Wiz's Computer and Website Security Blog

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have increased 6% this week, to 54% of all my incoming email. I saw a few new courier infected attachment exploits this week. All the the rest of the spam was typical junkmail for counterfeit Chinese watches, fake Cialis and Viagra, illicit prescription drugs, male enhancement scams, pirated software, and fake diploma scams.

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses.

Sometimes, your own email address is forged as the sender, as well as being the recipient. The practice of forging the recipient's own email address in the From field is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for August 23 - 29, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis & filter updates for the week of Aug 23 - 29, 2010" »

Posted by Wiz at 11:16 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have decreased 8% this week, to 48% of all my incoming email. This represents a 12% decline over two weeks. I saw 2 new DHL infected attachment exploits this week. All the the rest of the spam was typical junkmail for counterfeit Chinese watches, fake Cialis and Viagra, illicit prescription drugs, male enhancement scams, pirated software, and a few Nigerian lottery and 419 scams.

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses.

Sometimes, your own email address is forged as the sender, as well as being the recipient. The practice of forging the recipient's own email address in the From field is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for August 16 - 22, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis & filter updates for the week of Aug 16 - 22, 2010" »

Posted by Wiz at 12:52 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

There was news today on the anti-spam front. It was just reported that the #2 spammer in the world, Leo Kuvayev, is sitting in jail, awaiting trial in Russia, on charges of molesting over 50 young girls he lured away from Russian orphanages. Kuvayev is responsible for operating bogus online pharmacies, porn sites, including child porn, pirated OEM software and related affiliate programs for these illegal activities. His organization is called BadCow and his partner in crime is running it in his absence. Many of the spam messages we receive on a daily basis are sent by Botnets under his control, or operated by his associates. The spammers themselves are affiliates of BadCow. When spam recipients are foolish enough to purchase a spamvertised item, the affiliate spammers earn a commission and Leo Kuvayev lines his pockets even more.

My incoming spam levels have decreased 4% this week, to 56% of all my incoming email. I didn't see any new types of spam this week. All the the spam that botnets are sending out this week is typical junkmail for counterfeit Chinese watches, fake Viagra, illicit prescription drugs - sans the prescription, male enhancement scams, pirated software, fake diplomas and Nigerian lottery and 419 scams. Many of the pirated software domains this week are hosted in the Ukraine. Most Russian sender spam was for counterfeit watches.

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

My blacklisted senders list was fairly effective this week, auto-deleting ~5.5% of all incoming spam. 57 of this week's spam messages also included my own account names in the From and Subject and most were selling fake Viagra or male enhancement junk. This illegal spam practice is known as a "Joe Job" and it is used to slip spam past our own filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so you can easily detect and delete Joe Job spam, if you are using MailWasher Pro as your spam filter.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for August 9 - 15, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of August 9 - 15, 2010" »

Posted by Wiz at 3:06 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have increased 9% this week, to 60% of all my incoming email. I didn't see any new types of spam this week. All the the spam that botnets are sending out this week is typical junkmail for counterfeit Chinese watches, fake Viagra, illicit prescription drugs - sans the prescription, male enhancement scams, pirated software, fake diplomas and Nigerian lottery and 419 scams. Many of the pirated software domains this week are hosted in Vietnam and China. Most Russian sender spam was for counterfeit watches.

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

My blacklisted senders list was quite effective this week, auto-deleting ~7% of all incoming spam. 66 of this week's spam messages also included my own account names in the From and Subject and most were selling fake Viagra or male enhancement junk. This illegal spam practice is known as a "Joe Job" and it is used to slip spam past our own filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so you can easily detect and delete Joe Job spam, if you are using MailWasher Pro as your spam filter.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for August 2 - 8, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of August 2 - 8, 2010" »

Posted by Wiz at 12:27 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have increased 2% this week, to 51% of all my incoming email. I didn't see any new types of spam this week. All the the spam that botnets are sending out this week is typical junkmail for fake Viagra, illicit prescription drugs - sans the prescription, male enhancement scams, Nigerian lottery and 419 scams, Fake diplomas, counterfeit watches and pirated software. All of the pirated software is hosted on websites ending with .RU, which are Russian domains. The servers allowing this crap to go on are located in China.

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

My blacklisted senders list was quite effective this week, auto-deleting ~10% of all incoming spam. 41 of this week's spam messages also included my own account names in the From and Subject and most were selling fake Viagra or male enhancement junk. This illegal spam practice is known as a "Joe Job" and it is used to slip spam past our own filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so you can easily detect and delete Joe Job spam, if you are using MailWasher Pro as your spam filter.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for July 26 - Aug 1, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of July 26 - Aug 1, 2010" »

Posted by Wiz at 4:01 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have decreased 5% this week, to 49% of all my incoming email. New this week is a run of fake, but authentic looking scams forging Amazon.com order confirmations, complete with a fake, but properly formatted purchase order code in the subject. The message bodies should be a giveaway to anybody who reads them thoroughly, because the greeting lists your email address, instead of your legal name (real Amazon orders always include your real name). Plus, the dollar amounts shown don't match or add up. Further, when you hover your pointer over the links they all go to the same destination, which is NOT on Amazon.com! These links lead to a scripted exploit attack which results in unprotected PCs becoming members of a Botnet.

The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

My blacklisted senders list was quite effective this week, auto-deleting 10.46% of all incoming spam. Many (53) of this week's spam messages also included my own account names in the From and Subject and most were selling fake Viagra. This illegal spam practice is known as a "Joe Job" and it is used to slip spam past our own filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so you can easily detect and delete Joe Job spam, if you are using MailWasher Pro as your spam filter.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for July 19 - 25, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of July 19 - 25, 2010" »

Posted by Wiz at 2:41 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

As I write this I am looking at the fourth Amazon.com scam message I have received in the last 24 hours. These messages are professionally composed and very closely resemble an actual similar email that one receives after making a purchase at Amazon.com. However, there are some telltale differences, listed below, that give away the fake notices. All of the current scams have this subject:

Your Amazon.com Order (D2 numbers-7 numbers-7 numbers). This is exactly the same layout as a real confirmation for Amazon.com.

Before I tell you how to differentiate between a legitimate Amazon order confirmation and the fakes, I want to show you where you will end up if you are tricked into clicking on a link in a fake Amazon notice. In the sample of the fake notice before me, everything looks like an official order confirmation for an Amazon.com purchase, all the way down to the graphics and most, but not all of the text (see next paragraph). The main difference is that every single clickable link in the fake message leads to a domain that is not on amazon.com at all. All links lead to the same hostile location, via a 301 Apache web server redirect, created in an .htaccess file on a compromised VPS web server. The new location of this redirection is, in this instance: actcountry.ru:8080, which is hosted on a an nginx Russian web server, on an unconfigured dedicated server in France, belonging to OVH Hosting.

At this moment the payload is offline, but it could return at any time, or may appear on another server used in the domain redirection scripts. There is no doubt that the payload was not friendly to most browsers on Windows operating systems.

The rest of the details about identifying fake Amazon purchase confirmations, follow in my extended comments.

Continue reading "Beware of fake Amazon.com purchase order scams" »

Posted by Wiz at 2:23 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

My incoming spam levels have increased 2% this week, to 54% of all my incoming email. New this week is a dangerous attachment pretending to be a scann from a Xerox WorkCenter Pro. This attack is probably targeted at businesses which may exchange Xerox documents online, or via email. In the case of this spam run, the attachments are inside a Zipfile and are actually the Trojan downloader named "Oficla," or "Meredrop." If you execute that enclosed fake document your PC will be taken over by criminal Botmasters in Eastern Europe.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

My blacklisted senders list was quite effective this week, auto-deleting almost 11% of all incoming spam. Many (51) of this week's spam messages also included my own account names in the From and Subject and most were selling fake Viagra. This illegal spam practice is known as a "Joe Job" and it is used to slip spam past our own filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so you can easily detect and delete Joe Job spam, if you are using MailWasher Pro as your spam filter.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for July 12 - 18, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of July 12 - 18, 2010" »

Posted by Wiz at 1:44 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have decreased 4% this week, to 52% of all my incoming email. This decline is partly caused by my rerouting all Russian language spam to a blackhole on my server. Previously, I allowed MailWasher to classify and auto-delete all Russian sent and Russian language spam. Now, only a few Russian senders (but English language) get through, only to be automatically deleted by my MailWasher Blacklist entry: +@+.ru

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw another typical variety of categories of spam, led by fake Viagra, illicit pharmaceuticals and male enhancement scams, followed by Russian senders, counterfeit watches, fake diplomas and pirated software. If you are using my custom MailWasher Pro filters, keep the filters for these types of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.

My blacklisted senders list was very effective this week, auto-deleting almost 19% of all incoming spam. Many (61) of this week's spam messages also included my own account names in the From and Subject and most were selling fake Viagra. This illegal spam practice is known as a "Joe Job" and it is used to slip spam past our own filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so you can easily detect and delete Joe Job spam, if you are using MailWasher Pro as your spam filter.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for July 5 - 11, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of July 5 - 11, 2010" »

Posted by Wiz at 2:35 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have decreased 6% this week, to 56% of all my incoming email. This decline is partly caused by my rerouting all Russian language spam to a blackhole on my server. Previously, I allowed MailWasher to classify and auto-delete all Russian sent and Russian language spam. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw another typical variety of categories of spam, led by fake diplomas, fake Viagra, unlicensed pharmaceuticals and male enhancement scams, Russian senders, counterfeit goods and pirated software. Keep the fake diplomas, Viagra, male enhancement, Russian sender and pirated software filters high up your list of custom filters, to minimize the impact on your CPU when analyzing incoming messages for spam content.

I have noticed that with school now out for the summer and graduation ceremonies over, fake diplomas are the number one classification of spam, for two weeks in a row. I guess that the arrogant foreign spammers behind these scams believe that our students lack the parts to earn a diploma fair and square. But, in case you are reading this and were thinking about buying a fake diploma in the hopes of getting a high paying job, you should be alerted to this cold hard fact of life. If you buy a fake diploma, when, not if, you are found out, if that diploma landed you a job you will be fired as soon as they learn the truth. Then, your former employer will notify any hiring agencies who referred you and you will be blacklisted by all US and Canadian HR companies, including Temp placement companies. They share information about people who lie on applications and use fake diplomas and credentials. If you need to get more credits to graduate, go to summer school and get it honest!

My blacklisted senders list was slightly effective this week, auto-deleting 9.39% of all incoming spam. Many (37) of this week's spam messages also included my own account names in the From and Subject and most were selling fake Viagra. This illegal spam practice is known as a "Joe Job" and it is used to slip spam past our own filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so you can easily detect and delete Joe Job spam, if you are using MailWasher Pro as your spam filter.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for June 28 - July 4, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of June 28 - July 4, 2010" »

Posted by Wiz at 2:09 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have decreased 8% this week, to 62% of all my incoming email. This decline is partly caused by my rerouting all Russian spam to a blackhole on my server. Previously, I allowed MailWasher to classify and auto-delete all Russian sent and Russian language spam. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw another typical variety of categories of spam, led by fake Viagra, counterfeit diplomas, Russian spam, male enhancement and pirated software. Keep the Viagra, Russian sender, counterfeit diplomas, male enhancement and pirated software filters high up your list of custom filters, to minimize the impact on your CPU when analyzing incoming messages for spam content.

If you are also getting a lot of unreadable Russian spam, my custom MailWasher "Russian Sender" filter and a Blacklist addition of +@+.ru should kill all of it, if set to Automatically Delete. You can kill this Russian junk off of your domain email system, if you are hosted on a cPanel website. Go to the Email Account Level Filtering and add the following conditions and rule: If ANY HEADER contains: "koi8-r" OR if the BODY contains: "charset=koi8-r" - Discard Message.

My blacklisted senders list was slightly effective this week, auto-deleting 5.71% of all incoming spam. Many of this week's spam messages also included my own account names in the From and Subject and most were selling fake Viagra. This illegal spam practice is known as a "Joe Job" and it is used to slip spam past our own filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so you can easily detect and delete Joe Job spam, if you are using MailWasher Pro as your spam filter.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for June 21 - 27, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of June 21 - 27, 2010" »

Posted by Wiz at 3:15 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased 4% this week, to 70% of all my incoming email. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw another typical variety of categories of spam, led by lots of unreadable Russian language spam, counterfeit Viagra, counterfeit college diplomas and counterfeit watches. Runners up were the bogus Canadian Pharmacy and Male Enhancement scams. Keep the Viagra, Canadian Pharmacy, Russian Sender, counterfeit Watches and Diploma filters high up your list of custom filters, to minimize the impact on your CPU when analyzing incoming messages for spam content.

If you are also getting a lot of unreadable Russian spam, my custom MailWasher "Russian Sender" filter and a Blacklist addition of +@+.ru should kill all of it, if set to Automatically Delete.

