatly reduced amount of spam, possibly due to me being white-listed by spammers, trying to avoid my honeypots, or because of troubles spammers might be having controlling their Botnets. Nonetheless, the types of spam I am getting are most likely the same types you are getting, just in a different quantity. The classifications can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the offshore knockoff pharmaceuticals, bogus weight loss remedies, male enhancement scams and Nigerian 419 advance fee fraud scams and phishing scams. Other classifications, like Blocked Countries, usually include counterfeit drug promotions, sometimes in embedded images, or in vertical text and html tricks.

MailWasher Pro spam category breakdown for May 3 - 10, 2009. Spam amounted to 15% of my incoming email this week. This represents a 6% increase from last week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

To protect your computer from malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security.

Continue reading "My Spam analysis for May 3 - 10, 2009" »

Posted by Wiz at 3:10 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

I am seeing a greatly reduced amount of spam, possibly due to me being white-listed by spammers, trying to avoid my honeypots, or because of troubles spammers might be having controlling their Botnets. Nonetheless, the types of spam I am getting are most likely the same types you are getting, just in a different quantity. The classifications can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the fake watches, male enhancement junk and Nigerian 419 advance fee fraud scams. Other classifications, like Blocked Countries, usually include counterfeit drug promotions, sometimes in embedded images, or in vertical text and html tricks.

MailWasher Pro spam category breakdown for April 27 - May 2, 2009. Spam amounted to 9% of my incoming email this week. This represents a 2% decrease from last week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

To protect your computer from malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security.

Continue reading "My Spam analysis for April 27 - May 2, 2009" »

Posted by Wiz at 2:58 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule. These particular spam messages are sent from a Botnet that has fallen silent for some reason; possibly due to large-scale disinfection (e.g: by the Microsoft Malicious Software Removal Tool), or takedowns of command and control servers used by that Botnet (see takedown of McColo).

I am seeing a greatly reduced amount of spam, possibly due to me being white-listed by spammers, trying to avoid my honeypots, or because of troubles spammers might be having controlling their Botnets. Nonetheless, the types of spam I am getting are most likely the same types you are getting, just in a different quantity. The classifications can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the fake "Canadian Pharmacy" and Nigerian 419 advance fee fraud and money laundering scams. Other classifications, like Blocked Countries, usually include counterfeit drug promotions, sometimes in embedded images, or in vertical text and html tricks.

MailWasher Pro spam category breakdown for April 20 - 26, 2009. Spam amounted to 7% of my incoming email this week. This represents a 1% decrease from last week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

To protect your computer from malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security.

Continue reading "My Spam analysis for April 20 - 26, 2009" »

Posted by Wiz at 1:30 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule.

I am seeing a greatly reduced amount of spam, possibly due to me being white-listed by spammers, trying to avoid my honeypots. Nonetheless, the types of spam I am getting are most likely the same types you are getting, just in a different quantity. The classifications can help you adjust your email filters according to what is most common, on a weekly basis. The majority of spam this week was for male enhancement scams (all such products are fake) and Nigerian 419 advance fee fraud scams.

MailWasher Pro spam category breakdown for April 13 - 19, 2009. Spam amounted to 8% of my incoming email this week. This represents a 1% decrease from last week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

To protect your computer from malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security.

Continue reading "My Spam analysis for April 13 - 19, 2009" »

Posted by Wiz at 2:47 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule.

I am seeing a greatly reduced amount of spam, possibly due to me being white-listed by spammers, trying to avoid my honeypots. Nonetheless, the types of spam I am getting are most likely the same types you are getting, just in a different quantity. The classifications can help you adjust your email filters according to what is most common, on a weekly basis.

MailWasher Pro spam category breakdown for April 6 - 12, 2009. Spam amounted to 9% of my incoming email this week. This represents a 3% increase from last week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

To protect your computer from malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security.

Continue reading "My Spam analysis for April 6 - 12, 2009" »

Posted by Wiz at 2:33 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule.

I am seeing a greatly reduced amount of spam, possibly due to me being white-listed by spammers, trying to avoid my honeypots. Nonetheless, the types of spam I am getting are most likely the same types you are getting, just in a different quantity. The classifications can help you adjust your email filters according to what is most common, on a weekly basis.

MailWasher Pro spam category breakdown for March 30 - April 5, 2009. Spam amounted to 6% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

To protect your computer from malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security.

Continue reading "My Spam analysis for March 30 - April 5, 2009" »

Posted by Wiz at 4:39 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam (to my honeypot accounts) is still way down from last fall, thanks to the efforts of security companies, who have tirelessly pursued the server colocation facilities used by spammers to command and control spam-sending Botnets and then shut them down or get spam accounts terminated. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, my spam count has been slowly increasing since the third week of January, 2009. This may be by design, as spammers are known to occasionally whitelist honeypot email accounts, to avoid detection.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule.

MailWasher Pro spam category breakdown for March 23 - 29, 2009. Spam amounted to 8% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for March 23 - 29, 2009" »

Posted by Wiz at 4:10 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam (to my honeypot accounts) is still way down from last fall, thanks to the efforts of security companies, who have tirelessly pursued the server colocation facilities used by spammers to command and control spam-sending Botnets and then shut them down or get spam accounts terminated. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, my spam count has been slowly increasing since the third week of January, 2009. This may be by design, as spammers are known to occasionally whitelist honeypot email accounts, to avoid detection.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule.

MailWasher Pro spam category breakdown for March 16 - 22, 2009. Spam amounted to 8% of my incoming email this week. This represents a 3% decrease from last week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for March 16 - 22, 2009" »

Posted by Wiz at 3:21 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam is still way down from last fall, thanks to the efforts of security companies, who have tirelessly pursued the server colocation facilities used by spammers to command and control spam-sending Botnets and then shut them down or get spam accounts terminated. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, my spam count has been slowly increasing since the third week of January, 2009.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. These two blacklist rules caught over 22% of this week's spam. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule.

MailWasher Pro spam category breakdown for March 9 - 15, 2009. Spam amounted to 11% of my incoming email this week. This represents a 1% decrease from last week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for March 9 - 15, 2009" »

Posted by Wiz at 11:35 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam is still way down from last fall, thanks to the efforts of security companies, who have tirelessly pursued the server colocation facilities used by spammers to command and control spam-sending Botnets and then shut them down or get spam accounts terminated. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, my spam count has been slowly increasing since the third week of January, 2009.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. These two blacklist rules caught over 22% of this week's spam. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule.

MailWasher Pro spam category breakdown for March 2 - 8, 2009. Spam amounted to 12% of my incoming email this week. This represents a 6% decrease from last week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for March 2 - 8, 2009" »

Posted by Wiz at 4:05 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam is still way down from last fall, thanks to the efforts of security companies, who have tirelessly pursued the server colocation facilities used by spammers to command and control spam-sending Botnets and then shut them down or get spam accounts terminated. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, my spam count has been slowly increasing since the third week of January, 2009.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. These two blacklist rules caught over 22% of this week's spam. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule.

MailWasher Pro spam category breakdown for Feb 23 - Mar 1, 2009. Spam amounted to 18% of my incoming email this week. This represents a 2% increase from last week. The Botnets are coming back to life.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Feb 23 - Mar 1, 2009" »

Posted by Wiz at 3:48 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam is still way down from last fall, thanks to the efforts of researchers in the security field. Starting with the takedown of the colocation facility McColo, on November 11, 2008, levels of incoming messages MailWasher identified as spam have dropped dramatically. That company provided hosting space and maintenance for privately owned servers that were used by spammers to command and control spam-sending Botnets. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, my spam count has been slowly increasing since the third week of January, 2009.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. These two blacklist rules caught over 22% of this week's spam.

MailWasher Pro spam category breakdown for Feb 16 - 22, 2009. Spam amounted to 16% of my incoming email this week. This represents a 6% increase from last week. The Botnets are coming back to life.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Feb 16 - 22, 2009" »

Posted by Wiz at 3:29 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam is still way down from last fall, thanks to the efforts of researchers in the security field. Starting with the takedown of the colocation facility McColo, on November 11, 2008, levels of incoming messages MailWasher identified as spam have dropped dramatically. That company provided hosting space and maintenance for privately owned servers that were used by spammers to command and control spam-sending Botnets. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, my spam count has been increasing at the rate of about 1% per week, since the third week of January, 2009.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. These two blacklist rules caught 5% of this week's spam. This is way down from last week when those two filters stopped 1/3 of all the incoming spam. Another Botnet must have gone offline.

MailWasher Pro spam category breakdown for Feb 9 - 15, 2009. Spam amounted to only 10% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Feb 9 - 15, 2009" »

Posted by Wiz at 4:00 PM | Permalink

After three months of reduced spam volumes I am now seeing a sudden resurgence, especially in the form of the fake Canadian Pharmacy, unapproved Asian made Viagra and various male enhancement pills, strips and patches. All of this spam, like all spam from the year before, is sent via compromised Windows computers which have been unknowingly recruited in spam Botnets. These Botnets are commanded and controlled by criminals in Eastern Europe (in the former Soviet Union) and other places where authorities tend to turn a blind eye to cyber criminal activities.

It is difficult to know which Botnet is sending out this new round of pharmacy spam without capturing a Bot and logging its actions and reading its spam templates, but this has all the earmarks of the Mega-D Botnet (speculation). Mega-D, otherwise know as Ozdok, was one of the most prolific Botnets still running after the takedown of the McColo Corp. spam control and command servers, on November 11, 2008. The majority of the colocation servers in that facility were used for illegal activities, including command and control of several Botnets. It was the first to re-emerge and resume spamming and is very likely responsible for the current resurgence I saw yesterday and today. If not, it is a similar Botnet, being rented out to spammers (the Bot Masters usually rent portions of their Botnets to spammers, rather than doing any spamming themselves).

I didn't write my usual Sunday spam report this week, because the amount of spam for the week of February 2 - 8, 2009 was ridiculously low (around 7%) and only encompassed four categories, as defined by my MailWasher Pro custom filter rules. Still, a pattern was developing an I can now report on it. Maybe this will help others in identifying the Botnet behind this recent spam run. Most of the spam coming in from February 8 through 11 is identified by my "Hidden ISO or ASCII Subject" filter. The emails sent to English speaking North American inboxes do not require any ISO or ASCII codes to be read by the recipients, as long as the Subjects are typed in English. However, messages composed in European locations, or in Asia, by non-English speakers might require this code to become readable at various destinations. They can tailor the ISO code to display the spam subject in the language of the desired recipient country. This is what has been going on since the Mega-D Botnet emerged in late November, 2008.

For you folks who use MailWasher Pro to filter out spam and aren't using my custom filters already can apply the following filter to detect and either flag, or auto-delete any spam containing a hidden ISO subject. The following code must only occupy one long line and goes into your filters.txt file, located in your logged in identity's %AppData%\MailWasherPro folder. Note, that you must close MailWasher before editing filters.txt, save the changes, then reopen the program.