My blacklisted senders list was effective this week, auto-deleting ~7% of all incoming spam. Many of this week's spam messages also included my own account names in the From and Subject and most were selling fake Viagra. This illegal spam practice is known as a "Joe Job" and it is used to slip spam past our own filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so you can easily detect and delete Joe Job spam, if you are using MailWasher Pro as your spam filter.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for June 14 - 20, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of June 14 - 20, 2010" »

Posted by Wiz at 12:51 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased 4% this week, to 66% of all my incoming email. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw another typical variety of categories of spam, led by lots of unreadable Russian language spam, counterfeit Viagra, fake diplomas and counterfeit watches. Runners up were the bogus Canadian Pharmacy and Male Enhancement scams. Keep the Viagra, Canadian Pharmacy, Russian Sender, counterfeit Watches and Diploma filters high up your list of custom filters, to minimize the impact on your CPU when analyzing incoming messages for spam content.

If you are also getting a lot of unreadable Russian spam, my custom MailWasher "Russian Sender" filter and a Blacklist addition of +@+.ru should kill all of it, if set to Automatically Delete.

My blacklisted senders list was effective this week, auto-deleting ~7% of all incoming spam, which included a huge amount of the aforementioned Russian language spam (see my extended content for details). I saw a slight increase in the number of emails forging my own accounts as the senders, with 50 this week, which was ~10% of my total spam. Many of these spam messages also included the same account names in the Subject and all were selling fake Viagra. This illegal practice is known as a "Joe Job" and it is used to slip spam past our filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so you can easily detect and delete Joe Job spam, if you are using MailWasher Pro as your spam filter.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for June 7 - 13, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of June 7 - 13, 2010" »

Posted by Wiz at 4:17 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

I don't know if a Botnet has been mis-programmed, or if some Russian spammers have mistaken my domain for a Russian speaking domain, but I am seeing huge amounts of unreadable Russian language spam over the past month. However, I doubt that I am the only totally English speaking person in the USA who is getting this unintelligible Cyrillic spam.

The why's are unimportant to me, or to you, if you are also getting foreign language spam. A few years ago I was getting Chinese language spam, which is totally weird to look at. Both the Russian and Chinese alphabets look like something out of Star Trek to me. Most people are annoyed when they get any spam at all. But, getting spam you can't even read is worse. Since I can't read the content I have no use in looking at this crap, so I have created spam filters to automatically delete it off my email servers, and I will share them with you.

I have certain systems in place to filter out spam before I download it, but you all might have altogether different measures in place. I will outline my countermeasures, then suggest others that you may be able to use.

My primary tool in the war to secure my inbox is an anti-spam program called MailWasher Pro (MWP). It is a desktop application that intercepts all incoming POP3 email, from all of the various email servers that I use to get and send email. In my extended comments I will reveal two powerful filters that I have created, which combined will automatically delete 100% of the Cyrillic coded spam sent to my various POP3 accounts.

My second tool is my desktop email client; Windows Live Mail (WLM). This is the most recent child of the no longer supported Outlook Express email client, from Microsoft. Outlook Express died when Windows Vista was released. At the same time, Windows Mail was included with Vista. With the advent of Windows 7, Windows Live Mail is the only email client available from Microsoft, as an optional download. Unlike Outlook Express, Windows Live Mail includes a junk filter module, which receives updates from time to time. You can also block incoming messages from your inbox by applying the new "International" filter, which reads the sender's From address or language encoding. If the domain listed in the From field, or the text coding matches one on the blocked countries list, it automatically goes to the Junk Mail folder, or is automatically deleted, according to your choices.

The previous anti spam countermeasures are for people using a POP3 or IMAP desktop email client to download, read, compose and send email. But, many people are still using browser based email systems, like Hotmail, Yahoo, AOL, Comcast, Charter, and other proprietary mail systems from free mail providers, or from their web hosting companies. You folks must search out and apply any junk mail rules available from your email service. I will show you how to apply junk filters to Yahoo and Hotmail, using your web browsers.

Most web hosting accounts now come with the option to enable Spam Assassin. You can turn on Spam Assassin and add the regular expression to block any "From" address containing the domain .ru

Continue reading "Blocking Russian language spam with junk filter rules" »

Posted by Wiz at 11:31 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased 3% this week, to 62% of all my incoming email. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw another typical variety of categories of spam, led by blacklisted domains, counterfeit Viagra, counterfeit watches, and lots of unreadable Russian language spam. Keep the Viagra, Russian Sender, counterfeit Watches filters high up your list of custom filters, to minimize the impact on your CPU when analyzing incoming messages for spam content.

If you are also getting a lot of unreadable Russian spam, my custom MailWasher "Russian Sender" filter and a Blacklist addition of +@+.ru should kill all of it, if set to Automatically Delete.

My updated blacklisted senders list proved extremely effective this week, auto-deleting ~35% of all incoming spam, which included a huge amount of the aforementioned Russian language spam (see my extended content for details). I saw another decrease in the number of emails forging my own accounts as the senders, with 45 this week, which was ~9% of my total spam. Many of these spam messages also included the same account names in the Subject and all were selling fake Viagra. This illegal practice is known as a "Joe Job" and it is used to slip spam past our filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so you can easily detect and delete Joe Job spam, if you are using MailWasher Pro as your spam filter.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for May 31 - June 6, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of May 31 - June 6, 2010" »

Posted by Wiz at 3:54 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have decreased 3% this week, to 59% of all my incoming email. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw another typical variety of categories of spam, led by counterfeit Viagra and other illicit and counterfeit pharmaceuticals, including spam for the totally fake Canadian Pharmacy. Other measurable categories of spam included counterfeit diplomas and counterfeit watches, and lots of unreadable Russian language spam. Keep the Viagra, Canadian Pharmacy, Male Enhancement, Russian Sender, Diploma and the counterfeit Watches filters high up your list of custom filters, to minimize the impact on your CPU when analyzing incoming messages for spam content.

If you are also getting a lot of unreadable Russian spam, my custom MailWasher "Russian Sender" filter and a Blacklist addition of +@+.ru should kill all of it, if set to Automatically Delete.

My updated blacklisted senders list proved extremely effective this week, auto-deleting ~32% of all incoming spam, which included a huge amount of the aforementioned Russian language spam (see my extended content for details). I saw a decrease in the number of emails forging my own accounts as the senders, with 82 this week, which was ~19% of my total spam. Many of these spam messages also included the same account names in the Subject and all were selling fake Viagra. This illegal practice is known as a "Joe Job" and it is used to slip spam past our filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so you can easily detect and delete Joe Job spam, if you are using MailWasher Pro as your spam filter.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for May 24 - 30, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of May 24 - 30, 2010" »

Posted by Wiz at 3:18 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased 2% this week, to 62% of all my incoming email. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a typical variety of categories of spam, led by counterfeit Viagra and other illicit and counterfeit pharmaceuticals, including spam for the totally fake Canadian Pharmacy. Other categories of spam included counterfeit diplomas and watches, Russian sender spam, weight loss scams and porn video link scams. Keep the Viagra, Canadian Pharmacy, Male Enhancement, Russian Sender, Diploma and the counterfeit Watches filters high up your list of custom filters, to minimize the impact on your CPU when analyzing incoming messages for spam content.

My updated blacklisted senders list proved extremely effective this week, auto-deleting ~30% of all incoming spam (see my extended content for details). I saw a huge increase in the number of emails forging my own accounts as the senders, with 124 this week, which was ~22% of my total spam. Many of these spam messages also included the same account names in the Subject and all were selling fake Viagra. This illegal practice is known as a "Joe Job" and it is used to slip spam past our filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so you can easily detect and delete Joe Job spam, if you are using MailWasher Pro as your spam filter.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for May 17 - 23, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of May 17 - 23, 2010" »

Posted by Wiz at 4:12 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased 3% this week, to 60% of all my incoming email. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a typical variety of categories of spam, led by counterfeit Viagra and other illicit and counterfeit pharmaceuticals, including spam for the totally fake Canadian Pharmacy. Other categories of spam included counterfeit watches, Trojan attachments in fake resumes, Nigerian 419 scams and fake diplomas. Keep the Viagra, Canadian Pharmacy, Male Enhancement, 419 Scams and the counterfeit Watches filters high up your list of custom filters, to minimize the impact on your CPU when analyzing incoming messages for spam content.

By the way, the zipfile attachments claiming to be a resume in CV format actually contain Trojan downloaders. Open them on a Windows PC and you will probably become Botnetted!

My updated blacklisted senders list proved quite effective this week, auto-deleting ~17% of all incoming spam (see my extended content for details). I saw a big increase in the number of emails forging my own accounts as the senders, with 96 this week, which was ~20% of my total spam. Many of these spam messages also included the same account names in the Subject. This illegal practice is known as a "Joe Job" and it is used to slip spam past our filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so you can easily detect and delete Joe Job spam, if you are using MailWasher Pro as your spam filter.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for May 10 - 16, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of May 10 - 16, 2010" »

Posted by Wiz at 3:47 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have remained exactly the same this week as last week, at 57% of all my incoming email. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a typical variety of categories of spam, led by counterfeit Viagra and other illicit and counterfeit pharmaceuticals, including spam for the totally fake Canadian Pharmacy. Other categories of spam included counterfeit watches, courier Trojan scams, pirated software and fake diplomas. Keep the Viagra, Canadian Pharmacy, Male Enhancement, Courier Scams and the counterfeit Watches filters high up your list of custom filters, to minimize the impact on your CPU when analyzing incoming messages for spam content.

By the way, the Courier Scams all contain Botnet Trojan attachments. Open them on a Windows PC with any vulnerable software they target and you will probably become Botnetted!

My updated blacklisted senders list proved quite effective this week, auto-deleting ~19% of all incoming spam (see my extended content for details). I saw a slight increase in the number of emails forging my own accounts as the senders, with 75 this week, which was ~18% of my total spam. Many of these spam messages also included the same account names in the Subject. This illegal practice is known as a "Joe Job" and it is used to slip spam past our filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so you can easily detect and delete Joe Job spam, if you are using MailWasher Pro as your spam filter.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for May 3 - 9, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of May 3 - 9, 2010" »

Posted by Wiz at 3:16 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased slightly this week as last week, at 57% of all my incoming email. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a typical variety of categories of spam, led by counterfeit Viagra and other illicit and counterfeit pharmaceuticals, including spam for the totally fake Canadian Pharmacy. Other categories of spam included counterfeit watches, Nigerian 419 and lottery scams, pirated software and fake diplomas. Keep the Viagra, Canadian Pharmacy, Male Enhancement and the counterfeit Watches filters high up your list of custom filters, to minimize the impact on your CPU when analyzing incoming messages for spam content.

My updated blacklisted senders list proved quite effective this week, auto-deleting ~17% of all incoming spam (see my extended content for details). I saw a slight decrease in the number of emails forging my own accounts as the senders, with 66 this week, which was ~14% of my total spam. Many of these spam messages also included the same account names in the Subject. This illegal practice is known as a "Joe Job" and it is used to slip spam past our filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so you can easily detect and delete Joe Job spam, if you are using MailWasher Pro as your spam filter.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for April 26 - May 2, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of April 26 - May 2, 2010" »

Posted by Wiz at 2:55 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased slightly this week as last week, at 54% of all my incoming email. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a typical variety of categories of spam, led by counterfeit Viagra and other illicit and counterfeit pharmaceuticals, including spam for the totally fake Canadian Pharmacy. Other categories of spam included counterfeit watches and brand name goods and some Nigerian scams and Zbot threats in fake courier failed delivery notices. Keep the Viagra, Canadian Pharmacy, Male Enhancement and the counterfeit Watches filters high up your list of custom filters, to minimize the impact on your CPU when analyzing incoming messages for spam content.

My updated blacklisted senders list proved quite effective this week, auto-deleting 15.90% of all incoming spam (see my extended content for details). I saw a decrease in the number of emails forging my own accounts as the senders, with 69 this week, which was 18% of my total spam. Many of these spam messages also included the same account names in the Subject. This illegal practice is known as a "Joe Job" and it is used to slip spam past our filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so you can easily detect and delete Joe Job spam, if you are using MailWasher Pro as your spam filter.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for April 19 - 25, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of April 19 - 25, 2010" »

Posted by Wiz at 12:59 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased slightly this week as last week, at 52% of all my incoming email. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a typical variety of categories of spam, led by counterfeit Viagra and other illicit and counterfeit pharmaceuticals, including spam for the totally fake Canadian Pharmacy. Other measurable categories of spam included many for counterfeit watches, Russian bride dating scams (via Live.com spam links) and fake courier failed delivery notices that have attachments containing the Zbot, a.k.a. the Zeus banking Trojan.

My updated blacklisted senders list proved slightly effective this week, auto-deleting 7.52% of all incoming spam (see my extended content for details). I saw a huge increase in the number of emails forging my own accounts as the senders, with 101 this week, which was 33% of my total spam. This illegal practice is known as a "Joe Job" and it is used to slip spam past our filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so I can easily detect and delete Joe Job spam.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for April 12 - 18, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of April 12 - 18, 2010" »

Posted by Wiz at 3:12 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have remained the same this week as last week, at 48% of all my incoming email. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a typical variety of categories of spam, led by counterfeit Viagra and other illicit and counterfeit pharmaceuticals, including spam for the totally fake Canadian Pharmacy. Other measurable categories of spam included many for counterfeit watches and Russian bride dating scams.

My updated blacklisted senders list proved very effective this week, auto-deleting 12% of all incoming spam (see my extended content for details). I saw a huge increase in the number of emails forging my own accounts as the senders, with 90 this week, which was 30% of my total spam. This illegal practice is known as a "Joe Job" and it is used to slip spam past our filters. Joe Jobs depend on people white-listing their own accounts and domains. Fortunately, MailWasher custom filters allow you to override the friends list, so I can easily detect and delete Joe Job spam.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for April 5 - 11, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of April 5 - 11, 2010" »

Posted by Wiz at 2:05 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have decreased 8% this week from last week's level, making two consecutive weeks of declines in spam volumes. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a typical variety of categories of spam, led by counterfeit Viagra and other illicit pharmaceuticals. The totally fake Canadian Pharmacy is back in the count, with a lot of landing pages hosted on spaces.live.com pages, as well as on Botnetted PCs. Other measurable categories of spam included counterfeit watches and other knockoffs, fake diplomas, Russian bride dating scams and UPS Phishing scams.

My updated blacklisted senders list proved very effective this week, auto-deleting almost 15% of all incoming spam (see my extended content for details). I saw slight decrease in the number of emails forging my own accounts as the senders, with 48 this week, which was 16% of my total spam. This illegal practice is known as a "Joe Job" and it is used to slip spam past our filters. Joe Jobs depend on people whitelisting their own accounts and domains.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for March 29 - April 4, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of March 29 - April 4, 2010" »

Posted by Wiz at 1:45 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have decreased 2% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a typical variety of categories of spam, led by counterfeit Viagra and other illicit prescription drugs dispensed without the required prescriptions. The totally fake Canadian Pharmacy is back in the count, with a lot of landing pages hosted on spaces.live.com pages. Other measurable categories of spam included counterfeit watches, fake diplomas, pirated Adobe software, Russian bride dating scams and Phishing scams. The Phishing scams included a bunch forging the US IRS as the sender, with subjects pertaining to alleged underreported income. The links in those scams lead to the download and installation of the ZBot/Zeus Trojan keylogger and backdoor.

My updated blacklisted senders list proved very effective this week, auto-deleting over 20% of all incoming spam (see my extended content for details). I saw another increase in the number of emails forging my own accounts as the senders, with 60 this week. This illegal practice is known as a "Joe Job" and it is used to slip spam past our filters. Joe Jobs depend on people whitelisting their own accounts and domains.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for March 22 - 28, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of March 22 - 28, 2010" »

Posted by Wiz at 11:48 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased 8% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a typical variety of categories of spam, led by counterfeit Viagra and other illicit prescription drugs dispensed without the required prescriptions. The totally fake Canadian Pharmacy is back in the count, with a lot of landing pages hosted on spaces.live.com pages. Other measurable categories of spam included counterfeit watches, fake diplomas, offshore casinos, phony car warranties hosted in Korea and Russian bride dating scams.

My updated blacklisted senders list proved very effective this week, auto-deleting over 30% of all incoming spam (see my extended content for details). I saw another increase in the number of emails forging my own accounts as the senders. This illegal practice is known as a "Joe Job" and it is used to slip spam past our filters. Joe Jobs depend on people whitelisting their own accounts and domains.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for March 15 - 21, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of March 15 - 21, 2010" »

Posted by Wiz at 1:35 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased 5% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a typical variety of categories of spam, led by counterfeit Viagra and other illicit prescription drugs, sold unlawfully without a real prescription. Other measurable categories of spam included counterfeit watches and other goods, fake diplomas, pirated software, and Russian dating scams.

My updated blacklisted senders list proved effective this week, auto-deleting almost 10% of all incoming spam (see my extended content for details). I saw another increase in the number of emails forging my own accounts as the senders. This illegal practice is known as a "Joe Job" and it is used to slip spam past our filters. Joe Jobs depend on people whitelisting their own accounts and domains.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for March 8 - 14, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of March 8 - 14, 2010" »

Posted by Wiz at 4:41 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have decreased 2% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknownst to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a typical variety of categories of spam, including a lot of spam for counterfeit watches and phones, illicit prescription drugs, fake Viagra, Canadian Pharmacy scams, pirated software, dating scams, and fake diplomas.

My updated blacklisted senders list proved less effective this week, auto-deleting only 4% of all incoming spam (see my extended content for details). The decline in blacklisted matches is the result of spammers changing their tactics from previous weeks. In fact, I saw a giant increase in the number of emails forging my own accounts as the senders. This illegal practice is known as a "Joe Job" and it is used to slip spam past our filters. Joe Jobs depend on people whitelisting their own accounts and domains.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for March 1 - 7, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of March 1 - 7, 2010" »

Posted by Wiz at 3:27 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have decreased 5% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a typical variety of categories of spam, including a lot of spam for counterfeit watches, illicit drugs, fake Viagra, Canadian Pharmacy scams, pirated software, casinos and fake diplomas. My updated blacklisted senders list proved effective again this week, auto-deleting over 9% of all incoming spam (see my extended content for details).

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Feb Feb 22 - 28, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of Feb 22 - 28, 2010" »

Posted by Wiz at 1:21 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased 5% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a typical variety of categories of spam, including a lot of spam for counterfeit watches and phones, illicit drugs, fake Viagra, Russian dating scams, pirated software, casinos and fake diplomas. My updated blacklisted senders list proved extremely effective again this week, auto-deleting over 16% of all incoming spam (see my extended content for details).

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Feb 15 - 21, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of Feb 15 - 21, 2010" »

Posted by Wiz at 11:03 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have decreased 4% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a large variety of categories of spam, including a lot of spam for counterfeit diplomas, watches and Viagra, the totally fake "Canadian Pharmacy," Russian dating scams, Nigerian 419 and lottery scams and various identity phishing scams. My updated blacklisted senders list proved extremely effective again this week, auto-deleting over 24% of all incoming spam (see my extended content for details).

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Feb 8 - 14, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.

Continue reading "My Spam analysis for the week of Feb 8 - 14, 2010" »

Posted by Wiz at 2:27 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased 2% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a large variety of categories of spam, including Russian dating spam, fake diplomas and counterfeit brand name watches, pirated software, male enhancement scams, counterfeit Viagra, the fake Canadian Pharmacy, Nigerian 419 scams, DHL and UPS Courier scams and other phishing scams. My updated blacklisted senders list proved extremely effective again this week, auto-deleting ~19% of all incoming spam.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Feb 1 - 7, 2010, and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for the week of Feb 1 - 7, 2010" »

Posted by Wiz at 12:55 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased 2% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a large variety of categories of spam, including Russian dating spam, fake diplomas and counterfeit brand name watches, pirated software, male enhancement scams, counterfeit Viagra, the fake Canadian Pharmacy and DHL Courier scams. My updated blacklisted senders list proved extremely effective again this week, auto-deleting ~25% of all incoming spam.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Jan 25 - 31, 2010, and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for the week of Jan 25 - 31, 2010" »

Posted by Wiz at 1:19 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have thankfully decreased 10% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a large variety of categories of spam, including Russian dating spam, fake diplomas and counterfeit brand name watches, male enhancement scams, counterfeit Viagra and the fake Canadian Pharmacy. My updated blacklisted senders list proved extremely effective again this week, auto-deleting ~17% of all incoming spam.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Jan 18 - 24, 2010, and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for the week of Jan 18 - 24, 2010" »

Posted by Wiz at 1:59 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased a whopping 25% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a large variety of categories of spam, including Russian dating spam, fake diplomas and counterfeit brand name watches, counterfeit Viagra and the fake Canadian Pharmacy. My updated blacklisted senders list proved extremely effective again this week, auto-deleting ~27% of all incoming spam.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Jan 11 - 17, 2010, and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for the week of Jan 11 - 17, 2010" »

Posted by Wiz at 4:33 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased a whopping 15% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a large variety of categories of spam, led by spam for Viagra, casinos, pirated software, counterfeit watches, the fake Canadian Pharmacy and other pharmaceuticals, and fake diplomas. Saturday, Jan 9, was the "spamiest" day this week. My blacklisted senders list proved effective again this week, catching ~13% of all incoming spam.

Not included in my statistics were several spam messages sent from hijacked PCs, faking a personal friend's account as the sender. The same message was sent to his entire group of contacts. The only body content was a link which led to an exploit web page, hosted on computers in a Botnet, all running an Nginx web server, from Russia. The exploit was based on a bogus Flash Player upgrade file, which is a Trojan Horse.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Jan 3 - 10, 2010, and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for the week of Jan 3 - 10, 2010" »

Posted by Wiz at 2:29 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased 3% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a large variety of categories of spam, including spam for Viagra, pirated software, counterfeit watches, the fake Canadian Pharmacy and other fake pharmacies, phony loans, fake diplomas, plus some Nigerian 419 scams. Thursday, Dec 31 was the "spamiest" day this week. My blacklisted senders list proved effective again this week, catching 10% of the incoming spam.

Not included in my statistics were several spam messages sent from hijacked PCs, faking a personal friend's account as the sender. The same message was sent to his entire group of contacts. The only body content was a link which led to an exploit web page, hosted on computers in a Botnet, all running an Nginx web server, from Russia. The exploit was based on a bogus Flash Player upgrade file, which is a Trojan Horse.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Dec 28, 2009 - Jan 3, 2010, and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for the week of Dec 28, 2009 - Jan 3, 2010" »

Posted by Wiz at 3:55 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have decreased 3% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a large variety of categories of spam, including spam for pirated software, counterfeit watches, the fake Canadian Pharmacy and other fake pharmacies, illegal-to-import Viagra from China and India, HTML positioning tricks, plus some Nigerian 419 scams. Monday, Dec 21 was the "spamiest" day this week. Further, my blacklisted senders list proved very effective this week.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Dec 21 - 27, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for the week of Dec 21 - 27, 2009" »

Posted by Wiz at 2:31 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have decreased 6% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a large variety of categories of spam, including spam for the fake Canadian Pharmacy and other fake pharmacies, illegal-to-import Viagra from China and India, acai berry weight loss scams, counterfeit watches, loan scams and lottery scams. Also continuing this week was a run of pornographic spam subjects. Thursday, Dec 17 was the "spamiest" day this week.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Dec 14 - 20, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for the week of Dec 14 - 20, 2009" »

Posted by Wiz at 1:58 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased 7% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week saw a large variety of categories of spam, including the return of male enhancement scams, spam for the fake Canadian Pharmacy, Illicit Viagra from China, weight loss scams, counterfeit watches, loan scams and identity theft phishing scams targeting bank and UPS customers. New this week was a run of very pornographic spam promoting a dating service with a very nasty name. Such websites are places where people have their credit or debit cards stolen, or where extremely hostile scripts are run against your browser, trying to infect your computer.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Dec 7 - 13, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for the week of Dec 7 - 13, 2009" »

Posted by Wiz at 3:46 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased 2% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week was for various unlicensed prescription drugs from China, plus weight loss, male enhancement and phishing scams. The rise in Male Enhancement scams follows a total decline that occurred a month ago, after the takedown of the Mega-D Botnet. The spammers using that Botnet have hired other Botnets to distribute their enlargement scams.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Nov 30 - Dec 6, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for the week of Nov 30 - Dec 6, 2009" »

Posted by Wiz at 4:11 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased 5% this week from last week's level. Furthermore, there has been a big drop in the number of male enhancement scam emails I have captured. This is almost entirely due to the hijacking and sinkholing of the Ozdok/Mega-D Botnet. That Botnet was taken down two weeks ago by the efforts of FireEye, a security firm that hijacked the Ozdok Bot command structure and redirected requests for updates from the zombies in the Botnet to a blackhole/sinkhole IP. They also notified all of the companies hosting the Command and Control servers used by the Botnet and those servers were all taken offline. This was all accomplished in a mere 24 hours, thanks to a lot of co-operation and investigative work. Unfortunately, those male enhancement spam emails are reappearing, so either Mega-D Botnet has been restored, or another Botnet is being used by the spammers promoting these fake, Chinese enhancement products.