[enabled],"Hidden ISO Subject","Hidden ISO or Ascii Subject",16711680,OR,Delete,Automatic,EntireHeader,containsRE,^Subject:[^\n]*?=?ISO-8859-[^\n]*?\n,EntireHeader,contains,"Subject: =?us-ascii?",EntireHeader,contains,"Subject: =?windows-1251?B?",EntireHeader,contains,"Subject: =?gb2312?B?"

If you don't trust the accuracy of my filter you should remove the word: Automatic, from the rule. This will cause the rule to only flag such messages as spam, matching the Hidden ISO rule, with a checkmark in the Delete column, in MailWasher Pro.

Continue reading "Return of the Botnets- Spam is on the rise again" »

Posted by Wiz at 3:48 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Wow! Spam is down for another week, thanks to the efforts of some of our colleagues in the security field. Starting with the takedown of the colocation facility McColo, on November 11, 2008, levels of incoming messages MailWasher identified as spam have dropped dramatically. That company provided hosting space and maintenance for privately owned servers that were used by spammers to command and control spam-sending Botnets. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, I suspect that a huge new Botnet is currently being assembled, via the Conficker/Downadup Worm. More about this emerging threat will be in a forthcoming article.

Once again, with the main command and control servers being partially or fully offline, I urge all Windows computer owners and sys admins to install security applications that are capable of detecting SpamBot activity. Please do yourself a favor and protect your PCs against Bots with Norton AntiBot, or Trend Micro's free program called RUBotted.

Some of the top rated Internet security products now contain Bot detections and prevention components. These in include Symantec and Trend Micro Internet Security Suites. I wrote a blog article about detecting and removing Bots in December, 2008. You can also visit Microsoft's download center and grab a current copy of the Malicious Software Removal Tool and let it scan your computer for malware and Bots. It will remove any threats listed in the tool's database, which now include the widespread Conflicker/Downadup Worm. Microsoft has been at war with Botnets since September 2007 (when they took down much of the Storm Botnet) and has made a huge dent in their numbers. This tool is totally free and is updated once a month. It is regularly released on Patch Tuesdays.

Note, that I have re-enabled my pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. These two blacklist rules alone caught 33% of this week's spam!

MailWasher Pro spam category breakdown for Jan 19 - Feb 1, 2009. Spam amounted to a measly 9% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Jan 19 - Feb 1, 2009" »

Posted by Wiz at 12:05 AM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Wow! Spam is down for another week, thanks to the efforts of some of our colleagues in the security field. Starting with the takedown of the colocation facility McColo, on November 11, 2008, levels of incoming messages MailWasher identified as spam have dropped dramatically. That company provided hosting space and maintenance for privately owned servers that were used by spammers to command and control spam-sending Botnets. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, I suspect that a huge new Botnet is currently being assembled, via the Conficker/Downadup Worm. More about this emerging threat will be in a forthcoming article.

Once again, with the main command and control servers being partially or fully offline, I urge all Windows computer owners and sys admins to install security applications that are capable of detecting SpamBot activity. Please do yourself a favor and protect your PCs against Bots with Norton AntiBot, or Trend Micro's free program called RUBotted.

Some of the top rated Internet security products now contain Bot detections and prevention components. These in include Symantec and Trend Micro Internet Security Suites. I wrote a blog article about detecting and removing Bots in December, 2008. You can also visit Microsoft's download center and grab a current copy of the Malicious Software Removal Tool and let it scan your computer for malware and Bots. It will remove any threats listed in the tool's database, which now include the widespread Conflicker/Downadup Worm. Microsoft has been at war with Botnets since September 2007 (when they took down much of the Storm Botnet) and has made a huge dent in their numbers. This tool is totally free and is updated once a month. It is regularly released on Patch Tuesdays.

Note, that I have re-enabled my pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. These two blacklist rules alone caught 52% of this week's spam!

MailWasher Pro spam category breakdown for Jan 19 - 25, 2009. Spam amounted to 22% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Jan 19 - 25, 2009" »

Posted by Wiz at 2:13 PM | Permalink

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Wow! Spam is down for another week, thanks to the efforts of some of our colleagues in the security field. Starting with the takedown of the colocation facility McColo, on November 11, 2008, levels of incoming messages MailWasher identified as spam have dropped dramatically. That company provided hosting space and maintenance for privately owned servers that were used by spammers to command and control spam-sending Botnets. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, I suspect that a huge new Botnet is currently being assembled, via the Conficker/Downadup Worm. More about this emerging threat will be in a forthcoming article.

Once again, with the main command and control servers being partially or fully offline, I urge all Windows computer owners and sys admins to install security applications that are capable of detecting SpamBot activity. Please do yourself a favor and protect your PCs against Bots with Norton AntiBot, or Trend Micro's free program called RUBotted.

Some of the top rated Internet security products now contain Bot detections and prevention components. These in include Symantec and Trend Micro Internet Security Suites. I wrote a blog article about detecting and removing Bots in December, 2008. You can also visit Microsoft's download center and grab a current copy of the Malicious Software Removal Tool and let it scan your computer for malware and Bots. It will remove any threats listed in the tool's database, which now include the widespread Conflicker/Downadup Worm. Microsoft has been at war with Botnets since September 2007 (when they took down much of the Storm Botnet) and has made a huge dent in their numbers. This tool is totally free and is updated once a month. It is regularly released on Patch Tuesdays.

Note, that I have re-enabled my pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. These two blacklist rules caught 26% of this week's spam!

MailWasher Pro spam category breakdown for Jan 12 - 18, 2009. Spam amounted to 24% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Jan 12 - 18, 2009" »

Posted by Wiz at 3:13 PM | Permalink

Spam Spam Spam Spam Spam Spam Spam! That repetition of the word Spam comes from a comedy routine by Monty Python's Flying Circus, in 1970. They were referring to the canned cooked ham products that have been marketed by Hormel Foods since 1937. While canned Spam is still very much alive and well, so is another kind of so-called spam; unsolicited commercial email (UCE). This is the crap that contaminates email inboxes with all manner of junk promotions for fake pharmacies, counterfeit watches, pirated software, junk stocks, fake Viagra, bogus male enhancement products, fake diplomas, phishing scams, bogus loans and Nigerian 419 financial and lottery fraud scams. We call junk email spam, based on the Monty Python skit that abused the word by repeating it over and over again, to the point that it becomes obnoxious.

There are quite a few different types of email spam and my Spam Analysis articles categorize them according to what junk they are promoting. To do this I use a commercial email-screening program named MailWasher Pro. MailWasher Pro uses a combination of user configurable filters, blacklists, and a Bayesian learning filter to identify what the users of the program consider to be unwanted spam email. Once messages are identified as spam they are deleted manually or automatically, based on the users' preferences (I prefer automatic deletion). Normally, MailWasher identifies three categories of email: Friends, Known Spam (via a subscription service called FirstAlert!) and Blacklist. However, because the program allows users to create their own filter rules, it can label and categorize many different types of spam messages. I have created many custom MailWasher Pro filters to categorize and delete spam and I use the "Statistics" reports each weekend to share my findings with the rest of the World. You can learn more about MailWasher Pro here.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Note, that the small percentage of reported spam is a recent development that began on November 11, 2008, with the takedown of the McColo server colocation hosting company. This company was allegedly turning a blind eye to illegal activities being conducted by spammers using servers hosted at the McColo facilities. Many of those servers were used by criminals to command and control the Botnets they owned. The compromised computers in those Botnets are used as zombie agents to send spam, scam and phishing emails, to launch DDoS attacks and to host hostile websites, all without the knowledge of the owners of those PCs. Please do us all a favor and protect your PC against Bots!

MailWasher Pro spam category breakdown for Jan 5 - 11, 2009. Spam amounted to 12% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Jan 5 - 11, 2009" »

Posted by Wiz at 1:31 PM | Permalink

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

If you are reading this you have a computer, or smart phone. If you have a computer or smart phone you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages. While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

The overall volume of spam hitting my filters has dropped to very low levels not seen in years. This is due to the problems that Russian cyber criminals are having finding hosts for the servers used to issue command and control signals to their Botnets. This is a fluid situation, with spammers finding temporary hosts who come under pressure from security companies then terminate their connectivity. This has been going on since November 11, 2008. Currently, most spam is being sent via the resurrected Mega-D Botnet, which is famous for male enhancement spam.

Regarding the slowdown in Botnet sent spam, I keep a daily log and Monday, December 29 was the heaviest spam day, seconded by Friday, January 2. Obviously, the Russian Bot Masters are having a difficult time controlling or maintaining their zombie spambots and command and control servers.

The most prominent types of spam categorized this week were for imitations of brand name watches, followed by various pharmaceuticals, including Viagra from fake Internet pharmacies, bogus male enhancement crap, pirated software and some fake diploma spam. Many of these types of spam were caught by my Sender's Blacklist rules, like lin+met@+.de or kef+diz@+, thus, the Blacklist category usually rates fairly high in the results (when I active it).

MailWasher Pro spam category breakdown for December 29, 2008 - January 4, 2009. Spam amounted to 19% of my incoming email this week, with just 30 spam messages analyzed.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Dec 29, 2008 - Jan 4, 2009" »

Posted by Wiz at 4:38 PM | Permalink

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

The overall volume of spam hitting my filters has dropped to very low levels not seen in years. This is due to the problems that Russian cyber criminals are having finding hosts for the servers used to issue command and control signals to their Botnets. This is a fluid situation, with spammers finding temporary hosts who come under pressure from security companies then terminate their connectivity. This has been going on since November 11, 2008. Currently, most spam is being sent via the resurrected Mega-D Botnet, which is famous for male enhancement spam.

The most prominent types of spam categorized this week were for imitations of brand name watches, followed by various pharmaceuticals, including diluted Asian Viagra from fake Internet pharmacies, and some fake diploma spam. Many of these types of spam were caught by my Sender's Blacklist rules, like lin+met@+.de or kef+diz@+, thus, the Blacklist category usually rates fairly high in the results.

MailWasher Pro spam category breakdown for December 22 - 28, 2008. Spam amounted to 17% of my incoming email this week, with just 35 spam messages analyzed.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for December 22 - 28, 2008" »

Posted by Wiz at 4:52 PM | Permalink

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

The overall volume of spam hitting my filters has dropped to very low levels not seen in years. This is due to the problems that Russian cyber criminals are having finding hosts for the servers used to issue command and control signals to their Botnets. This is a fluid situation, with spammers finding temporary hosts who come under pressure from security companies then terminate their connectivity. This has been going on since November 11, 2008. Currently, most spam is being sent via the resurrected Mega-D Botnet, which is famous for male enhancement spam.

The most prominent types of spam categorized this week were for imitations of brand name watches, followed by pirated software, then for fake Viagra from the fake Canadian Pharmacy. Many of these types of spam were caught by my Sender's Blacklist rules, like lin+met@+.de, thus, the Blacklist category is tied for the top position.