Before the takedown, Mega-D was responsible for most of the World-wide plague of male enhancement spam messages, going back to at least 2007. Those are the messages promoting unreal enlargement results from various bogus pills and herbals.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week was for the fake Canadian Pharmacy and other unlicensed prescription drugs from China. Also, the Nigerian scammers were busy again last week, promoting their lottery scams, sent from various African countries.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).

See my extended comments for this week's breakdown of spam by category, for Nov 23 - 29, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for the week of Nov 23 - 29, 2009" »

Posted by Wiz at 3:53 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have decreased 1% this week from last week's level. Furthermore, there has been a big drop in the number of male enhancement scam emails I have captured. This is almost entirely due to the hijacking and sinkholing of the Ozdok/Mega-D Botnet. That Botnet was taken down last week by the efforts of FireEye, a security firm that hijacked the Ozdok Bot command structure and redirected requests for updates from the zombies in the Botnet to a blackhole/sinkhole IP. They also notified all of the companies hosting the Command and Control servers used by the Botnet and those servers were all taken offline. This was all accomplished in a mere 24 hours, thanks to a lot of co-operation and investigative work.

Before the takedown, Mega-D was responsible for most of the World-wide plague of male enhancement spam messages, going back to at least 2007 (or late 2006). Those are the messages promoting unreal enlargement results from various bogus pills and herbals.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week was for fake Viagra and other unlicensed prescription drugs from China. Not surprisingly, the Nigerian scammers were busy again last week, promoting their advance fee fraud 419 scams. 100% of all email coming to me, with African IPs in the headers, are 419 scams. I have a MailWasher Pro filter to detect and block African Senders.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details)

See my extended comments for this week's breakdown of spam by category, for Nov 16 - 22, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for the week of Nov 16 - 22, 2009" »

Posted by Wiz at 4:31 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

For the past few days I have discovered that a script, or person operating a server farm, at Ubiquity Server Solutions, is attempting to post spam trackbacks to my blog. I don't even allow trackbacks on my blog, for this very reason, yet, this spamming idiot keeps blasting away with his script, ignoring a constant flow of Server 403 (Forbidden) responses. The page that the spammer is trying to POST to is no longer on the blog database, having been deleted in the spring of 2006! So, he is wasting his time and amusing me as I look at all the IP addresses I can add to my Exploited Servers Blocklist.

In fact, I have discovered that this blog trackback spammer is using a server farm assigned to Ubiquity Server Solutions, in Seattle, Washington, USA. Their full assigned CIDR is 64.120.4.0/22, covering IPs ranging from 64.120.4.0 through 64.120.7.255. However, to be fair to this clueless hosting service, the spammer is rotating through a group of servers with IP addresses only in the range of 64.120.5.0 - 64.120.5.255. To minimize possible collateral damage to innocent hosting customers, I am only blocking the narrow range encompassed by the CIDR 64.120.5.0/24.

UPDATE
November 20, 2009

Ubiquity Servers is now hitting MovableType blogs with trackback spam exploit attempts from a different CIDR: 174.34.144.0/23. I have updated the evidence and blocklist rules below to include this new CIDR.

The evidence:

174.34.145.115 - - [19/Nov/2009:12:59:57 -0800] "POST /cgi-bin/mt/mt-tb.cgi/18 HTTP/1.0" 403 137 "-" "tbr/0.1.0"
174.34.145.117 - - [19/Nov/2009:15:16:17 -0800] "POST /cgi-bin/mt/mt-tb.cgi/18 HTTP/1.0" 403 137 "-" "tbr/0.1.0"

64.120.5.197 - - [18/Nov/2009:07:07:08 -0800] "POST /cgi-bin/mt/mt-tb.cgi/18 HTTP/1.0" 403 137 "-" "tbr/0.1.0"
64.120.5.241 - - [18/Nov/2009:07:12:57 -0800] "POST /blogs/2007/08/stupid_blog_trackback_spammers_dont_understa.html HTTP/1.0" 302 378 "-" "tbr/0.1.0"
64.120.5.246 - - [18/Nov/2009:07:32:26 -0800] "POST /cgi-bin/mt/mt-tb.cgi/18 HTTP/1.0" 403 137 "-" "tbr/0.1.0"
64.120.5.254 - - [18/Nov/2009:07:49:48 -0800] "POST /cgi-bin/mt/mt-tb.cgi/18 HTTP/1.0" 403 137 "-" "tbr/0.1.0"
64.120.5.236 - - [18/Nov/2009:08:22:27 -0800] "POST /cgi-bin/mt/mt-tb.cgi/18 HTTP/1.0" 403 137 "-" "tbr/0.1.0"
64.120.5.196 - - [18/Nov/2009:08:30:16 -0800] "POST /blogs/2007/08/stupid_blog_trackback_spammers_dont_understa.html HTTP/1.0" 302 378 "-" "tbr/0.1.0"
64.120.5.225 - - [18/Nov/2009:08:49:54 -0800] "POST /cgi-bin/mt/mt-tb.cgi/18 HTTP/1.0" 403 137 "-" "tbr/0.1.0"

Enough already! You will notice that the spammer is only attempting to POST to two items. One is identified as blog entry number 18, which dates back to May of 2006 and was deleted from my blog in early 2007. The other target of this hapless spammer is an article I wrote about "Stupid Blog Trackback Spammers"not understanding a 403 Forbidden response, when they try to post trackback comments to a blog that has all trackbacks and comments disabled! There are no trackbacks or comments allowed on my blog! Spammers cannot POST anything!

I find this amusing, but others who do allow trackbacks or comments may not be so amused by this a-hole, whom I previously may have traced to Romania. If your website is hosted on an Apache web server, you can serve him a steady diet of Server 403 Forbidden responses by blocking his IP CIDR and his user agent in your public web root .htaccess file, as demonstrated below.

Options +FollowSymLinks
RewriteEngine On
RewriteOptions inherit
RewriteBase /

RewriteCond %{HTTP_USER_AGENT} ^tbr/0\.1\.0$
RewriteRule .* - [F]

Details about the .htaccess file are found in my extended comments.

Continue reading "Block trackback spammer operating on Ubiquity Server Solutions" »

Posted by Wiz at 2:16 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.

Spam levels have increased 4% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week was for unlicensed prescription drugs from China, plus the usual male enhancement and fake pharmacy scams and counterfeit Viagra. Not ot be out-done, the Nigerian scammers were busy again last week, promoting their lottery scams. 100% of all email coming to me, with African IPs in the headers, are 419 scams.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

See my extended comments for this week's breakdown of spam by category, for Nov 9 - 15, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for the week of Nov 9 - 15, 2009" »

Posted by Wiz at 1:40 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam levels have decreased 6% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week was for knock-off (counterfeit) Chinese watches, male enhancement and fake pharmacy scams and counterfeit Viagra. Not ot be out-done, the Nigerian scammers were busy again last week, promoting their usual 419 and lottery scams. 100% of all email coming to me, with African IPs in the headers, are 419 scams.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

See my extended comments for this week's breakdown of spam by category, for Nov 2 - 8, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for the week of Nov 2 - 8, 2009" »

Posted by Wiz at 3:50 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam levels have decreased 3% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week was for knock-off (counterfeit) Chinese watches clothes and handbags, closely followed by male enhancement and fake pharmacy scams. Not ot be out-done, the Nigerian scammers were busy again last week, promoting their usual 419 and lottery scams.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

See my extended comments for this week's breakdown of spam by category, for Oct 26 - Nov 1, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for Oct 26 - Nov 1, 2009" »

Posted by Wiz at 3:45 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam levels have increased 4% this week, after two weeks in a row that spam levels had declined here. This might mean that the Bot Masters running spam Botnets may be sorting out problems maintaining their command and control (C&C) servers, used to reactivate their sleeping zombie computers (Almost all spam is now sent from "zombie" computers in spam Botnets).

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week was for Nigerian 419 advance fee fraud scams, counterfeit Viagra and other brand name knock-offs. There was also a resurgence in spam using Yahoo! Groups web pages, mostly for the fake "Canadian Pharmacy," so Yahoo! needs to set up some keyword filters to detect and take down these illicit pages. Many of the "Known Spam Domain" spamvertised pharmaceutical websites were domains ending in ".cn" - which is the designation for websites hosted in China. Coincidentally, these spam messages were usually promoting the fake Canadian Pharmacy sites. Spammers try to confuse their victims with .cn domain links, because actual Canadian websites end in .ca, which many people don't realize.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

See my extended comments for this week's breakdown of spam by category, for Oct 20 - 25, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for Oct 20 - 25, 2009" »

Posted by Wiz at 3:59 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam levels have decreased again this week, making two weeks in a row that spam levels have declined here. This might mean that the Bot Masters running spam Botnets may have problems maintaining their command and control (C&C) servers, used to reactivate their sleeping zombie computers (Almost all spam is now sent from "zombie" computers in spam Botnets). Or, maybe those zombie PCs have been disinfected or taken offline. Or, maybe they are putting most of their efforts into scams on social networking sites and server exploits.

However, Bot Herders and spammers don't give up easily. If they lose one Command and Control server they will hunt for another one, often in China or Eastern Europe. Once they get those hostile servers back online, with other spam friendly hosts, the zombies are awakened and we see lots more spam. If the Botnet loses zombies after a major cleanup, they will acquire more through compromised or hostile websites exploiting vulnerabilities in browsers and their plug-ins and add-ons.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week was for the fake Canadian Pharmacy and counterfeit watches and other "knock offs." There were also several Nigerian 419 advance fee fraud scams. Most spamvertised pharmaceutical websites were domains ending in ".cn" - which is the designation for websites hosted in China. Coincidentally, these spam messages were usually promoting the fake Canadian Pharmacy sites. Spammers try to confuse their victims with .cn domain links, because actual Canadian websites end in .ca, which many people don't realize.

Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

See my extended comments for this week's breakdown of spam by category, for Oct 12 - 18, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for Oct 12 - 18, 2009" »

Posted by Wiz at 1:36 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam levels have decreased a bit this week, after a significant increase last week.This might mean that the Bot Masters running spam Botnets may have problems maintaining their command and control (C&C) servers, used to reactivate their sleeping zombie computers. Or, maybe those zombie PCs have been disinfected or taken offline. Whatever the explanation, spam dropped this week.

Almost all spam is now sent from zombie computers in spam Botnets, under the control of Bot Masters who rent the use of their networks to spammers. Major changes in the overall volume of spam indicate problems or successes of the Bot Masters with command and control over their robotic armies of spamming PCs. Sometimes their command and control servers are shut down by the efforts of security organizations, forcing them to look for other spam-friendly hosting companies. Other times, Microsoft's monthly Windows Updates, featuring an updated MSRT, or other security products, will clean Bot infections from millions of zombie computers. When this happens the overall volume of spam drops, as it has this week.

However, Bot Herders don't give up easily. If they lose one Command and Control server they will hunt for another one, often in China or Eastern Europe. Once they get those hostile servers back online, with other spam friendly hosts, the zombies are awakened and we see lots more spam. If the Botnet loses zombies after a major cleanup, they will acquire more through compromised or hostile websites exploiting vulnerabilities in browsers and their plug-ins and add-ons.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week, especially the "Other Filters" and "Known Spam Domains" categories was for the fake Canadian Pharmacy, male enhancement scams and counterfeit Viagra. There was also some spam for counterfeit watches-handbags-software, and several Nigerian 419 advance fee fraud scams.

In case anybody doesn't already know, virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets. All email sender addresses are forged, so there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

See my extended comments for this week's breakdown of spam by category, for Oct 5 - 11, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for Oct 5 - 11, 2009" »

Posted by Wiz at 12:33 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam levels have increased again this week, after a significant decrease last week.This means that the Bot Masters running spam Botnets regained access to their command and control (C&C) servers, used to reactivate their sleeping zombie computers. Those zombie PCs are now sending out normal volumes of spam, as commanded by their Bot Masters. This will continue until the people hosting the C&C servers cut off the accounts, or get shut down by authorities.

Almost all spam is now sent from zombie computers in spam Botnets, under the control of Bot Masters who rent the use of their networks to spammers. Major changes in the overall volume of spam indicate problems or successes of the Bot Masters with command and control over their robotic armies of spamming PCs. Sometimes their command and control servers are shut down by the efforts of security organizations, forcing them to look for other spam-friendly hosting companies. Other times, Microsoft's monthly Windows Updates, featuring an updated MSRT, or other security products, will clean Bot infections from millions of zombie computers. When this happens the overall volume of spam drops, as it has this week.

However, Bot Herders don't give up easily. If they lose one Command and Control server they will hunt for another one, often in China or Eastern Europe. Once they get those hostile servers back online, with other spam friendly hosts, the zombies are awakened and we see lots more spam. If the Botnet loses zombies after a major cleanup, they will acquire more through compromised or hostile websites exploiting vulnerabilities in browsers and their plug-ins and add-ons.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week, especially the "Other Filters" "Known Spam Domains" and "Yahoo Groups Spam Link" categories, was for the fake Canadian Pharmacy, male enhancement scams and counterfeit Viagra. There was also some spam for counterfeit watches-handbags-software, phishing and weight loss scams.

In case anybody doesn't already know, virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets. All email sender addresses are forged, so there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

See my extended comments for this week's breakdown of spam by category, for Sept 28 - Oct 4, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for Sept 28 - Oct 4, 2009" »

Posted by Wiz at 1:57 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam levels have decreased for the first time in five weeks.This means that the Bot Masters running spam Botnets may only have intermittent access to their command and control (C&C) servers, used to reactivate their sleeping zombie computers. Those zombie PCs are now sending out medium volumes of spam, as commanded by their Bot Masters. This will continue until the people hosting the C&C servers cut off the accounts, or get shut down by authorities.

Almost all spam is now sent from zombie computers in spam Botnets, under the control of Bot Masters who rent the use of their networks to spammers. Major changes in the overall volume of spam indicate problems or successes of the Bot Masters with command and control over their robotic armies of spamming PCs. Sometimes their command and control servers are shut down by the efforts of security organizations, forcing them to look for other spam-friendly hosting companies. Other times, Microsoft's monthly Windows Updates, featuring an updated MSRT, or other security products, will clean Bot infections from millions of zombie computers. When this happens the overall volume of spam drops, as it has this week.

However, Bot Herders don't give up easily. If they lose one Command and Control server they will hunt for another one, often in China or Eastern Europe. Once they get those hostile servers back online, with other spam friendly hosts, the zombies are awakened and we see lots more spam. If the Botnet loses zombies after a major cleanup, they will acquire more through compromised or hostile websites exploiting vulnerabilities in browsers and their plug-ins and add-ons.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week, especially the "Other Filters" and "Yahoo Groups Spam Link" categories, was for the fake Canadian Pharmacy, male enhancement scams and counterfeit Viagra. There was also some spam for counterfeit watches, software, lottery, phishing and weight loss scams.

In case anybody doesn't already know, virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets. All email sender addresses are forged, so there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

See my extended comments for this week's breakdown of spam by category, for Sept 21 - 27, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for Sept 21 - 27, 2009" »

Posted by Wiz at 4:58 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam levels have increased for four weeks in a row.This means that the Bot Masters running spam Botnets have regained access to their command and control (C&C) servers, which have reactivated sleeping zombie computers. Those zombie PCs are now sending out large volumes of spam, as commanded by their Bot Masters. This will continue until the people hosting the C&C servers cut off the accounts, or get shut down by authorities.

Almost all spam is now sent from zombie computers in spam Botnets, under the control of Bot Masters who rent the use of their networks to spammers. Major changes in the overall volume of spam indicate problems or successes of the Bot Masters with command and control over their robotic armies of spamming PCs. Sometimes their command and control servers are shut down by the efforts of security organizations, forcing them to look for other spam-friendly hosting companies. Other times, Microsoft's monthly Windows Updates, featuring an updated MSRT, or other security products, will clean Bot infections from millions of zombie computers. When this happens the overall volume of spam drops, as it has this week.

However, Bot Herders don't give up easily. If they lose one Command and Control server they will hunt for another one, often in China or Eastern Europe. Once they get those hostile servers back online, with other spam friendly hosts, the zombies are awakened and we see lots more spam. If the Botnet loses zombies after a major cleanup, they will acquire more through compromised or hostile websites exploiting vulnerabilities in browsers and their plug-ins and add-ons.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week, especially the "Other Filters" and "Known Spam Domains" categories, was for the fake Canadian Pharmacy, male enhancement scams and counterfeit Viagra. There was also some spam for counterfeit watches and weight loss scams.

In case anybody doesn't already know, virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets. All email sender addresses are forged, so there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

See my extended comments for this week's breakdown of spam by category, for Sept 14 - 20, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for Sept 14 - 20, 2009" »

Posted by Wiz at 1:27 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam levels have increased for three weeks in a row.This means that the Bot Masters running spam Botnets have regained access to their command and control (C&C) servers, which have reactivated sleeping zombie computers. Those zombie PCs are now sending out large volumes of spam, as commanded by their Bot Masters. This will continue until the people hosting the C&C servers cut off the accounts, or get shut down by authorities.

Almost all spam is now sent from zombie computers in spam Botnets, under the control of Bot Masters who rent the use of their networks to spammers. Major changes in the overall volume of spam indicate problems or successes of the Bot Masters with command and control over their robotic armies of spamming PCs. Sometimes their command and control servers are shut down by the efforts of security organizations, forcing them to look for other spam-friendly hosting companies. Other times, Microsoft's monthly Windows Updates, featuring an updated MSRT, or other security products, will clean Bot infections from millions of zombie computers. When this happens the overall volume of spam drops, as it has this week.

However, Bot Herders don't give up easily. If they lose one Command and Control server they will hunt for another one, often in China or Eastern Europe. Once they get those hostile servers back online, with other spam friendly hosts, the zombies are awakened and we see lots more spam. If the Botnet loses zombies after a major cleanup, they will acquire more through compromised or hostile websites exploiting vulnerabilities in browsers and their plug-ins and add-ons.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week, especially the "Other Filters" and "Known Spam Domains" categories, was for male enhancement scams and fake Viagra. There was also a bunch of spam for illegal casinos and the fake Canadian Pharmacy.

In case anybody doesn't already know, virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets. All email sender addresses are forged, so there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

See my extended comments for this week's breakdown of spam by category, for Sept 7 - 13, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for Sept 7 - 13, 2009" »

Posted by Wiz at 1:57 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam levels have increased for two weeks in a row.This probably means that the Bot Masters running spam Botnets have regained access to their command and control servers, which have reactivated sleeping zombie computers. Those zombie PCs are now sending out large volumes of spam, as commanded by their Bot Masters.

Almost all spam is now sent from zombie computers in spam Botnets, under the control of Bot Masters who rent the use of their networks to spammers. Major changes in the overall volume of spam indicate problems or successes of the Bot Masters with command and control over their robotic armies of spamming PCs. Sometimes their command and control servers are shut down by the efforts of security organizations, forcing them to look for other spam-friendly hosting companies. Other times, Microsoft's monthly Windows Updates, featuring an updated MSRT, or other security products, will clean Bot infections from millions of zombie computers. When this happens the overall volume of spam drops, as it has this week.

However, Bot Herders don't give up easily. If they lose one Command and Control server they will hunt for another one, often in China or Eastern Europe. Once they get those hostile servers back online, with other spam friendly hosts, the zombies are awakened and we see lots more spam. If the Botnet loses zombies after a major cleanup, they will acquire more through compromised or hostile websites exploiting vulnerabilities in browsers and their plug-ins and add-ons.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week, especially the "Other Filters" and "Known Spam Domains" categories, was for male enhancement scams and fake Viagra. There was also a bunch of spam for illegal casinos and the fake Canadian Pharmacy.

In case anybody doesn't already know, virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets. All email sender addresses are forged, so there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

See my extended comments for this week's breakdown of spam by category, for Aug 31 - Sept 6, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for Aug 31 - Sept 6, 2009" »

Posted by Wiz at 2:34 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam levels have increased significantly after being unusually low for two weeks in a row.This probably means that the Bot Masters running spam Botnets have regained access to their command and control servers, which have reactivated sleeping zombie computers. Those zombie PCs are now sending out large volumes of spam, as commanded by their Bot Masters.

Almost all spam is now sent from zombie computers in spam Botnets, under the control of Bot Masters who rent the use of their networks to spammers. Major changes in the overall volume of spam indicate problems or successes of the Bot Masters with command and control over their robotic armies of spamming PCs. Sometimes their command and control servers are shut down by the efforts of security organizations, forcing them to look for other spam-friendly hosting companies. Other times, Microsoft's monthly Windows Updates, featuring an updated MSRT, or other security products, will clean Bot infections from millions of zombie computers. When this happens the overall volume of spam drops, as it has this week.

However, Bot Herders don't give up easily. If they lose one Command and Control server they will hunt for another one, often in China or Eastern Europe. Once they get those hostile servers back online, with other spam friendly hosts, the zombies are awakened and we see lots more spam. If the Botnet loses zombies after a major cleanup, they will acquire more through compromised or hostile websites exploiting vulnerabilities in browsers and their plug-ins and add-ons.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week, especially the "Known Spam Domains" category, was for male enhancement scams and fake Viagra. There was also a bunch of Nigerian lottery scams and counterfeit watches.

In case anybody doesn't already know, virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets. All email sender addresses are forged, so there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

See my extended comments for this week's breakdown of spam by category, for Aug 24 - 30, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for Aug 24 - 30, 2009" »

Posted by Wiz at 1:45 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Wow! spam levels have dropped significantly two weeks in a row! I received less than half the amount of spam messages from the previous few weeks. This probably means that the Bot Masters running spam Botnets have temporarily lost access to their command and control servers, or that the spammers who rent the use of those Bots have run low on cash, or are under arrest, or are laying low to avoid prosecution. I suspect the first explanation.

Almost all spam is now sent from zombie computers in spam Botnets, under the control of Bot Masters who rent the use of their networks to spammers. Major changes in the overall volume of spam indicate problems or successes of the Bot Masters with command and control over their robotic armies of spamming PCs. Sometimes their command and control servers are shut down by the efforts of security organizations, forcing them to look for other spam-friendly hosting companies. Other times, Microsoft's monthly Windows Updates, featuring an updated MSRT, or other security products, will clean Bot infections from millions of zombie computers. When this happens the overall volume of spam drops, as it has this week.

However, Bot Herders don't give up easily. If they lose one Command and Control server they will hunt for another one, often in China or Eastern Europe. Once they get those hostile servers back online, with other spam friendly hosts, the zombies are awakened and we see lots more spam. If the Botnet loses zombies after a major cleanup, they will acquire more through compromised or hostile websites exploiting vulnerabilities in browsers and their plug-ins and add-ons.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week, especially the "Known Spam Domains" category, was for male enhancement scams and fake Viagra. There was also a bunch of Nigerian lottery scams and counterfeit watches.

In case anybody doesn't already know, virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets. All email sender addresses are forged, so there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

See my extended comments for this week's breakdown of spam by category, for Aug 17 - 23, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for Aug 17 - 23, 2009" »

Posted by Wiz at 3:46 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Wow! spam levels have dropped significantly this week! I received about half the amount of spam messages from the previous few weeks. This could mean that the Bot Masters running spam Botnets have temporarily lost access to their command and control servers, or that the spammers who rent the use of those Bots have run low on cash, or are under arrest, or are laying low to avoid prosecution. I suspect the first explanation.

Almost all spam is now sent from zombie computers in spam Botnets, under the control of Bot Masters who rent the use of their networks to spammers. Major changes in the overall volume of spam indicate problems or successes of the Bot Masters with command and control over their robotic armies of spamming PCs. Sometimes their command and control servers are shut down by the efforts of security organizations, forcing them to look for other spam-friendly hosting companies. Other times, Microsoft's monthly Windows Updates, featuring an updated MSRT, or other security products, will clean Bot infections from millions of zombie computers. When this happens the overall volume of spam drops, as it has this week.

However, Bot Herders don't give up easily. If they lose one Command and Control server they will hunt for another one, often in China or Eastern Europe. Once they get those hostile servers back online, with other spam friendly hosts, the zombies are awakened and we see lots more spam. If the Botnet loses zombies after a major cleanup, they will acquire more through compromised or hostile websites exploiting vulnerabilities in browsers and their plug-ins and add-ons.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week, especially the "Known Spam Domains" category, was for male enhancement scams and fake Viagra. There was also a bunch of Nigerian 419 scams.

In case anybody doesn't already know, virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets. All email sender addresses are forged, so there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

See my extended comments for this week's breakdown of spam by category, for Aug 10 - 16, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for Aug 10 - 16, 2009" »

Posted by Wiz at 1:47 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

The volume of spam coming to my various honeypots and user accounts has declined very slightly, to 17%. Almost all spam is now sent from zombie computers in spam Botnets, under the control of Bot Masters who rent the use of their networks to spammers.Major changes in the overall volume of spam indicate problems or successes of the Bot Masters with command and control over their robotic armies of spamming PCs. Sometimes their command and control servers are shut down by the efforts of security organizations, forcing them to look for other spam-friendly hosting companies. When this happens the overall volume of spam drops. Once they get those hostile servers back online, with other hosts, the zombies are awakened and we see lots more spam.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week, especially the "Other Filters" category, was for male enhancement scams and the fake Canadian Pharmacy and other fake pharmacies. Next, was spam for pirated software and casinos.