MailWasher Pro spam category breakdown for December 15 - 21, 2008. Spam amounted to 18% of my incoming email this week, with just 49 spam messages analyzed.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for December 15 - 21, 2008" »

Posted by Wiz at 3:20 PM | Permalink

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

The overall volume of spam hitting my filters has dropped to very low levels not seen in years. This is due to the problems that Russian cyber criminals are having finding hosts for the servers used to issue command and control signals to their Botnets. This is a fluid situation, with spammers finding temporary hosts who come under pressure from security companies then terminate their connectivity. This has been going on since November 11, 2008. Currently, most spam is being sent via the resurrected Mega-D Botnet, which is famous for male enhancement spam.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common types of spam this week is for fake diplomas, counterfeit watches and various pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. Spam for the fake "Canadian Pharmacy" remained strong as usual, but was surpassed again by spam caught by my "Hidden ISO Subject" filter. Most of the Hidden ISO spam is for imitation Viagra or ineffective male enhancement pills and patches. This hidden ISO or ASCII command in the Subject and From fields is from a template used by spammer. You can be certain this person lives in the former Soviet Union.

"Canadian Pharmacy" and it's offshoot "Canadian Health and Care Mall" is a scam website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The prescription drugs and herbal remedies promoted by the fake Canadian Pharmacy come from a lab in India, named after a flower. Those prescription drugs are illegal to import into the US or Canada and may be seized by postal inspectors upon arrival.

The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, Power Gain Plus, Mega-Dick, or other bogus herbal enlargement formulas, all of which are scams. These male enhancement pills and patches are totally ineffective at permanently lengthening the male organ and may even be dangerous to your health.

MailWasher Pro spam category breakdown for December 8 - 14, 2008. Spam amounted to 16% of my incoming email this week, with just 42 spam messages analyzed.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for December 8 - 14, 2008" »

Posted by Wiz at 3:07 PM | Permalink

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

The overall volume of spam hitting my filters has dropped to very low levels not seen in years. This is due to the problems that Russian cyber criminals are having finding hosts for the servers used to issue command and control signals to their Botnets. This is a fluid situation, with spammers finding temporary hosts who come under pressure from security companies then terminate their connectivity. This has been going on since November 11, 2008.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common types of spam this week is for fake watches and various pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. Spam for the fake "Canadian Pharmacy" remained strong as usual, but was surpassed again by spam caught by my "Hidden ISO Subject" filter. Most of the Hidden ISO spam is for Indian Viagra or ineffective male enhancement pills and patches. This hidden ISO or ASCII command in the Subject and From fields is from a template used by a particular Bot Master for his Botnet. You be be certain this person lives in the former Soviet Union.

"Canadian Pharmacy" and it's offshoot "Canadian Health and Care Mall" is a scam website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The prescription drugs and herbal remedies promoted by the fake Canadian Pharmacy come from a lab in India, named after a flower. Those prescription drugs are illegal to import into the US or Canada and may be seized by postal inspectors upon arrival.

The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, Power Gain Plus, or other herbal enlargement formulas, all of which are scams. Male enhancement pills are totally ineffective and may even be dangerous to your health.

MailWasher Pro spam category breakdown for December 1 - 7, 2008. Spam amounted to 10% of my incoming email this week, with just 27 spam messages analyzed.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for December 1 - 7, 2008" »

Posted by Wiz at 3:22 PM | Permalink

On November 26, 2008, I wrote an article concerning the "Srizbi" Botnet coming back to life, following the shutdown of its Command-and-Control servers (C&C) at McColo, Inc. This happened because the Russian criminals running the Srizbi Botnet, thought to number over 450,000 PCs, were able to lease servers from a web hosting firm in Estonia, to which they uploaded the C&C software. Once these servers came online the zombie computers making up the Botnet army were able to contact the servers and receive new instructions and spam templates. This resulted in a 10% increase in the volume of spam I saw last week, over the previous week (following the C&C servers at McColo being shut down).

Well, starting on Sunday night, November 30, 2008, I noticed another sudden decline in the amount of spam that was detected, classified and deleted by my spam filtering program, MailWasher Pro. This decline continues today, Monday, December 1, 2008. There is virtually no significant amount of spam arriving in any of my accounts. Being curious I did a little investigating and learned that the people running the Estonian ISP Starline Web Services, that temporarily hosted the Command-and-Control servers for the Srizbi botnet, has cut off those servers. This followed complaints from Estonia's Computer Emergency Response Team (CERT) and threats of total disconnection by the companies who supply the Internet IP connections to that ISP, and others in Estonia.

Note, that the ISP that was temporarily hosting the Srizbi C&C machines gets their IP addresses and Internet connectivity from a hosting company named Compic, which is known to CERT as a company that has been friendly to criminals who host malware on their websites. Many complaints have been filed with Compic concerning illegal activities by their customers, conducted on their servers and those of their downstream resellers. Reference.

Most of my readers are more concerned about repelling spam, than tracing it. I have written many articles offering filtering solutions involving MailWasher Pro, as well as website email filters that can be applied by people whose websites are hosted on cPanel control panels and Linux/Apache based servers. Just look in my recent posts links, in the right sidebar, or search this blog for the keywords "spam filters." But I seem to have overlooked one area of this spam-demic that deserves mentioning now. That area is your own computers and what unknown spam applications and scripts may be running on them.

The question every computer owner should be asking themselves, or their IT personnel, is: "Am I Botted?" What I mean by this is that every computer owner needs to scan for the presence of Bot infections on their PCs. Any operating system can become invaded by a Bot infection, either as an invisible rootkit or a visible process. Each OS will have tools available to its administrators to test for the presence of hostile applications (e.g. Snort). However, the rest of this article and the recommendations in it are meant for Windows based computer owners.

Continue reading "Srizbi Spam Botnet goes offline again!" »

Posted by Wiz at 6:27 PM | Permalink

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

Before I get into the various categories of spam received this week, I want to mention the fact that while the volume of spam is still down from October and early November, it is definitely on the rise, with a 10% increase from last week. The volume of spam had dropped to near zero a couple of weeks ago, due to the termination of service to a server co-location hosting company, named McColo. McColo's customers were responsible for over 75% of the daily spam sent from zombie computers in several major Botnets. The "zombie" computers in these Botnets were unable to receive instructions from their mothership controllers and had mostly fallen silent; but have now begun to awaken.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common types of spam this week is for fake watches and various pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. Spam for the fake "Canadian Pharmacy" remained strong as usual, but was surpassed for a second week by spam caught by my "Hidden ISO Subject" filter. Most of the Hidden ISO spam is for Indian Viagra or ineffective male enhancement pills and patches.

"Canadian Pharmacy" and it's offshoot "Canadian Health and Care Mall" is a scam website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The prescription drugs and herbal remedies promoted by the fake Canadian Pharmacy come from a lab in India, named after a flower. Those prescription drugs are illegal to import into the US or Canada and may be seized by postal inspectors upon arrival.

The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, Power Gain Plus, or other herbal enlargement formulas, all of which are scams. Male enhancement pills are totally ineffective and may even be dangerous to your health.

MailWasher Pro spam category breakdown for November 24 - 30, 2008. Spam amounted to 25% of my incoming email this week, with 74 spam messages analyzed.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Nov 24 - 30, 2008" »

Posted by Wiz at 2:26 PM | Permalink

On November 14, 2008, I published an article on my blog about how spam had dropped significantly following the shutdown of McColo, a server co-location hosting company. The reason for the huge drop in spam was because several of the World's largest and busiest Botnets had their Command and Control (C&C) servers housed and connected to the Internet by McColo. The C&C servers send instructions and spam templates to the Zombies under their control. When those C&C servers lost their connections to the Internet the Zombie computers in the Botnets they controlled all fell silent; becoming sleeper agents awaiting new instructions from new Controllers.

Today I began seeing an increase in the number of spam emails arriving in my spam screening program, MailWasher Pro. I did a little digging into security news and discovered that this increase is not a coincidence. Apparently, the so-called "Srizbi Botnet" has been rebuilding its C&C computers, which are now hosted in Estonia. Those C&C machines are now issuing instructions to the sleeping zombies, which are awakening and beginning to send out spam again. While researchers and detectives are able to identify the new locations of those C&C machines, shutting them down will be difficult, as the people hosting them and local Government officials could care less about the damage being done by the Botnets under their control.

Whether today's spam is coming from the Srizbi Botnet, or some other Botnet is unimportant to spam recipients. Unless you are a security researcher you are probably more interested in blocking this spam than in knowing who designed it and ordered it to be sent to you. I can help you do that, using special rules in a spam filtering program named MailWasher Pro. This can only be done if you read your email in a POP3 desktop email client, like Outlook, Outlook Express, Windows Live Mail, Apple Mail, Mozilla Thunderbird, etc. MailWasher Pro stands between the Internet email servers and your desktop email client, where it filters out spam, scams and virus threats, before downloading any messages to your desktop email client. If you are not already using MailWasher Pro you can read about it here and download a trial or purchase a copy for yourself.

The first prong in my attack against spam is to add wildcard email addresses, that spammers repeatedly forge as the sender, to the program's Blacklist. Blacklist rules are processed before other types of rules, so the wildcard addresses in the Blacklist will cut down a lot on the amount of unclassified spam you have to deal with. Open MailWasher Pro, click on the "View" menu item, then select "Filter Side Bar." The Filter Side Bar will appear on the right side of the program. It has three tabbed sections: "Friends List" and "Blacklist" and "Filters." Click on the "Blacklist" tab, then click on the round green "Add" button. A new "Add address to list" box will open. Click on the option "Wildcard expression." Copy and paste, or type in the following codes, one per Blacklist entry, then click OK to close each new entry box. Repeat the sequence for each of the six Blacklist additions listed below. The first two entries are very commonly matched right now.

kef+diz@+

lin+met@+.de

dw+m@+

_+@+.+

-+@+.+

+@mail.*ru

After saving these Blacklist Wildcard rules you must decide how you want MailWasher Pro to deal with the messages matching these expressions. While still in the mail Blacklist tab, click on the "Options" button. In the "Actions" section select "Delete the email." Just under that you can choose whether that happens manually, where you see the email flagged as "Blacklisted" in the incoming messages list, or if any messages matching those criteria are automatically deleted off the email server, on the spot. I use automatic deletion, as nobody I communicate with has an email prefix or suffix matching these criteria. To be safe, use manual deletion for a while, while listing (add to Friends list) any false detections, then switch to "Automatically, without notification" when you are confident in the accuracy of these (and other) Blacklist rules.

Next, go to my MailWasher Pro Custom Filters web page and scroll down to the iframe, in which one of my three versions of my custom MailWasher Pro filters will be loaded. Read the notes about each of these filters and choose the one that you prefer to use. You can either copy and paste the rules from the iframe into your own "filters.txt" file, or download the file, deposit it into the appropriate location, renaming it to filters.txt if required. MailWasher Pro keeps all user settings, filters and white/black lists in your logged-in identity's %AppData%\MailWasherPro folder. You may need to edit your Folder View settings to unhide hidden and system files and folders, and show known extensions, to see these files. You can also locate and open the data folder where the filters.txt lives by clicking on "Help" (with MailWasher Pro open), then "About," then click on the link to your application data files, at the bottom of the "About" box. More details about using my filters are found on the aforementioned Custom Filters web page.