In case anybody doesn't already know, virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets. All email sender addresses are forged, so there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."

See my extended comments for this week's breakdown of spam by category, for Aug 3 - 9, 2009 and the latest additions to my custom MailWasher Pro filters

Continue reading "My Spam analysis for Aug 3 - 9, 2009" »

Posted by Wiz at 2:29 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

The volume of spam coming to my various honeypots and user accounts has declined slightly, to 18%. Almost all spam is now sent from zombie computers in spam Botnets, under the control of Bot Masters who rent the use of their networks to spammers.Major changes in the overall volume of spam indicate problems or successes of the Bot Masters with command and control over their robotic armies of spamming PCs. Sometimes their command and control servers are shut down by the efforts of security organizations, forcing them to look for other spam-friendly hosting companies. When this happens the overall volume of spam drops. Once they get those hostile servers back online, with other hosts, the zombies are awakened and we see lots more spam.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week was for male enhancement scams and the fake Canadian Pharmacy, which sells illicit and counterfeit pharmaceuticals like Viagra, and is hosted on Botnetted PCs. Next, was spam for weight loss ripoffs and casinos.

See my extended comments for this week's breakdown of spam by category, for July 27 - Aug 2, 2009 and the latest additions to my custom MailWasher Pro filters

Continue reading "My Spam analysis for July 27 - Aug 2, 2009" »

Posted by Wiz at 1:55 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

The volume of spam coming to my various honeypots and user accounts has remained the same two weeks in a row, at 21%. This suggests to me that some of the Botnet owners have once again restored their Control and Command servers. This is a cat and mouse game, with criminals leasing servers for use a Botnet controllers and authorities or upstream providers shutting them down.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week was for male enhancement scams and the fake Canadian Pharmacy, which sells illicit and counterfeit pharmaceuticals like Viagra, and is hosted on Botnetted PCs. Next, was spam for weight loss ripoffs and casinos.

See my extended comments for this week's breakdown of spam by category, for July 20 - 26, 2009 and the latest additions to my custom MailWasher Pro filters

Continue reading "My Spam analysis for July 20 - 26, 2009" »

Posted by Wiz at 4:43 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

The volume of spam coming to my various honeypots and user accounts has increased markedly this week, after last week's decrease. This suggests to me that some of the Botnet owners have once again restored their Control and Command servers. This is a cat and mouse game, with criminals leasing servers for use a Botnet controllers and authorities or upstream providers shutting them down.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week was for the fake Canadian Pharmacy, which sells illicit and counterfeit pharmaceuticals like Viagra, and is hosted on Botnetted PCs. Next, was male enhancement scams, weight loss ripoffs, casinos and some Nigerian 419 scams.

See my extended comments for this week's breakdown of spam by category, for July 13 - 19, 2009 and the latest additions to my custom MailWasher Pro filters

Continue reading "My Spam analysis for July 13 - 19, 2009" »

Posted by Wiz at 1:44 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

The volume of spam coming to my various honeypots and user accounts has decreased slightly this week, after several weeks of increases. This suggests to me that some of the Botnets have once again lost their Control and Command servers, following the recent forced shutdown of colocation host Pricewert. Pricewert hosting customers included several Botnet Command and Control servers. Spammers found other hosts, but appear to be having trouble maintaining them.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week was for the fake Canadian Pharmacy, which sells illicit and counterfeit pharmaceuticals like Viagra, weight loss ripoffs and pirated software. There was even some casino spam last week.

See my extended comments for this week's breakdown of spam by category, for July 6 - 12, 2009 and the latest additions to my custom MailWasher Pro filters

Continue reading "My Spam analysis for July 6 - 12, 2009" »

Posted by Wiz at 12:00 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

The volume of spam coming to my various honeypots and user accounts has increased slightly again this week. This indicates to me that some of the Botnets that lost their Control and Command servers following the forced shutdown of colocation host Pricewert have found other server hosts that allow illegal activities. Thus, sleeping zombie bots are awakening and spamming again.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week was for various fake pharmacies, which sell illicit and counterfeit pharmaceuticals like Viagra, weight loss scams and phishing scams.

See my extended comments for this week's breakdown of spam by category, for June 29 - July 5, 2009 and the latest additions to my custom MailWasher Pro filters

Continue reading "My Spam analysis for June 29 - July 5, 2009" »

Posted by Wiz at 2:24 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Today I received an unusual phishing scam that I traced to Lagos, Nigeria. It is disguised as an urgent message from the Windows Live Team, to all Hotmail subscribers. The subject was: "LAST WARNING (ACCOUNT ALERT)" - in all capital letters - as is typical of Nigerian 419 scammers. The email claims that Hotmail is overloaded with free user accounts and must prune unused accounts to free up resources. What a bunch of hooey! Anyway, the intended victim is asked for his or her Hotmail address and password (Microsoft already knows this), date of birth (why would Microsoft need that?) and your location. The details are supposed to be filled out in the enclosed form and submitted to the scammers.

This is a phishing scam looking to steal active Hotmail accounts for use as spam sending zombies, using Hotmail's good reputation to avoid email sender blockades. The phished date of birth information can be crosschecked against other stolen or looked up details about you, or they can read your personal details saved in your Hotmail account profile, to perform identity theft. This information would then be sold to more advanced cyber criminals.

The scam email I received today was sent from the IP address 62.173.55.107 which is part of the CIDR 62.173.32.0/19, which covers all IPs between 62.173.32.0 and 62.173.63.255. This CIDR is registered to ipNX Nigeria Limited, in Lagos, NG.

I discuss methods of preventing these Nigerian scam emails from reaching your desktop email clients, or forum members, in my extended comments.

Continue reading "New Nigerian phishing scam targets Hotmail users" »

Posted by Wiz at 5:13 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

The volume of spam coming to my various honeypots and user accounts has increased slightly this week. This indicates to me that some of the Botnets that lost their Control and Command servers following the forced shutdown of colocation host Pricewert have found other server hosts that allow illegal activities. Thus, sleeping zombie bots are awakening and spamming again.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week was for various fake pharmacies, which sell illicit and counterfeit pharmaceuticals like Viagra, weight loss scams and phishing scams.

See my extended comments for this week's breakdown of spam by category, for June 22 - 28, 2009 and the latest additions to my custom MailWasher Pro filters

Continue reading "My Spam analysis for June 22 - 28, 2009" »

Posted by Wiz at 1:33 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Here is a summary of this week's vulnerabilities and exploits in the wild, as reported by Secunia, Websense and other security firms. Actually, this has been a quieter week than most.

Websense has been following a website code injection event they named the "Nine Ball Mass Injection," which is a follow-up to the "Beladen" and "Gumblar" mass injection attacks last month This is a situation where cyber criminals exploit vulnerable web application scripts that have not been secured by the webmasters who operate those websites. Too many webmasters use free scripts that are rarely, if ever updated to patch announced vulnerabilities. Hackers send out automatic scripts (a.k.a. robots, spiders) that try to upload hostile files to any website they come across. Once they find an unpatched point of entry they are able to alter the codes on any web pages (usually the home page) they want. In the past, hackers would deface home pages with gibberish or slogans for their causes. Now, it is criminals who sneak in dangerous hidden codes that redirect innocent visitors to hostile websites, where malware is attempted to be downloaded to the victims' computers. Most are successful, because most people do not, or cannot keep up with patches released by every vendor of the add-ons and plug-ins used by their browsers.

Most of the malware being downloaded by the Nine Ball and similar exploits is fake security applications that pretend to scan you computer, announce so many threats found, then demand payment to remove those threats. These are tandem malware programs, with part one being the fake alerts and part two being the fake remover. After you pay to unlock the remover, it only removes the alerts its sister placed there in the first place. You will have submitted your credit or debit card information to cyber criminals in the Former Soviet Union and can expect to have your accounts drained shortly.

The rest of this weeks vulnerabilities and exploits are in my extended comments.

Continue reading "Weekly roundup of vulnerabilities and exploits in the wild" »

Posted by Wiz at 2:42 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

The volume of spam coming to my various honeypots and user accounts has decreased again this week. This is probably attributable to the forced closure of Pricewert, a spam-friendly hosting company, where Botnet command and control (C&am;C) servers and malware hosting was carried out by its customers, with no action taken by the company to halt those activities. With the C&C controllers offline their Botnets cannot receive updates or new instructions and fall silent, like zombies. Spammers then find other means of delivering their crap to us.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the fake pharmacies, which sell illicit and counterfeit pharmaceuticals, Nigerian 419 scams, and dating scams. Also, the volume of phishing scams targeting customers of various banks and credit cards remained strong again this week.

See my extended comments for this week's breakdown of spam by category, for June 15 - 21, 2009 and the latest additions to my custom MailWasher Pro filters

Continue reading "My Spam analysis for June 15 - 21, 2009" »

Posted by Wiz at 4:29 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam, spam, spam, spam, spam, spam, spam (from the old Monty Python routine)! The volume of spam coming to my various honeypots and user accounts has held steady this week, still at a relatively low volume (some spammers do prune honeypot accounts from their lists). Some of this is also attributable to the forced closure of Pricewert, a spam-friendly hosting company, where Botnet command and control servers and malware hosting was carried out by its customers, with no action taken by the company to halt those activities.

The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the fake pharmacies, which sell illicit and counterfeit pharmaceuticals, Nigerian 419 scams, fake Cialis and Viagra. Also, the volume of phishing scams targeting customers of various Australian banks and credit card holders remained in the running this week.

See my extended comments for this week's breakdown of spam by category, for June 8 - 14, 2009 and the latest additions to my custom MailWasher Pro filters

Continue reading "My Spam analysis for June 8 - 14, 2009" »

Posted by Wiz at 12:42 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam, spam, spam, spam, spam, spam, spam (from the old Monty Python routine)! The volume of spam coming to my various honeypots and user accounts has held steady this week, still at a relatively low volume (some spammers do prune honeypot accounts from their lists). The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the fake pharmacies, which sell illicit and counterfeit pharmaceuticals, Nigerian 419 and lottery scams, Cialis and Viagra. Also, the volume of phishing scams targeting customers of various Australian banks and credit card holders remained steady this week.

See my extended comments for this week's breakdown of spam by category, for June 1 - 7, 2009 and the latest additions to my custom MailWasher Pro filters

Continue reading "My Spam analysis for June 1 - 7, 2009" »

Posted by Wiz at 4:05 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

The volume of spam coming to my various honeypots and user accounts has been steadily increasing over the past month. This is due to the activity of various wounded spam Botnets coming back to life (after the takedown of McColo), or new ones like the Russian Cutwail Botnet, being pressed into service. The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the fake Canadian Pharmacy, which sells illicit and counterfeit pharmaceuticals, Nigerian 419 scams, fake watches and Viagra, "stud" tips and male enhancement scams (same websites). I also saw an increase in Australian banking phishing scams this week.

See my extended comments for this week's breakdown of spam by category, for May 25 - 31, 2009 and the latest additions to my custom MailWasher Pro filters

Continue reading "My Spam analysis for May 25 - 31, 2009" »

Posted by Wiz at 3:47 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

I am still seeing a greatly reduced amount of spam, possibly due to me being white-listed by spammers, trying to avoid my honeypots, or because of troubles spammers might be having controlling their Botnets. Nonetheless, the types of spam I am getting are most likely the same types you are getting, just in a different quantity. The classifications can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the fake Canadian Pharmacy, which sells illicit and counterfeit pharmaceuticals, spam for unsubstantiated Acai Berry weight loss remedies and the usual male and female enhancement scams. I also saw an increase in bank Phishing scams this week.

See my extended comments for this week's breakdown of spam by category, for May 18 - 24, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for May 18 - 24, 2009" »

Posted by Wiz at 3:09 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

I am still seeing a greatly reduced amount of spam, possibly due to me being white-listed by spammers, trying to avoid my honeypots, or because of troubles spammers might be having controlling their Botnets. Nonetheless, the types of spam I am getting are most likely the same types you are getting, just in a different quantity. The classifications can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the offshore knockoff pharmaceuticals, like Viagra, bogus weight loss remedies and male enhancement scams. Other classifications, like Blocked Countries, usually include counterfeit drug promotions, sometimes in embedded images, or in vertical text and html tricks.

See my extended comments for this week's breakdown of spam by category, for May 11 - 17, 2009 and the latest additions to my custom MailWasher Pro filters.

Continue reading "My Spam analysis for May 11 - 17, 2009" »

Posted by Wiz at 4:07 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Takeaway

This is a technical article about securing a Perl "FormMail" script against spammers who attempt to hijack these scripts for use as spam relays. For those not in the know, FormMail, written in the "Perl" scripting language, is one of the original mailer scripts freely available for general use on websites. It is used by millions of webmasters to send email from a web page form. However, unbeknown to many webmasters, older versions of FormMail are totally insecure and can be exploited as spam relays.