Continue reading "Spam volume increasing as Srizbi Botnet is reactivated" »

Posted by Wiz at 4:20 PM | Permalink

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

Before I get into the various categories of spam received this week, I want to mention the fact that I saw a humongous drop in the volume of incoming spam analyzed by MailWasher Pro, beginning Tuesday, November 11 and continuing throughout this past week. It was on November 11, 2008, that Global Crossing and Hurricane Electric disconnected a server co-location hosting company named McColo from the Internet. McColo's customers were responsible for as much as 75% of the daily spam sent from zombie computers in several major Botnets. The "zombie" computers in these Botnets are unable to receive instructions from their mothership controllers and have mostly fallen silent; for now.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common types of spam this week is for fake watches and various pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. Spam for the fake "Canadian Pharmacy" remained strong as usual, but was surpassed this week by spam caught by my "Hidden ISO Subject" filter. Most of the Hidden ISO spam is for Indian Viagra or ineffective male enhancement pills.

"Canadian Pharmacy" and it's offshoot "Canadian Health and Care Mall" is a scam website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The prescription drugs and herbal remedies promoted by the fake Canadian Pharmacy come from a lab in India, named after a flower. Those prescription drugs are illegal to import into the US or Canada and may be seized by postal inspectors upon arrival.

The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, or other herbal enlargement formulas, all of which are scams. Male enhancement pills are totally ineffective and may even be dangerous to your health.

MailWasher Pro spam category breakdown for November 17 - 23, 2008. Spam amounted to a mere 15% of my incoming email this week, with only 44 spam messages analyzed.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Nov 17 - 23, 2008" »

Posted by Wiz at 1:40 AM | Permalink

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

Before I get into the various categories of spam received this week, I want to mention the fact that I saw a large drop in the volume of incoming spam analyzed by MailWasher Pro, beginning Tuesday, November 11. It was during the afternoon of November 11, 2008, that Global Crossing and Hurricane Electric disconnected a server co-location hosting company named McColo from the Internet. McColo's customers were responsible for as much as 75% of the daily spam sent from zombie computers in several major Botnets. Spam began diminishing on Tuesday and continues to drop today. A BIG THANKS goes to HostExploit and it's research partners who compiled evidence over a more than two year period, that led to the termination of McColo's connectivity to the Internet. I recently published an article about how the volume of spam dropped when McColo was disconnected from the Internet.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common types of spam this week is for fake diplomas and various pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. Spam for the fake "Canadian Pharmacy" continues to dominate all spam categories. This type of spam had decreased last month, after the arrest and indictment of some of the people behind these scams. Unfortunately, other criminals have taken up the slack and continue to promote their own "Canadian Pharmacy."

"Canadian Pharmacy" and it's offshoot "Canadian Health and Care Mall" is a scam website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The prescription drugs and herbal remedies promoted by the fake Canadian Pharmacy come from a lab in India, named after a flower. Those prescription drugs are illegal to import into the US or Canada and may be seized by postal inspectors upon arrival.

The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, or other herbal enlargement formulas, all of which are scams. Male enhancement pills are totally ineffective and may even be dangerous to your health.

MailWasher Pro spam category breakdown for November 10 - 16, 2008. Spam amounted to 49% of my incoming email this week, with 229 spam messages analyzed.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Nov 10 - 16, 2008" »

Posted by Wiz at 1:43 PM | Permalink

My incoming volume of Spam email has dwindled this week, steadily, since Tuesday, November 11. I have waited a few days to write about this in order to see how matters played out. Interestingly, Tuesday was also Veterans' Day in the USA and Armistice Day around the World. Coincidentally, there was a temporary armistice between the senders of spam and the targets of their spam messages. This armistice occurred around 1:30 PST in San Jose, California, USA.

Something major happened on Tuesday, November 11, 2008, that resulted in the huge drop in the volume of spam hitting my MailWasher Pro spam filtering program. It was on Tuesday afternoon, November 11, 2008, that Internet Backbone and Colocation Provider Hurricane Electric and global IP-based network Global Crossing terminated their Internet peering connections to the web server colocation hosting company known as McColo Corporation, located in San Jose, California. They did this after being presented with irrefutable evidence of long-term extreme badness being conducted by the hosting customers of McColo. It is estimated that up to 75% of the spam sent out on a daily basis is run by Command and Control servers hosted on machines at McColo's facilities. Without being commanded to receive new spam templates and then send out spam runs, the zombie PCs in numerous Botnets fell silent over the last few days.

This badness conducted by the McColo customers includes various unfriendly and illegal activities, including, but not limited to the following:

• Hosting distribution machines for malware executables and browser exploits, to be served to innocent web surfers drawn there by trickery, to infect their computers with Trojans and make them members of botnets.


• Command and Control over the World's most prolific Botnets, the members of which are remotely controlled to send spam, host malware laden web pages, or launch denial of service attacks on behalf of the Bot Masters.


• Hosting fake anti virus and rogue anti spyware scanners, used to scam victims into paying for useless removal programs. The so-called removal programs in fact only remove the pop-up notices, or balloon messages, or phony screensavers or desktop backgrounds that are made to resemble a Windows BSOD. They operate in collusion as a tandem infection.


• Hosting Phishing web sites that steal login credentials from banking customers, then empty their bank accounts, or make unauthorized purchases with their stolen credit card accounts.


• Hosting of illegal child pornography.


• Hosting of payment portals and systems by means of which cyber criminals receive payments.


• Hosting servers that are used to store information stolen by means of Phishing or Dictionary attacks against innocent parties.


• Databases containing the names and locations of Bot Masters, cyber criminals, pornographers and spammers.


• The hosting of fake pharmacy websites and payment systems.


• Launching DDoS attacks against the Republic of Georgia infrastructure and Government websites, and against other legitimate governments and companies.

The cyber criminals whose servers were taken offline when McColo went dark will eventually find other places to operate their servers and will rebuild their illegal businesses. In the meantime, you and I can enjoy a few days relief from the constant onslaught of spam that paralyzes our inboxes everyday. I can only hope that this shutdown will be a major inconvenience to them and will cost them a lot of time and money to rebuild. You and your friends can do your part by deleting all spam messages and by never ever buying anything that is spamvertised!

If you are in need of an effective spam filtering program that sits ahead of your email client, I use and recommend MailWasher Pro. MailWasher Pro intercepts your incoming POP3 email and filters out spam before you download it to your desktop email application.

Posted by Wiz at 4:42 PM | Permalink

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common types of spam this week is for pirated software, fake diplomas and various pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. This week I saw another resurgence in the amount of spam for the fake "Canadian Pharmacy." This type of spam had decreased after the arrest and indictment of some of the people behind these scams.

"Canadian Pharmacy" and it's offshoot "Canadian Health and Care Mall" is a scam website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The prescription drugs and herbal remedies promoted by the fake Canadian Pharmacy come from a lab in India, named after a flower. Those prescription drugs are illegal to import into the US or Canada and may be seized by postal inspectors upon arrival.

The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, or other herbal enlargement formulas, all of which are scams. Male enhancement pills are totally ineffective and may even be dangerous to your health.

MailWasher Pro spam category breakdown for November 3 - 9, 2008. Spam amounted to 50% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Nov 3 - 9, 2008" »

Posted by Wiz at 3:28 PM | Permalink

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week (again) is pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. This week I saw a big decrease in the amount of spam for the fake "Canadian Pharmacy." This is a scam website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, or other herbal enlargement formulas, all of which are scams.

MailWasher Pro spam category breakdown for October 20 - 26, 2008. Spam amounted to 67% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Oct 20 - 26, 2008" »

Posted by Wiz at 3:18 PM | Permalink

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week (again) is pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. At this time almost all spam email for any kind of pharmaceuticals is pointing to the fake "Canadian Pharmacy" website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, or other herbal enlargement formulas, all of which are scams.

For those who don't know, "Canadian Pharmacy" is a fake pharmacy, with fake accreditation banners, that is either hosted on compromised home or office computers (in Bot-nets), or on "bullet-proof" web hosting servers in Panama (200.63.40/21), China (CNCGROUP - 218.60.0.0/15), Korea, Vietnam, Romania, Russia, or The Ukraine. The Canadian Pharmacy spam gang sells counterfeit drugs that could harm or even kill you, but certainly won't help you in the manner advertised. This fake pharmacy is used by cyber criminals to raise money for themselves and to fund illegal activities that they engage in. Once they get your credit or debit card number they may max out your spending limit, or empty out bank account, or sell your credit card details to other criminals. Please do not be deceived into thinking that these are legitimate online pharmacies. Despite any banners, labels, or claims to the contrary, they are NOT approved to sell their (counterfeit) pills in most countries outside of China. Don't become a victim of the fake Canadian Pharmacy scam.

MailWasher Pro spam category breakdown for October 13 - 19, 2008. Spam amounted to 61% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Oct 13 - 19, 2008" »

Posted by Wiz at 1:45 PM | Permalink

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week (again) is pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. At this time almost all spam email for any kind of pharmaceuticals is pointing to the fake "Canadian Pharmacy" website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, or other herbal enlargement formulas, all of which are scams.

For those who don't know, "Canadian Pharmacy" is a fake pharmacy, with fake accreditation banners, that is either hosted on compromised home or office computers (in Bot-nets), or on "bullet-proof" web hosting servers in Panama (200.63.40/21), China (CNCGROUP - 218.60.0.0/15), Korea, Vietnam, Romania, Russia, or The Ukraine. The Canadian Pharmacy spam gang sells counterfeit drugs that could harm or even kill you, but certainly won't help you in the manner advertised. This fake pharmacy is used by cyber criminals to raise money for themselves and to fund illegal activities that they engage in. Once they get your credit or debit card number they may max out your spending limit, or empty out bank account, or sell your credit card details to other criminals. Please do not be deceived into thinking that these are legitimate online pharmacies. Despite any banners, labels, or claims to the contrary, they are NOT approved to sell their (counterfeit) pills in most countries outside of China. Don't become a victim of the fake Canadian Pharmacy scam.

MailWasher Pro spam category breakdown for Sept 29 - October 5, 2008. Spam amounted to 54% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Oct 6 - 12, 2008" »

Posted by Wiz at 2:22 PM | Permalink

I got the idea for this article while reading through various recent Craigslist items listed for sale in my city; Flint, Michigan. The listing that got my attention is: W. H. Turner Bronze "Fox and Goose" Sculpture, which was listed on October 8, 2008. According to the description of this item, it is a numbered bronze sculpture of "a fox diving after a fleeing goose and catching it by its tail feathers," and would be of interest to collectors of such things.

So, what has a bronze sculpture got in common with scammers and spammers? Plenty! Like a hungry sly fox, scammers and spammers craft their ploys to enable them to sneak up on their intended victims, striking when the victim is in a vulnerable position. Much of the spam and scams that I catch in my spam traps is crafted to catch people off-guard by playing on their inadequacies or curiosity. The subjects and body text are designed to fool gullible recipients into thinking that the links in those spam email messages can bring them something they are lacking, or to show them a video that is titillating, or sensational in content.

This is sucker bait. All of these things being advertised via spam emails (I call them Spamvertised) are scams and are meant to either steal your money or credit, or sell you counterfeit drugs, shoes, or watches, or to trick you into installing a Trojan Horse application onto your computer. Think of the web surfing general public as being akin to free-spirited geese, searching the World Wide Waters for knowledge and goodies, and criminal spammers as foxes - looking to turn them into prey.

So, the next time you get a spam email offering you incredible discounts on Viagra, Cialis, herbals, male enhancement products, or unsecured loans, or cheap "Bling" from counterfeit goods, or sensational videos of phony news or imaginary events involving actors or recording artists, or alarming messages supposed coming from a financial institution you may deal with, think twice or three times before you click on the links in those messages. The criminal minds behind these spam blasts are like foxes. They are sneaky and use stealth to trap their intended victims. They do not come in peace. They want to steal from you. If you are tricked into purchasing something spamvertised chances are very high that your credit or debit card information is in the hands of criminals. They may use it themselves, and/or sell it to the highest bidder, on special chat forums frequented by members of the spam underground. Buy from a spammer and your "goose" is going to be cooked. The fox has your account by the tail, like the fox in the sculpture gets the goose.

My own solution - and suggestion for you - is to use MailWasher Pro to filter out spam email before you download it to your email client. The program is very effective at recognizing spam, using a built-in learning filter, consulting online databases of known spam senders and domains, and custom written spam filter rules, many of which I write and publish.

Posted by Wiz at 12:42 AM | Permalink

For the past several weeks I have seen a huge increase in the volume of spam email promoting the fake Canadian Pharmacy. I write about it in my weekly reports about the classifications of spam, according to the anti-spam program MailWasher Pro and my custom MailWasher spam filters.

Whenever a spam email makes it through my automatic deletion spam filters I analyze it's contents and add the appropriate words or regular expressions to existing filter rules, or create new ones. Since most spam messages contain links to the spamvertised websites I will perform a stealth investigation of the website in the spam links. So far, all of the links in a recent spate of fake Fox News spam email lead to the fake Canadian Pharmacy. There is also a huge amount of spam the begins with the words Canadian Pharmacy.

Each day, or multiple times per day, the links point to a different website where the spamvertised pharmacy resides. So, I lookup the domains every now and then, using commercial Whois tools. Sometimes the fake pharmacy is located on a zombie computer in a Botnet. These are easy to spot because the header of the website reveals that it is running on the Nginx web server. Nginx is a tiny http server, made in Russia, and a favorite tool for use by Russian criminals to install on zombie machines under their control. But, not all Whois reports lead to zombies.

A large number of Whois IP traces in Canadian Pharmacy and Male Enhancement scams now lead to websites hosted on PanamaServer.com. This server farm is a new favorite place for spamvertised websites, phishing website, malware hosting and other dodgy goings on. Normally, one would not even know about the existence of PanamaServer unless they rented space on them to do business, or did Whois lookups of spam domains. But all that changed today for me, in another way.

I read my raw access logs every day, looking for sources of abuse, or referring domains, or other matters of interest to a Webmaster. Today's log revealed a long list of hits from somebody trying to harvest my entire website and trying to post spam comments via my contact form (failed due to my security implementation). All of these hits came from one IP address: 200.63.42.91, which the Whois reports as belonging to PanamaServer.com. The IP range (CIDR) assigned to this company is 200.63.40.0/22, ranging from 200.63.40.0 to 200.63.43.255. I have added that CIDR to my published Exploited Servers Blocklists, in .htaccess form and in iptables form. If you have an Apache based website you can block this domain and all spammers and scammers operating through websites hosted there. Just add 200.63.40.0/22 to your deny from list in .htaccess, or to the iptables list. Or, just download my Exploited Servers blocklist in the format you can use and install the entire blocklist. You will be protected against a huge number of exploited servers.

In case you don't know which list applies to your server, here's how to decide. If you are the administrator of the server and have root access to the Linux operating system, go with the iptables blocklist. If you are a customer on a shared hosting server, you must use the .htaccess blocklist. Full instructions for use are included on each blocklist.

I also maintain other country wide blocklists, in both .htaccess and iptables form. The landing pages for these blocklists are found at htaccess-blocklists.html and at iptables-blocklists.html.

Posted by Wiz at 4:24 PM | Permalink

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week (again) is pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. The most common spam subject and message body text included or started with the words "Canadian Pharmacy" along with fake Fox News Newsletters, with all of the links going to a fake Canadian Pharmacy website, hosted unknowingly on hijacked (Botnetted) personal computers.

For those who don't know, "Canadian Pharmacy" is a fake pharmacy, with fake accreditation banners, that is either hosted on compromised home or office computers (in Bot-nets), or on "bullet-proof" web hosting servers in Panama, China, Korea, Vietnam, Romania, Russia, or The Ukraine. The Canadian Pharmacy spam gang sells counterfeit drugs that could harm or even kill you, but certainly won't help you in the manner advertised. This fake pharmacy is used by cyber criminals to raise money for themselves and to fund illegal activities that they engage in. Once they get your credit or debit card number they may max out your spending limit, or empty out bank account, or sell your credit card details to other criminals. Please do not be deceived into thinking that these are legitimate online pharmacies. Despite any banners, labels, or claims to the contrary, they are NOT approved to sell their (counterfeit) pills in most countries outside of China. Don't become a victim of the fake Canadian Pharmacy scam.

MailWasher Pro spam category breakdown for Sept 29 - October 5, 2008. Spam amounted to 53% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Sept 29 - Oct 5, 2008" »

Posted by Wiz at 3:12 PM | Permalink

As many of you know, I write and publish custom spam filters for the anti-spam program named MailWasher Pro. In addition to publishing my custom MailWasher Pro filters on my own website, I have a thread about them on the new Firetrust MailWasher Forum. The title and location is: Wizcrafts Custom MailWasher Pro Filters discussed here.

For the curious who are not yet using MailWasher Pro, you can read about it on my MailWasher Pro web page. There are links there to try it or buy it. There is a one time fee of $39.95 US to license the program and all updates to the program itself are then free for life. It does have an included reporting service called FirstAlert! that is subscription based, but is purely optional. All new purchasers get the first year of FirstAlert! for free.

The spam filters used by MailWasher Pro (MWP) are in plain test and are stored in a file named: filters.txt. That file, along with the blacklist (and friends list), the bayesian learning filter database and other personalized files are stored separately from the program itself, inside your user profile, under Application Data, or AppData for Vista users. That location depends on which version of Windows you are using. If you don't already know about the location of your application data, open the Run box by pressing the "Windows" key + R together and when the Run box opens, type in : %AppData% and press Enter. If you are notified that the contents are hidden, click on the link to Show these files, and/or modify your Folder View options to Display hidden files and folders and to not hide known file type extensions.

Once you open your personal identity's Application Data (or AppData) directory, look for the MailWasherPro subdirectory. Your own filters.txt and blacklist.txt files, spamlog.txt and the learning filter database are all inside that location. To edit filters.txt, or to use my custom downloadable filters you must first close MailWasher Pro, or your changes will be overwritten.

Download MailWasher Pro Here

Some things to keep in mind when editing filters.txt are as follows:

• Every rule starts with either [enabled] or [disabled]


• Every rule starts on a new line and occupies one long line of code.


• you must not have any blank spaces after the end of any rule.


• There must not be any blank lines between rules.


• MWP will add a single line feed to the last rule if none is present in your custom filters.


• Comments are proceeded with double forward slashes: // and will be overwritten with the default comments after the program opens and closes.


• Pay careful attention to double quotes (") in your rules. A misplaced quote will cause that rule to be deleted when the program opens! If there are spaces between words or regular expressions, you must enclose that segment inside double quotes. If there are bouble quotes in the rule you must add another double quote to each one, thus "escaping" them.


• If in doubt you should use the custom filter wizard to add data to fields and select your desired actions. The wizard will add the necessary quotes for you and the correct terminology for matching conditions. You can then open your filters.txt and see how the rule looks in the list.

Posted by Wiz at 12:47 PM | Permalink

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week (again) is pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. The most common spam subject and message body text included or started with the words "Canadian Pharmacy."

For those who don't know, "Canadian Pharmacy" is a fake pharmacy, with fake accreditation banners, that is either hosted on compromised home or office computers (in Bot-nets), or on "bullet-proof" web hosting servers in China, Korea, Vietnam, Romania, Russia, or The Ukraine. The Canadian Pharmacy spam gang sells counterfeit drugs that could harm or even kill you, but certainly won't help you in the manner advertised. This fake pharmacy is used by cyber criminals to raise money for themselves and to fund illegal activities that they engage in. Once they get your credit or debit card number they may max out your spending limit, or empty out bank account, or sell your credit card details to other criminals.

The runner up subject begins with"from" followed by fake first and last names. The body text often contains "Canadian Pharmacy" or "CanadianRX," or other words alluding to pharmaceuticals, and leads to compromised computers running the Russian Nginx server software, unbeknownst to their owners. Those zombie computers are used to host the fake Canadian Pharmacy website. My spam log also showed a large number of other repetitive pharmaceutical subjects, such as: Doctor Approved and Recommended, Enlarge, Very discreet shipping and billing, and RE: Message (5 to 7 numbers). Please do not be deceived into thinking that these are legitimate online pharmacies. Despite any banners, labels, or claims to the contrary, they are NOT approved to sell their (counterfeit) pills in most countries outside of China. Don't become a victim - delete all spam on sight!

Other categories of spam that rated a sizable percentage included unsecured loans, credit cards, or debt reduction. Common Subject words include "Refinance" or "Loans." These are scams. No legitimate company ever uses spam sent through botnets to advertise its financial services! Never, ever, ever buy anything that is "spamvertised!"

MailWasher Pro spam category breakdown for Sept 22 - 28, 2008. Spam amounted to 53% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Sept 22 - 28, 2008" »

Posted by Wiz at 2:12 PM | Permalink

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of spam messages.While spam is an annoyance to most people, it is combat for me. I publish custom filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week (again) is pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. The most common spam subject included or started with the words "Canadian Pharmacy."

For those who don't know, "Canadian Pharmacy" is a fake pharmacy, with fake accreditation banners, that is either hosted on compromised home or office computers (in Bot-nets), or on "bullet-proof" web hosting servers in China, Korea, Vietnam, Romania, Russia, or The Ukraine. The Canadian Pharmacy spam gang sells counterfeit drugs that could harm or even kill you, but certainly won't help you in the manner advertised. This fake pharmacy is used by cyber criminals to raise money for themselves and to fund illegal activities that they engage in.

The runner up subject begins with"from" followed by fake first and last names. The body text often contains "Canadian Pharmacy" or "CanadianRX," or other words alluding to pharmaceuticals, and leads to compromised computers running the Russian Nginx server software, unbeknownst to their owners. Those zombie computers are used to host the fake Canadian Pharmacy website.

Other categories of spam that rated a sizable percentage included unsecured loans, credit cards, or debt reduction. Common Subject words include "Refinance" or "Loans." These are scams. No legitimate company ever uses spam sent through botnets to advertise its financial services! Never, ever, ever buy anything that is "spamvertised!"