History of FormMail

The original version of FormMail was written in 1995 by Matt Wright and was made available for free on his website: Matt's Script Archive. Unfortunately, the early versions of his FormMail script were very insecure and easily turned into spam relays. This fact was seized upon in 2002 by spammers who used bots to scour websites in search of these exploitable scripts, by name or variations thereof. In response, on April 19, 2002, Matt rewrote his FormMail script to secure it better and released it as version 1.91. This was to become the final version of Matt's FormMail. It remains mostly insecure to this day, yet is in use by website owners around the World who haven't learned about the exploits targeting FormMail.

Several years ago I wrote an in depth web article describing the vulnerabilities in Matt's FormMail, partially titled: FormMail Security Vulnerabilities and Solutions, in which I also recommended a drop in secure replacement script known as NMS FormMail, which was developed by a group of calling themselves the London Perl Mongers. My article is still a valuable resource and will bring most webmasters up to speed on what they need to do to protect their websites from FormMail exploiters. Following my recommendations will certainly help to secure any FormMail scripts you may be using. It will also protect your email account(s) from being harvested by creating alias numbers for them, in NMS FormMail, instead of using plain text addresses to submit to. But, there's more you can do that wasn't covered in my original article.

Securing FormMail - 101

One of my recommendations was renaming your FormMail script to something other than its default spelling: formmail.pl. While this makes it a little harder to locate the script for hostile bots it is useless at protecting it against human spammers. All they need to do is to read the source code of your contact, or feedback pages to get the name of the script that processes your forms and mails comments to you. Then they can go after that script by its new name to try to exploit it for use as a spam relay. If it really is an insecure version of Matt's FormMail it will be used as a spam relay! If you are running your website on an Apache web server, as most of us are, there are special codes, called Mod_Rewrite Directives, that can be applied to a particular server file named .htaccess to completely hide the name of the renamed script, protecting it from being used as a spam relay. If you are allowed to add these directives you can make your FormMail script invisible to spammers.

Read the rest of the details in my extended comments.

Continue reading "Securing FormMail scripts against spambots" »

Posted by Wiz at 2:15 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

I am still seeing a greatly reduced amount of spam, possibly due to me being white-listed by spammers, trying to avoid my honeypots, or because of troubles spammers might be having controlling their Botnets. Nonetheless, the types of spam I am getting are most likely the same types you are getting, just in a different quantity. The classifications can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the offshore knockoff pharmaceuticals, bogus weight loss remedies, male enhancement scams and Nigerian 419 advance fee fraud scams and phishing scams. Other classifications, like Blocked Countries, usually include counterfeit drug promotions, sometimes in embedded images, or in vertical text and html tricks.

MailWasher Pro spam category breakdown for May 3 - 10, 2009. Spam amounted to 15% of my incoming email this week. This represents a 6% increase from last week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

To protect your computer from malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security.

Continue reading "My Spam analysis for May 3 - 10, 2009" »

Posted by Wiz at 3:10 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

I am seeing a greatly reduced amount of spam, possibly due to me being white-listed by spammers, trying to avoid my honeypots, or because of troubles spammers might be having controlling their Botnets. Nonetheless, the types of spam I am getting are most likely the same types you are getting, just in a different quantity. The classifications can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the fake watches, male enhancement junk and Nigerian 419 advance fee fraud scams. Other classifications, like Blocked Countries, usually include counterfeit drug promotions, sometimes in embedded images, or in vertical text and html tricks.

MailWasher Pro spam category breakdown for April 27 - May 2, 2009. Spam amounted to 9% of my incoming email this week. This represents a 2% decrease from last week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

To protect your computer from malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security.

Continue reading "My Spam analysis for April 27 - May 2, 2009" »

Posted by Wiz at 2:58 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule. These particular spam messages are sent from a Botnet that has fallen silent for some reason; possibly due to large-scale disinfection (e.g: by the Microsoft Malicious Software Removal Tool), or takedowns of command and control servers used by that Botnet (see takedown of McColo).

I am seeing a greatly reduced amount of spam, possibly due to me being white-listed by spammers, trying to avoid my honeypots, or because of troubles spammers might be having controlling their Botnets. Nonetheless, the types of spam I am getting are most likely the same types you are getting, just in a different quantity. The classifications can help you adjust your email filters according to what is most common, on a weekly basis. Much of the spam this week was for the fake "Canadian Pharmacy" and Nigerian 419 advance fee fraud and money laundering scams. Other classifications, like Blocked Countries, usually include counterfeit drug promotions, sometimes in embedded images, or in vertical text and html tricks.

MailWasher Pro spam category breakdown for April 20 - 26, 2009. Spam amounted to 7% of my incoming email this week. This represents a 1% decrease from last week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

To protect your computer from malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security.

Continue reading "My Spam analysis for April 20 - 26, 2009" »

Posted by Wiz at 1:30 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule.

I am seeing a greatly reduced amount of spam, possibly due to me being white-listed by spammers, trying to avoid my honeypots. Nonetheless, the types of spam I am getting are most likely the same types you are getting, just in a different quantity. The classifications can help you adjust your email filters according to what is most common, on a weekly basis. The majority of spam this week was for male enhancement scams (all such products are fake) and Nigerian 419 advance fee fraud scams.

MailWasher Pro spam category breakdown for April 13 - 19, 2009. Spam amounted to 8% of my incoming email this week. This represents a 1% decrease from last week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

To protect your computer from malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security.

Continue reading "My Spam analysis for April 13 - 19, 2009" »

Posted by Wiz at 2:47 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule.

I am seeing a greatly reduced amount of spam, possibly due to me being white-listed by spammers, trying to avoid my honeypots. Nonetheless, the types of spam I am getting are most likely the same types you are getting, just in a different quantity. The classifications can help you adjust your email filters according to what is most common, on a weekly basis.

MailWasher Pro spam category breakdown for April 6 - 12, 2009. Spam amounted to 9% of my incoming email this week. This represents a 3% increase from last week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

To protect your computer from malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security.

Continue reading "My Spam analysis for April 6 - 12, 2009" »

Posted by Wiz at 2:33 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule.

I am seeing a greatly reduced amount of spam, possibly due to me being white-listed by spammers, trying to avoid my honeypots. Nonetheless, the types of spam I am getting are most likely the same types you are getting, just in a different quantity. The classifications can help you adjust your email filters according to what is most common, on a weekly basis.

MailWasher Pro spam category breakdown for March 30 - April 5, 2009. Spam amounted to 6% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

To protect your computer from malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security.

Continue reading "My Spam analysis for March 30 - April 5, 2009" »

Posted by Wiz at 4:39 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam (to my honeypot accounts) is still way down from last fall, thanks to the efforts of security companies, who have tirelessly pursued the server colocation facilities used by spammers to command and control spam-sending Botnets and then shut them down or get spam accounts terminated. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, my spam count has been slowly increasing since the third week of January, 2009. This may be by design, as spammers are known to occasionally whitelist honeypot email accounts, to avoid detection.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule.

MailWasher Pro spam category breakdown for March 23 - 29, 2009. Spam amounted to 8% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for March 23 - 29, 2009" »

Posted by Wiz at 4:10 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam (to my honeypot accounts) is still way down from last fall, thanks to the efforts of security companies, who have tirelessly pursued the server colocation facilities used by spammers to command and control spam-sending Botnets and then shut them down or get spam accounts terminated. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, my spam count has been slowly increasing since the third week of January, 2009. This may be by design, as spammers are known to occasionally whitelist honeypot email accounts, to avoid detection.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule.

MailWasher Pro spam category breakdown for March 16 - 22, 2009. Spam amounted to 8% of my incoming email this week. This represents a 3% decrease from last week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for March 16 - 22, 2009" »

Posted by Wiz at 3:21 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam is still way down from last fall, thanks to the efforts of security companies, who have tirelessly pursued the server colocation facilities used by spammers to command and control spam-sending Botnets and then shut them down or get spam accounts terminated. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, my spam count has been slowly increasing since the third week of January, 2009.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. These two blacklist rules caught over 22% of this week's spam. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule.

MailWasher Pro spam category breakdown for March 9 - 15, 2009. Spam amounted to 11% of my incoming email this week. This represents a 1% decrease from last week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for March 9 - 15, 2009" »

Posted by Wiz at 11:35 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam is still way down from last fall, thanks to the efforts of security companies, who have tirelessly pursued the server colocation facilities used by spammers to command and control spam-sending Botnets and then shut them down or get spam accounts terminated. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, my spam count has been slowly increasing since the third week of January, 2009.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. These two blacklist rules caught over 22% of this week's spam. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule.

MailWasher Pro spam category breakdown for March 2 - 8, 2009. Spam amounted to 12% of my incoming email this week. This represents a 6% decrease from last week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for March 2 - 8, 2009" »

Posted by Wiz at 4:05 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam is still way down from last fall, thanks to the efforts of security companies, who have tirelessly pursued the server colocation facilities used by spammers to command and control spam-sending Botnets and then shut them down or get spam accounts terminated. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, my spam count has been slowly increasing since the third week of January, 2009.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. These two blacklist rules caught over 22% of this week's spam. The interesting fact about those two rules is that the same forged domain name prefix is used on both sides of the @ symbol. So, if you see an incoming email with a sender listed as kefsomedomaindiz@somedomain.com it will match that rule.

MailWasher Pro spam category breakdown for Feb 23 - Mar 1, 2009. Spam amounted to 18% of my incoming email this week. This represents a 2% increase from last week. The Botnets are coming back to life.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft/Windows Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Feb 23 - Mar 1, 2009" »

Posted by Wiz at 3:48 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam is still way down from last fall, thanks to the efforts of researchers in the security field. Starting with the takedown of the colocation facility McColo, on November 11, 2008, levels of incoming messages MailWasher identified as spam have dropped dramatically. That company provided hosting space and maintenance for privately owned servers that were used by spammers to command and control spam-sending Botnets. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, my spam count has been slowly increasing since the third week of January, 2009.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. These two blacklist rules caught over 22% of this week's spam.

MailWasher Pro spam category breakdown for Feb 16 - 22, 2009. Spam amounted to 16% of my incoming email this week. This represents a 6% increase from last week. The Botnets are coming back to life.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Feb 16 - 22, 2009" »

Posted by Wiz at 3:29 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Spam is still way down from last fall, thanks to the efforts of researchers in the security field. Starting with the takedown of the colocation facility McColo, on November 11, 2008, levels of incoming messages MailWasher identified as spam have dropped dramatically. That company provided hosting space and maintenance for privately owned servers that were used by spammers to command and control spam-sending Botnets. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, my spam count has been increasing at the rate of about 1% per week, since the third week of January, 2009.

If you use MailWasher Pro you can enable the Blacklist function and add some pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. These two blacklist rules caught 5% of this week's spam. This is way down from last week when those two filters stopped 1/3 of all the incoming spam. Another Botnet must have gone offline.

MailWasher Pro spam category breakdown for Feb 9 - 15, 2009. Spam amounted to only 10% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the sometimes huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Feb 9 - 15, 2009" »

Posted by Wiz at 4:00 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

After three months of reduced spam volumes I am now seeing a sudden resurgence, especially in the form of the fake Canadian Pharmacy, unapproved Asian made Viagra and various male enhancement pills, strips and patches. All of this spam, like all spam from the year before, is sent via compromised Windows computers which have been unknowingly recruited in spam Botnets. These Botnets are commanded and controlled by criminals in Eastern Europe (in the former Soviet Union) and other places where authorities tend to turn a blind eye to cyber criminal activities.

It is difficult to know which Botnet is sending out this new round of pharmacy spam without capturing a Bot and logging its actions and reading its spam templates, but this has all the earmarks of the Mega-D Botnet (speculation). Mega-D, otherwise know as Ozdok, was one of the most prolific Botnets still running after the takedown of the McColo Corp. spam control and command servers, on November 11, 2008. The majority of the colocation servers in that facility were used for illegal activities, including command and control of several Botnets. It was the first to re-emerge and resume spamming and is very likely responsible for the current resurgence I saw yesterday and today. If not, it is a similar Botnet, being rented out to spammers (the Bot Masters usually rent portions of their Botnets to spammers, rather than doing any spamming themselves).

I didn't write my usual Sunday spam report this week, because the amount of spam for the week of February 2 - 8, 2009 was ridiculously low (around 7%) and only encompassed four categories, as defined by my MailWasher Pro custom filter rules. Still, a pattern was developing an I can now report on it. Maybe this will help others in identifying the Botnet behind this recent spam run. Most of the spam coming in from February 8 through 11 is identified by my "Hidden ISO or ASCII Subject" filter. The emails sent to English speaking North American inboxes do not require any ISO or ASCII codes to be read by the recipients, as long as the Subjects are typed in English. However, messages composed in European locations, or in Asia, by non-English speakers might require this code to become readable at various destinations. They can tailor the ISO code to display the spam subject in the language of the desired recipient country. This is what has been going on since the Mega-D Botnet emerged in late November, 2008.