MailWasher Pro spam category breakdown for Sept 15 - 21, 2008. Spam amounted to 56% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Sept 15 - 21, 2008" »

Posted by Wiz at 3:16 PM | Permalink

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of spam messages.While spam is an annoyance to most people, it is combat for me. I publish custom filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week (again) is pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. The most common spam subject included or started with the words "Canadian Pharmacy."

For those who don't know, "Canadian Pharmacy" is a fake pharmacy, with fake accreditation banners, that is either hosted on compromised home or office computers (in Bot-nets), or on "bullet-proof" web hosting servers in China, Korea, Vietnam, Romania, Russia, or The Ukraine. The Canadian Pharmacy spam gang sells counterfeit drugs that could harm or even kill you, but certainly won't help you in the manner advertised. This fake pharmacy is used by cyber criminals to raise money for themselves and to fund illegal activities that they engage in.

The runner up subject begins with"from" followed by fake first and last names. The body text also contains "Canadian Pharmacy, or other words alluding to pharmaceuticals, and leads to compromised computers running the Russian Nginx server software, unbeknownst to their owners. Those zombie computers are used to host the fake Canadian Pharmacy website.

Other categories of spam that rated a sizable percentage included unsecured loans, credit cards, or debt reduction. These are scams. No legitimate company ever uses spam sent through botnets to advertise its financial services! Never, ever, ever buy anything that is "spamvertised!" Replica watches also kept showing up in measurable spam numbers this week. All of the spam and scams were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted. I never have and never will buy anything that is Spamvertised!

MailWasher Pro spam category breakdown for Sept 8 - 14, 2008. Spam amounted to 53% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 4:10 PM | Permalink

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week (again) is male enhancement products, Viagra, Cialis and other drugs. The most common spam subject was "Solution for your sexual problems," or something including the words "Canadian Pharmacy."

For those who don't know, "Canadian Pharmacy" is a fake pharmacy, with fake accreditation banners, that is either hosted on compromised home or office computers (in Bot-nets), or on "bullet-proof" web hosting servers in China, Korea, Vietnam, Romania, Russia, or The Ukraine. The Canadian Pharmacy spam gang sells counterfeit drugs that could harm or even kill you, but certainly won't help you in the manner advertised.

The runner up again is spam for unsecured loans, credit cards, or debt reduction. These are scams. No legitimate company ever uses spam sent through botnets to advertise its financial services! Never, ever, ever buy anything that is "spamvertised!" Exploit video links and replica watches also kept showing up in measurable spam numbers this week. All of the spam and scams were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted. I never have and never will buy anything that is Spamvertised!

MailWasher Pro spam category breakdown for Sept 1 - 7, 2008. Spam amounted to 56% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 2:10 PM | Permalink

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week is male enhancement products and drugs. The most common spam subject was "Solution for your sexual problems."

The runner up was spam for loans or debt reduction. These are mostly scams. No legitimate company ever uses spam sent through botnets to advertise its financial services! Never, ever, ever buy anything that is "spamvertised!"

MailWasher Pro spam category breakdown for August 25 - 31, 2008. Spam amounted to 53% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 2:34 PM | Permalink

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common email threat this week is male enhancement products. Previously, it was Trojan Video exploit links. These messages either have fake news headlines, or use the names of famous actresses in the subject, with ludicrous or nasty claims about their activities. The message body may contain links to read more, view or play a video, or even have a pornographic image of the actress whose name is used in the subject. All either have links to exploit web pages, or to directly download a Trojan file.

If you have clicked on one of these Trojan download links you may have either knowingly, or unknowingly allowed a hostile file to be installed, and are probably in need of the services of an up-to-date anti-spyware program to disinfect your PC. I recommend Spyware Doctor, from PC Tools, because it specializes in spyware detection and removal, and is updated very frequently. As Spyware tools go, Spyware Doctor is one of the top rated in the industry. Symantec also thinks that PC Tools makes great security programs and just bought the company. However, PC Tools will continue to market Spyware Doctor on its own, so you are assured of continuing updates and support..

MailWasher Pro spam category breakdown for August 18 - 24, 2008. Spam amounted to 47% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 1:32 PM | Permalink

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category; "Other."

The most prevalent social engineering email threat continues to be a video exploit link scam that has a subject and sender containing the words "Breaking Alert" or "Breaking News." This threat is sent from a humongous botnet, and has transformed from claiming to be a CNN "My Custom Alert," to an "msnbc.com Breaking News," to the current just "Breaking News." All of these contain lines about fake breaking news stories, and all contain disguised links to a compromised web site hosting a payload named "get_flash(_update).exe" - or a variation thereof. This is not the real Adobe Flash Player, but a fake Video Codec, containing malware that has been identified as being either a "Tibs," "Zlob," or "Storm/Nuwar" Trojan variant. If you are lured to a web page containing such a link (mouse-over links to see their destination in your browser's status bar, on the bottom), and you survive the automatic attempts to exploit browser vulnerabilities, do not click on the download links offered to you! There may be a pop-up message claiming you require a video codec, or ActiveX Object to view a news story, but it is a trick to fool you into self-installing the Trojan.

If you have clicked on one of these Trojan download links and allowed the file to be installed, you are probably in need of the services of an up-to-date anti-spyware program. I recommend Spyware Doctor, from PC Tools, because it specializes in spyware detection and removal, and is updated very frequently. As Spyware tools go, Spyware Doctor is one of the top rated in the industry. It gets the job done where others fail.

MailWasher Pro spam category breakdown for August 11 - 17, 2008. Spam amounted to 47% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Aug 11 - 17, 2008" »

Posted by Wiz at 2:48 PM | Permalink

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category; "Other."

The most recent social engineering email threat is a video exploit link spam that has a subject and sender containing the words "CNN Alerts: Custom Alert," which contains a link to a web page hosting a payload named "get_flash(_update).exe" - or a variation thereof. This is serious malware that has been identified as being either a "Tibs," "Zlob," or "Storm/Nuwar" Trojan variant. If you are lured to a web page containing such a link (mouse-over links to see their destination in your browser's status bar, on the bottom), and you survive the automatic attempts to exploit browser vulnerabilities, do not click on the download links offered to you! There may be a pop-up message claiming you require a video codec, or ActiveX Object to view a news story, but it is a trick to fool you into self-installing the Trojan.

MailWasher Pro spam category breakdown for August 4 - 10, 2008. Spam amounted to 45% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 12:26 PM | Permalink

I'm writing this two days late, due to other commitments over the weekend.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category; "Other."

For the last couple of weeks most of the spam/scam email I saw or auto-deleted, was in the form of ludicrous news headlines in the subject and body and a single link to website where your computer is bombarded with multiple exploits. Should your computer be too well protected to fall for the automatic exploits there is one left trick that is netting as many victims as the auto-exploits do. The web page presents you with a fake PornTube or YouTube player containing a notice that you must click to download a missing video codec to play the movie. Of course, the only thing downloaded when one clicks on the image is a copy of a Trojan installer file and your computer instantly becomes a Zombie member of a Botnet.

The most recent spate of video exploit link spam has a subject and sender containing the words "Daily Top 10" and has multiple stacked lines of "news" links, all leading to a single web page with a payload named "get_flash_update.exe" - or a variation thereof. This is malware that has been identified as being either a "Zlob" or "Storm/Nuwar" Trojan variant. If you are lured to a web page containing such a link (mouse-over links to see their destination in your browser's status bar, on the bottom), and you survive the automatic attempts to exploit browser vulnerabilities, do not click on those executable links!

MailWasher Pro spam category breakdown for July 28 - August 4, 2008 (one extra day). Spam amounted to 42% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 11:59 AM | Permalink

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category; "Other."

For the last couple of weeks much of the spam/scam email I saw or auto-deleted, was in the form of ludicrous news headlines in the subject and body and a single link to website where your computer is bombarded with multiple exploits. Should your computer be too well protected to fall for the automatic exploits there is one left trick that is netting as many victims as the auto-exploits do. The web page presents you with a fake PornTube or YouTube player containing a notice that you must click to download a missing video codec to play the movie. Of course, the only thing downloaded when one clicks on the image is a copy of a Trojan installer file and your computer instantly becomes a Zombie member of a Botnet.

MailWasher Pro spam category breakdown for July 21 - 27, 2008. Spam amounted to 45% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 3:16 PM | Permalink

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category; "Other."

I want to make mention that the largest type of spam/scam I saw this week is from the Storm Botnet, in the form of ludicrous news headlines in the subject and body and a single link to website where your computer is bombarded with multiple exploits. Should your computer be too well protected to fall for the automatic exploits there is one left trick that is netting as many victims as the auto-exploits do. The web page presents you with a fake PornTube or YouTube player containing a notice that you must click to download a missing video codec to play the movie. Of course, the only thing downloaded when one clicks on the image is a copy of the Storm Trojan installer file and your computer instantly becomes a Zombie member of the Storm Botnet.

MailWasher Pro spam category breakdown for July 14 - 20, 2008. Spam amounted to 44% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 2:00 PM | Permalink

Note: Updated on July 20, 2008, with new information

There is a surge going on right now in the amount of spammed email messages being blasted out by Botnets, with ludicrous news headlines in the Subjects. The subjects try to tempt you to read the message, then click on the enclosed link to read the details about the subject, or some other alleged news story. The headlines are sucker bait, with a nasty payload at the other end of the links contained in the message bodies.

Different from any news flashes to which you may actually subscribe, these arrived unsolicited in your inbox, from unknown, forged sender names and addresses and from domains you have to relationship with. Many are sent using forged .de (German) domains in the From address, in addition to .it, .ru and others.

If you hold your mouse pointer over the links in these messages you will see a lot of domains extensions for various countries around the World. Some I have seen just today include .de, .it, .fr and .ru. The domain name is followed by a forward slash (/) and a file name. The initial spam run file name was "main.html" (e.g. example.com/main.html). Other Trojan link file names have already appeared, such as "start.html" and "news.html." If you were to go to those domains in the links, using "wannabrowser," with "follow redirects" unchecked, you would see that many of the first responding domains are hosted on hacked Microsoft IIS servers. They all contain meta redirect tags that forward normal browsers to another domain, usually a zombie PC in the Storm Botnet, or a web site hosted in China or Russia. Once you arrive there your browser gets assaulted by numerous hostile JavaScript codes and iframe exploits. Should all those fail to automatically exploit your computer they supply self-infection links!

And what method do they employ to get you to click on these links to infect your own computer? The bait is a fake, look-alike "Porntube" video player that requires a special video "codec" to play the free sample movie. They even provide fake reviews under the fake player placeholder, from make-believe happy viewers before you! These guys are professionals and very good at the Con Game they are playing.

The payload file name may vary, but so far I have seen "video.exe," "watch.exe" and "view.exe" as the name of the payload file it delivers. That file is actually the "Storm Trojan" and it is infecting unprotected computers, or gullible computer owners, all around the World.

If you know, or suspect that you have become a victim of the Storm, or any other Trojan, you should obtain legitimate anti-malware software and scan for and remove all threats, after updating the program with the latest definitions. I use Spybot Search and Destroy, which is updated weekly and is totally free, but which you must remember to update manually and scan manually. It is one of my routine tasks that I do on Wednesdays, when the Spybot S&D definition updates are released.

Most people don't want to mess with security programs that they have to micro manage every time they want to use them. For you folks a commercial application makes more sense. While I know of many security products and have ads for them I am leaning towards Trend Micro Internet Security now. Their existing program used to be called PC-cillin and is well respected in the anti virus field. But, they are venturing where no man has gone before: to the Cloud!

I'll tell you more about this new development soon. For now, if you need a really solid anti-virus | anti-spyware | anti phishing | and anti-spam solution, you will not go wrong with Trend Micro Internet Security 2008. As a favor to my readers, enter coupon code TrendIS08 during your purchase and I'll save you 10% off the going rate!

Till next time, practice safe hex !

Posted by Wiz at 3:16 PM | Permalink

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category; "Other."

MailWasher Pro spam category breakdown for July 7 - 13, 2008. Spam amounted to 53% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 12:44 PM | Permalink

"Stupid Russian Blog Spammers Still Wasting Their Time" makes for a catchy, surreal title, but it's true. The same country that produced the brilliant criminal masterminds behind the Storm and Grisbi Worms has also produced some of the stupidest blog spammers to ever set finger to keyboard!

Let me explain what I am referring to regarding stupid blog spammers. First of all, look up in the upper right corner of this blog, just under the Google search field. Here's what it says in capital letters: "SORRY: NO COMMENTS, NO TRACKBACKS!" That should be self explanatory to almost anybody who can read English words, including people intent on spamming a blog such as this one, using English words. You know the crap I'm talking about; links to buy unlicensed or illegal drugs or herbal solutions, to cure "ED" or enlarge one's "natural size." When I first started this blog I did allow trackbacks and comments and that is what I was getting submitted, all in English and all traced to Russian and Ukrainian IP addresses.

As soon as I realized that only blog spammers were trying to comment on my blog I decided to disable the codes and modules that allowed comments and trackbacks. Still, these idiots in Russia and the Ukraine continued trying to POST comments and trackbacks to the now disabled modules that used to handle those functions. This led me to write three articles about these incidents, during the spring and summer of 2007. Their names and links to them are as follows:

1. Stupid Blog Trackback Spammers Don't Understand Server 403 Responses


2. Russian and Ukrainian Blog Spammers are STUPID!


3. Blog spammers still wasting their time tying to spam this unspammable blog

Anyway, insults to the enemy aside (it feels good though!), I never see the comments they are typing, just an access log entry containing a 403 Forbidden, or 302 redirect back to their own websites (lol). My Apache-based, shared-hosting web server is protected with a custom ".htaccess" file that contains my entire, now-famous, "Russian Blocklist!" Many webmasters are using this blocklist to keep Russian and Turkish spammers and hackers from accessing their web sites.

If your web site and blog is hosted on a shared Apache/Linux based web server and you want to block access to IP addresses in the former Soviet Union and Turkey, just download my Russian .Htaccess Blocklist and either use it as your new .htaccess file, or merge the "deny from" list into your existing .htaccess. Full instructions are included on my .htaccess blocklists landing page and on each blocklist page. The landing page has links to all of my existing .htaccess IP blocklists (Chinese, Nigerian, Russian and Exploited Servers), as well as my iptables Linux firewall blocklist equivalents.

An actual access log entry and codes you can use to block web site access to these people, are in my extended content.

Continue reading "Stupid Russian Blog Spammers Still Wasting Their Time" »

Posted by Wiz at 6:28 PM | Permalink

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category; "Other."

MailWasher Pro spam category breakdown for June 30 - July 6, 2008. Spam amounted to 51% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 2:00 PM | Permalink

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category; "Other."

MailWasher Pro spam category breakdown for June 23 through 29, 2008.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 3:25 PM | Permalink

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

In the beginning of this series I was using MailWasher Pro filters exclusively, to detect and delete incoming spam email. Since then I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page. I am no longer stating the overall percentage of spam to good email, due to the huge effect my cPanel mail server filters on reducing the overall volume of junk mail. What does get through my server filters is still representative of what types of spam others are seeing and the same categories occupy the top positions for me as they do for you.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category.

Download MailWasher Pro Here

MailWasher Pro spam category breakdown for June 16 through 22, 2008.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 3:08 PM | Permalink

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

In the beginning of this series I was using MailWasher Pro filters exclusively, to detect and delete incoming spam email. Since then I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page. I am no longer stating the overall percentage of spam to good email, due to the huge effect my cPanel mail server filters on reducing the overall volume of junk mail. What does get through my server filters is still representative of what types of spam others are seeing and the same categories occupy the top positions for me as they do for you.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category.

Download MailWasher Pro Here

MailWasher Pro spam category breakdown for June 9 through 15, 2008.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 11:49 AM | Permalink

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

In the beginning of this series I was using MailWasher Pro filters exclusively, to detect and delete incoming spam email. Since then I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page. I am no longer stating the overall percentage of spam to good email, due to the huge effect my cPanel mail server filters on reducing the overall volume of junk mail. What does get through my server filters is still representative of what types of spam others are seeing and the same categories occupy the top positions for me as they do for you.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category.

Download MailWasher Pro Here

MailWasher Pro spam category breakdown for June 2 through 8, 2008.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 1:27 PM | Permalink

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

In the beginning of this series I was using MailWasher Pro filters exclusively, to detect and delete incoming spam email. Since then I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page. I am no longer stating the overall percentage of spam to good email, due to the huge effect my cPanel mail server filters on reducing the overall volume of junk mail. What does get through my server filters is still representative of what types of spam others are seeing and the same categories occupy the top positions for me as they do for you.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category.

Download MailWasher Pro Here

MailWasher Pro spam category breakdown for May 26 through June 1, 2008.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 3:06 PM | Permalink

After taking a few weeks off from reporting my spam categories I thought I would resume the exercise today. This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

In the beginning of this series I was using MailWasher Pro filters exclusively, to detect and delete incoming spam email. Since then I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page. I am no longer stating the overall percentage of spam to good email, due to the huge effect my cPanel mail server filters on reducing the overall volume of junk mail. What does get through my server filters is still representative of what types of spam others are seeing and the same categories occupy the top positions for me as they do for you.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category.

Download MailWasher Pro Here

MailWasher Pro spam category breakdown for May 19 through 25, 2008.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 4:02 PM | Permalink

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

In the beginning of this series I was using MailWasher Pro filters exclusively, to detect and delete incoming spam email. Since then I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

My analysis of this week's spam shows that male enhancement pills, Viagra and other pharmaceuticals occupy the top spot in my spam categories, with counterfeit brands of watches, clothes and shoes, pirated software and Google redirect exploits to fake "video codecs" (e.g: the Zlob Trojan and other Trojan Horse executables) falling further behind. All of the spam emails for pharmaceuticals have links to websites hosted in China or Korea. Most of the fake and counterfeit goods, drugs, enhancement pills and herbal solutions being spamvertised are produced in China. Foremost among these are fake pharmacy websites, like the so called "Canadian Pharmacy," which is not in Canada at all (it's in China and Indo-China), nor, despite the presence of fake accreditation logos, are they approved to sell pharmaceuticals in the US or Canada. Most of the fraudulent "Canadian Pharmacy" web pages are now hosted on compromised home or office PC's, that are unknowingly members of various spam Botnets. In fact, virtually all of the billions of spam messages hitting our inboxes these days comes from zombie computers, used as spam relays, in various Botnets.

As is usually the case, the category "Other Filters" has the second largest percentage in this week's spam analysis. That category contains all manner of miscellaneous filters that are matched by supposedly clever email subjects, such as: one word subject, digits and consonants senders, various HTML tricks, 2 line spam tricks, and some lottery and financial fraud and phishing scams. The spam main categories that rated a measurable percentage are listed below.

The current percentage of identified spam that made it through the filters on my mail server is 38% for the week ending May 4, 2008. These messages were all identified and dealt with by MailWasher Pro. I assigned some truly miscellaneous messages to the "learning filter" which then flags any similar messages as spam, making them easy to spot in the message list. This has earned the category "Learning Filter" a small spot in the list below. :-)

Download MailWasher Pro Here

MailWasher Pro spam category breakdown for April 28 through May 4, 2008.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 3:33 PM | Permalink

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

In the beginning of this series I was using MailWasher Pro filters exclusively, to detect and delete incoming spam email. Since then I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

My analysis of this week's spam shows that male enhancement pills, Viagra and other pharmaceuticals occupy the top spot in my spam categories, with counterfeit brands of watches, clothes and shoes, pirated software and Google redirect exploits to fake "video codecs" (e.g: the Zlob Trojan and other Trojan Horse executables) falling further behind. All of the spam emails for pharmaceuticals have links to websites hosted in China or Korea. Most of the fake and counterfeit goods, drugs, enhancement pills and herbal solutions being spamvertised are produced in China. Foremost among these are fake pharmacy websites, like the so called "Canadian Pharmacy," which is not in Canada at all (it's in China and Indo-China), nor, despite the presence of fake accreditation logos, are they approved to sell pharmaceuticals in the US or Canada. Most of the fraudulent "Canadian Pharmacy" web pages are now hosted on compromised home or office PC's, that are unknowingly members of various spam Botnets. In fact, virtually all of the billions of spam messages hitting our inboxes these days comes from zombie computers, used as spam relays, in various Botnets.

As was the case before, the category "Other Filters" has the largest percentage in this week's spam analysis. That category contains all manner of miscellaneous filters that are matched by supposedly clever email subjects, such as: one word subject, digits and consonants senders, various HTML tricks, 2 line spam tricks, and some good old Nigerian 419 lottery and financial fraud scams. The spam main categories that rated a measurable percentage are listed below.

The current percentage of identified spam that made it through the filters on my mail server is 38% for the week ending April 27, 2008. These messages were all identified and dealt with by MailWasher Pro. I assigned some truly miscellaneous messages to the "learning filter" which then flags any similar messages as spam, making them easy to spot in the message list. This has earned the category "Learning Filter" a small spot in the list below. :-)

MailWasher Pro spam category breakdown for April 21 through 27, 2008.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for April 21 - 27, 2008" »

Posted by Wiz at 12:44 PM | Permalink

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

In the beginning of this series I was using MailWasher Pro filters exclusively, to detect and delete incoming spam email. Since then I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

My analysis of this week's spam shows that male enhancement pills, Viagra and other pharmaceuticals occupy the top spot in my spam categories, with counterfeit brands of watches, clothes and shoes and Google redirect exploits to fake "video codecs" (e.g: the Zlob Trojan and other Trojan Horse executables) following closely behind. All of the spam emails for pharmaceuticals have links to websites hosted in China or Korea. Most of the fake and counterfeit goods, drugs, enhancement pills and herbal solutions being spamvertised are produced in China. Foremost among these are fake pharmacy websites, like the so called "Canadian Pharmacy," which is not in Canada at all (it's in China and Indo-China), nor, despite the presence of fake accreditation logos, are they approved to sell pharmaceuticals in the US or Canada. Most of the fraudulent "Canadian Pharmacy" web pages are now hosted on compromised home or office PC's, that are unknowingly members of various spam Botnets. In fact, virtually all of the billions of spam messages hitting our inboxes these days comes from zombie computers, used as spam relays, in various Botnets.

As was the case before, the category "Other Filters" has the largest percentage in this week's spam analysis. That category contains all manner of miscellaneous filters that are matched by supposedly clever email subjects, such as: one word subject, digits and consonants senders, various HTML tricks, 2 line spam tricks, and some good old Nigerian 419 lottery and financial fraud scams. The spam main categories that rated a measurable percentage are listed below.

The current percentage of identified spam that made it through the filters on my mail server is 34% for the week ending April 20, 2008. These messages were all identified and dealt with by MailWasher Pro. I assigned some truly miscellaneous messages to the "learning filter" which then flags any similar messages as spam, making them easy to spot in the message list. This has earned the category "Learning Filter" a small spot in the list below. :-)

MailWasher Pro spam category breakdown for April 14 through 20, 2008.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as a front-end screener to your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for April 14 - 20, 2008" »

Posted by Wiz at 2:42 PM | Permalink

After taking one week off from analyzing my spam (junk-mail) statistics, I am resuming them this weekend. I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

On to the spam analysis at hand!

My analysis of this week's spam shows that male enhancement pills and other pharmaceuticals have reclaimed the top spot in my spam categories, with counterfeit brands of watches, clothes and shoes and Google redirect exploits to fake "video codecs" (e.g: the Zlob Trojan and other Trojan Horse executables) following closely behind. All of the spam emails for pharmaceuticals have links to websites hosted in China or Korea. Most of the fake and counterfeit goods, drugs, enhancement pills and herbal solutions being spamvertised are produced in China. Foremost among these are fake pharmacy websites, like the so called "Canadian Pharmacy," which is not in Canada at all (it's in China and Indo-China), nor, despite the presence of fake accreditation logos, are they approved to sell pharmaceuticals in the US or Canada. Most of the fraudulent "Canadian Pharmacy" web pages are now hosted on compromised home or office PC's, that are unknowingly members of various spam Botnets. In fact, virtually all of the billions of spam messages hitting our inboxes these days comes from zombie computers, used as spam relays, in various Botnets.

As was the case before, the category "Other Filters" has the largest percentage in this week's spam analysis. That category contains all manner of miscellaneous filters that are matched by supposedly clever email subjects, such as: one word subject, digits and consonants senders, various HTML tricks, 2 line spam tricks, and some good old Nigerian 419 lottery and financial fraud scams. The spam main categories that rated a measurable percentage are listed below.

The current percentage of identified spam that made it through the filters on my mail server is 34% for the week ending April 13, 2008. These messages were all identified and dealt with by MailWasher Pro. I assigned some truly miscellaneous messages to the "learning filter" which then flags any similar messages as spam, making them easy to spot in the message list. This has earned the category "Learning Filter" a small spot in the list below. :-)

MailWasher Pro spam category breakdown for April 7 through 13, 2008.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as a front-end screener to your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for April 7 - 13, 2008" »

Posted by Wiz at 11:55 AM | Permalink

Exim Spam Filters for Websites with CPanel

If you have a website that uses cPanel as the control panel and it has email filtering enabled, on an account-wide basis, the rules below will reduce the amount of spam you see, dramatically.

First of all, you should be aware that not all cPanel icon layouts are the same, nor are all of the same options available from various hosting companies. I have my websites hosted at Bluehost and enjoy lots of user configurable options, including account-wide user-created email filter rules. I gain access to the email filters by following this path: Login to cPanel > "Home" > "Mail" section > "Account Level Filtering" icon. This opens a new cPanel page with the heading: "Edit Filters for All Mail On Your Account" - "In this area you can manage filters for your main account. Note, that if you have add-on domains hosted under the main account, their email accounts will also be covered by these filters. My cPanel also has an icon that when clicked upon allows me to create filters on an individual account basis. This way I can apply more restrictive rules to the accounts receiving the most spam, leaving the others to be filtered less drastically.

For simplicity sake I have grouped all of my various account rules into one set, which can be applied site-wide. You'll still see some spam, but not nearly as much as you do before applying these rules.

On the cPanel "Account Level Filtering" page, click the button labeled "Create a new Filter." The first input field is labeled: "Filter Name:" and you should type in the name you want to assign to each rule, or use mine, shown below. Each rule must have a unique filter name.

The next section down is labeled "Rules" and is where you select the various criteria for the rules. The options list on the left is where you choose which part of the email message the rule on that line will apply to. Use the down-arrow button to open the options list. Most commonly used filter selections are: "From, Subject, To, Body and Any Header."

The options list on the right side of Rules section determines how that rule will be applied. The options in the flyout list are: "Equals, Matches Regex, Contains, Does Not Contain, Begins With, Ends With, Does Not Begin With, Does Not End With, Does Not Match."

The actual rule text goes into the input field under the flyout options. Type, or copy and paste my rules below, into the input field for each rule. Next, under Actions, choose Discard Message, then click on the button labeled: "Activate." You will be taken to a page reporting that rule "such and such" was successfully created, and which contains a button to take you back to the main Filters page. There, under "Filter Test," you can test your rules in the test message area. Just enter text, or headers to be tested into the appropriate section, adding to or replacing what is already there, then press the "Test Filter" button. The results page will tell you what, if any filter rule has been matched and that the results would be a delivery to "/dev/null" (the bit bucket).

If the results of a filter test are "Normal Delivery," for a filtered spam message, something is wrong with your input selections. Use the Edit button next to the filter that should have applied and check your options settings and look for typos in the actual rule text. Save changes by clicking the Activate button, then test again. You'll get it right eventually. Trust me, I know - I've gone through this already.

Every rule group has a plus and a minus button on the right side. These are used to add additional criteria to the rule set. Plus adds a new rule, while minus removes the last rule. Each rule can apply to a different part of the message and have a different matching criteria. Theoretically, one could apply all of my rules to one filter set, but that would make it very hard to debug if legitimate email gets sent to the bit bucket in the sky. Keep the rules separate and properly labeled to make it easy to edit or remove them, if it becomes necessary.

See my extended comments in the section below, for the actual rules.

Continue reading "Exim Spam Filters for Websites with CPanel" »

Posted by Wiz at 4:36 PM | Permalink

This article is about current email spam categories and percentages, based on rule sets created for and reported by the anti spam tool - MailWasher Pro.

I use MailWasher Pro to screen all of my various incoming POP email accounts, and for which I write my own custom spam filter rules. I give each rule a unique name so I can track the different types of spam I am deleting and reporting. The program has an interesting incoming email statistics window, that includes a pie chart breakdown of the various types of spam that are recognized and dealt with by the software. I thought I would start sharing my spam pie chart results with you all. This is the first installment, which I will try to update during, or at the end of the week. I post a new report each week, running from Monday through Sunday.

My analysis of this week's spam shows that male enhancement pills and other pharmaceuticals were finally displaced from the top spot in my spam categories, with Nigerian 419 and lottery scams, counterfeit brands of watches, clothing and footware, fake diplomas and debt consolidation loans, leading the pack. Most of the spam emails have links to websites hosted in China or Korea. Most of the fake and counterfeit watches, clothing, drugs, enhancement pills and herbal solutions being spamvertised are produced in China. Foremost among these are fake pharmacy websites, like the so called "Canadian Pharmacy," which is not in Canada at all (it's in China and Indo-China), nor, despite the presence of fake accreditation logos, are they approved to sell pharmaceuticals in the US or Canada. Most of the fraudulent "Canadian Pharmacy" web pages are now hosted on compromised home or office PC's, that are unknowingly members of various spam Botnets.

< rant >
The only rational explanation for the continued existence of these fake pharmacies must be that there are enough gullible people in the World, who will purchase enough drugs from links in spam emails to make it financially worth while for spammers to pay to rent botnets to send this crap. Considering the fact that most of these pharmaceuticals are fake, or contaminated, one has to wonder how many people get sick, or die, because they foolishly bought spamvertised, counterfeit medicine from fraudulent, online pharmacies?
< /rant >

Due to my ongoing procedures I have merged some filters to simplify the reporting process, so the categories shown below may differ from the previous weeks' results. I have also created a special sender recognition filter, that when matched, assigns the status "BlackList" to those spam messages. This excludes lots of spam emails being categorized, since my blacklist rule is processed first. This saves processing power that is normally required by my custom filters. Furthermore, I have now applied some of my blacklist terms to the email server, on my website, automatically eliminating a huge portion of certain types of forged sender spam.

My current statistics show that spam is now 55% of all my incoming email, for the week of March 24 through 30, 2008. Without my custom MailWasher Pro filters identifying and automatically deleting most of this crap, email would be essentially useless for me (if I had to sort out the spam manually). Thanks to those custom filters, which I work hard to keep updated, I only have to manually delete a handful of spam messages on a daily basis (which I then classify into filters for you all). The machines sending this deluge of spam are all members of BotNets, with spam relays and remote command and control software surreptitiously installed, mostly by Trojans people are tricked into clicking on. I see many identical spam messages in my statistics (sorted by subject), but sent from different places in the World, all with forged sender names, confirming that this is a World-wide Spam-demic."

MailWasher Pro spam category breakdown for March 24 through 30, 2008.

Download MailWasher Pro Here

These spam categories and their relative percentages shift a bit each week, as the BotMasters send new spam scripts to the zombie computers under their control. I will try to keep the percentages updated and merge miscellaneous categories as I am able to identify what they were spamvertising. Also, for over two months now, I have been blacklisting particular forged senders that match a pattern. The blacklisted category is quickly rising above all independent spam classifications, proving that my pattern matching is working. Many of the blacklisted spam messages are for counterfeit Viagra, illegal HGH, dubious male enhancement drugs, or pirated software.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as a front-end screener to your POP email program (Outlook, Outlook Express, Microsoft Mail, Thunderbird, Eudora, etc).

Continue reading "My Spam analysis for March 24 - 30, 2008" »

Posted by Wiz at 3:39 PM | Permalink

Lately, I have been getting lots of Nigerian 419 Lottery scams, with the originating IP located in Spain, especially the ISPs - Ono.com and Telefonica.es. However, when I report these scams to SpamCop, a lot of the sending (not originating) IP addresses end up belonging to residential customers of broadband services in the US, Europe and South America. This tells me that the Nigerian crime gangs have buddied up with the owners of a botnet and are using it to relay some of their scam messages. Furthermore, some, but not all, of the scam emails also contain clickable links that lead to instant downloads of Trojan Horse downloaders, Keyloggers and Backdoors. This stinks of the Storm-Worm-Zhelatin Gang, located in St. Petersburg, Russia, although it could be a different botnet being rented out to Nigerians.

The main point of this article is not about botnets. Rather, it is to point out that many Nigerian 419 fraudsters are moving out of Africa, and Amsterdam (where they got arrested, convicted and deported), and settling in Spain. Not wanting to have their scam/spam messages traced directly to them, they have taken to the airwaves, literally. They are "piggybacking" on their neighbors' unsecured wireless routers, in apartment complexes or houses, using IP addresses assigned to other legitimate customers, to send scam runs. The victims are complet