For you folks who use MailWasher Pro to filter out spam and aren't using my custom filters already can apply the following filter to detect and either flag, or auto-delete any spam containing a hidden ISO subject. The following code must only occupy one long line and goes into your filters.txt file, located in your logged in identity's %AppData%\MailWasherPro folder. Note, that you must close MailWasher before editing filters.txt, save the changes, then reopen the program.

[enabled],"Hidden ISO Subject","Hidden ISO or Ascii Subject",16711680,OR,Delete,Automatic,EntireHeader,containsRE,^Subject:[^\n]*?=?ISO-8859-[^\n]*?\n,EntireHeader,contains,"Subject: =?us-ascii?",EntireHeader,contains,"Subject: =?windows-1251?B?",EntireHeader,contains,"Subject: =?gb2312?B?"

If you don't trust the accuracy of my filter you should remove the word: Automatic, from the rule. This will cause the rule to only flag such messages as spam, matching the Hidden ISO rule, with a checkmark in the Delete column, in MailWasher Pro.

Continue reading "Return of the Botnets- Spam is on the rise again" »

Posted by Wiz at 3:48 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Wow! Spam is down for another week, thanks to the efforts of some of our colleagues in the security field. Starting with the takedown of the colocation facility McColo, on November 11, 2008, levels of incoming messages MailWasher identified as spam have dropped dramatically. That company provided hosting space and maintenance for privately owned servers that were used by spammers to command and control spam-sending Botnets. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, I suspect that a huge new Botnet is currently being assembled, via the Conficker/Downadup Worm. More about this emerging threat will be in a forthcoming article.

Once again, with the main command and control servers being partially or fully offline, I urge all Windows computer owners and sys admins to install security applications that are capable of detecting SpamBot activity. Please do yourself a favor and protect your PCs against Bots with Norton AntiBot, or Trend Micro's free program called RUBotted.

Some of the top rated Internet security products now contain Bot detections and prevention components. These in include Symantec and Trend Micro Internet Security Suites. I wrote a blog article about detecting and removing Bots in December, 2008. You can also visit Microsoft's download center and grab a current copy of the Malicious Software Removal Tool and let it scan your computer for malware and Bots. It will remove any threats listed in the tool's database, which now include the widespread Conflicker/Downadup Worm. Microsoft has been at war with Botnets since September 2007 (when they took down much of the Storm Botnet) and has made a huge dent in their numbers. This tool is totally free and is updated once a month. It is regularly released on Patch Tuesdays.

Note, that I have re-enabled my pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. These two blacklist rules alone caught 33% of this week's spam!

MailWasher Pro spam category breakdown for Jan 19 - Feb 1, 2009. Spam amounted to a measly 9% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Jan 19 - Feb 1, 2009" »

Posted by Wiz at 12:05 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Wow! Spam is down for another week, thanks to the efforts of some of our colleagues in the security field. Starting with the takedown of the colocation facility McColo, on November 11, 2008, levels of incoming messages MailWasher identified as spam have dropped dramatically. That company provided hosting space and maintenance for privately owned servers that were used by spammers to command and control spam-sending Botnets. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, I suspect that a huge new Botnet is currently being assembled, via the Conficker/Downadup Worm. More about this emerging threat will be in a forthcoming article.

Once again, with the main command and control servers being partially or fully offline, I urge all Windows computer owners and sys admins to install security applications that are capable of detecting SpamBot activity. Please do yourself a favor and protect your PCs against Bots with Norton AntiBot, or Trend Micro's free program called RUBotted.

Some of the top rated Internet security products now contain Bot detections and prevention components. These in include Symantec and Trend Micro Internet Security Suites. I wrote a blog article about detecting and removing Bots in December, 2008. You can also visit Microsoft's download center and grab a current copy of the Malicious Software Removal Tool and let it scan your computer for malware and Bots. It will remove any threats listed in the tool's database, which now include the widespread Conflicker/Downadup Worm. Microsoft has been at war with Botnets since September 2007 (when they took down much of the Storm Botnet) and has made a huge dent in their numbers. This tool is totally free and is updated once a month. It is regularly released on Patch Tuesdays.

Note, that I have re-enabled my pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. These two blacklist rules alone caught 52% of this week's spam!

MailWasher Pro spam category breakdown for Jan 19 - 25, 2009. Spam amounted to 22% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Jan 19 - 25, 2009" »

Posted by Wiz at 2:13 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Wow! Spam is down for another week, thanks to the efforts of some of our colleagues in the security field. Starting with the takedown of the colocation facility McColo, on November 11, 2008, levels of incoming messages MailWasher identified as spam have dropped dramatically. That company provided hosting space and maintenance for privately owned servers that were used by spammers to command and control spam-sending Botnets. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, I suspect that a huge new Botnet is currently being assembled, via the Conficker/Downadup Worm. More about this emerging threat will be in a forthcoming article.

Once again, with the main command and control servers being partially or fully offline, I urge all Windows computer owners and sys admins to install security applications that are capable of detecting SpamBot activity. Please do yourself a favor and protect your PCs against Bots with Norton AntiBot, or Trend Micro's free program called RUBotted.

Some of the top rated Internet security products now contain Bot detections and prevention components. These in include Symantec and Trend Micro Internet Security Suites. I wrote a blog article about detecting and removing Bots in December, 2008. You can also visit Microsoft's download center and grab a current copy of the Malicious Software Removal Tool and let it scan your computer for malware and Bots. It will remove any threats listed in the tool's database, which now include the widespread Conflicker/Downadup Worm. Microsoft has been at war with Botnets since September 2007 (when they took down much of the Storm Botnet) and has made a huge dent in their numbers. This tool is totally free and is updated once a month. It is regularly released on Patch Tuesdays.

Note, that I have re-enabled my pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. These two blacklist rules caught 26% of this week's spam!

MailWasher Pro spam category breakdown for Jan 12 - 18, 2009. Spam amounted to 24% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Jan 12 - 18, 2009" »

Posted by Wiz at 3:13 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Spam Spam Spam Spam Spam Spam Spam! That repetition of the word Spam comes from a comedy routine by Monty Python's Flying Circus, in 1970. They were referring to the canned cooked ham products that have been marketed by Hormel Foods since 1937. While canned Spam is still very much alive and well, so is another kind of so-called spam; unsolicited commercial email (UCE). This is the crap that contaminates email inboxes with all manner of junk promotions for fake pharmacies, counterfeit watches, pirated software, junk stocks, fake Viagra, bogus male enhancement products, fake diplomas, phishing scams, bogus loans and Nigerian 419 financial and lottery fraud scams. We call junk email spam, based on the Monty Python skit that abused the word by repeating it over and over again, to the point that it becomes obnoxious.

There are quite a few different types of email spam and my Spam Analysis articles categorize them according to what junk they are promoting. To do this I use a commercial email-screening program named MailWasher Pro. MailWasher Pro uses a combination of user configurable filters, blacklists, and a Bayesian learning filter to identify what the users of the program consider to be unwanted spam email. Once messages are identified as spam they are deleted manually or automatically, based on the users' preferences (I prefer automatic deletion). Normally, MailWasher identifies three categories of email: Friends, Known Spam (via a subscription service called FirstAlert!) and Blacklist. However, because the program allows users to create their own filter rules, it can label and categorize many different types of spam messages. I have created many custom MailWasher Pro filters to categorize and delete spam and I use the "Statistics" reports each weekend to share my findings with the rest of the World. You can learn more about MailWasher Pro here.

This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.

Note, that the small percentage of reported spam is a recent development that began on November 11, 2008, with the takedown of the McColo server colocation hosting company. This company was allegedly turning a blind eye to illegal activities being conducted by spammers using servers hosted at the McColo facilities. Many of those servers were used by criminals to command and control the Botnets they owned. The compromised computers in those Botnets are used as zombie agents to send spam, scam and phishing emails, to launch DDoS attacks and to host hostile websites, all without the knowledge of the owners of those PCs. Please do us all a favor and protect your PC against Bots!

MailWasher Pro spam category breakdown for Jan 5 - 11, 2009. Spam amounted to 12% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Jan 5 - 11, 2009" »

Posted by Wiz at 1:31 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

If you are reading this you have a computer, or smart phone. If you have a computer or smart phone you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages. While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

The overall volume of spam hitting my filters has dropped to very low levels not seen in years. This is due to the problems that Russian cyber criminals are having finding hosts for the servers used to issue command and control signals to their Botnets. This is a fluid situation, with spammers finding temporary hosts who come under pressure from security companies then terminate their connectivity. This has been going on since November 11, 2008. Currently, most spam is being sent via the resurrected Mega-D Botnet, which is famous for male enhancement spam.

Regarding the slowdown in Botnet sent spam, I keep a daily log and Monday, December 29 was the heaviest spam day, seconded by Friday, January 2. Obviously, the Russian Bot Masters are having a difficult time controlling or maintaining their zombie spambots and command and control servers.

The most prominent types of spam categorized this week were for imitations of brand name watches, followed by various pharmaceuticals, including Viagra from fake Internet pharmacies, bogus male enhancement crap, pirated software and some fake diploma spam. Many of these types of spam were caught by my Sender's Blacklist rules, like lin+met@+.de or kef+diz@+, thus, the Blacklist category usually rates fairly high in the results (when I active it).

MailWasher Pro spam category breakdown for December 29, 2008 - January 4, 2009. Spam amounted to 19% of my incoming email this week, with just 30 spam messages analyzed.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Dec 29, 2008 - Jan 4, 2009" »

Posted by Wiz at 4:38 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

The overall volume of spam hitting my filters has dropped to very low levels not seen in years. This is due to the problems that Russian cyber criminals are having finding hosts for the servers used to issue command and control signals to their Botnets. This is a fluid situation, with spammers finding temporary hosts who come under pressure from security companies then terminate their connectivity. This has been going on since November 11, 2008. Currently, most spam is being sent via the resurrected Mega-D Botnet, which is famous for male enhancement spam.

The most prominent types of spam categorized this week were for imitations of brand name watches, followed by various pharmaceuticals, including diluted Asian Viagra from fake Internet pharmacies, and some fake diploma spam. Many of these types of spam were caught by my Sender's Blacklist rules, like lin+met@+.de or kef+diz@+, thus, the Blacklist category usually rates fairly high in the results.

MailWasher Pro spam category breakdown for December 22 - 28, 2008. Spam amounted to 17% of my incoming email this week, with just 35 spam messages analyzed.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for December 22 - 28, 2008" »

Posted by Wiz at 4:52 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

The overall volume of spam hitting my filters has dropped to very low levels not seen in years. This is due to the problems that Russian cyber criminals are having finding hosts for the servers used to issue command and control signals to their Botnets. This is a fluid situation, with spammers finding temporary hosts who come under pressure from security companies then terminate their connectivity. This has been going on since November 11, 2008. Currently, most spam is being sent via the resurrected Mega-D Botnet, which is famous for male enhancement spam.

The most prominent types of spam categorized this week were for imitations of brand name watches, followed by pirated software, then for fake Viagra from the fake Canadian Pharmacy. Many of these types of spam were caught by my Sender's Blacklist rules, like lin+met@+.de, thus, the Blacklist category is tied for the top position.

MailWasher Pro spam category breakdown for December 15 - 21, 2008. Spam amounted to 18% of my incoming email this week, with just 49 spam messages analyzed.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for December 15 - 21, 2008" »

Posted by Wiz at 3:20 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

The overall volume of spam hitting my filters has dropped to very low levels not seen in years. This is due to the problems that Russian cyber criminals are having finding hosts for the servers used to issue command and control signals to their Botnets. This is a fluid situation, with spammers finding temporary hosts who come under pressure from security companies then terminate their connectivity. This has been going on since November 11, 2008. Currently, most spam is being sent via the resurrected Mega-D Botnet, which is famous for male enhancement spam.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common types of spam this week is for fake diplomas, counterfeit watches and various pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. Spam for the fake "Canadian Pharmacy" remained strong as usual, but was surpassed again by spam caught by my "Hidden ISO Subject" filter. Most of the Hidden ISO spam is for imitation Viagra or ineffective male enhancement pills and patches. This hidden ISO or ASCII command in the Subject and From fields is from a template used by spammer. You can be certain this person lives in the former Soviet Union.

"Canadian Pharmacy" and it's offshoot "Canadian Health and Care Mall" is a scam website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The prescription drugs and herbal remedies promoted by the fake Canadian Pharmacy come from a lab in India, named after a flower. Those prescription drugs are illegal to import into the US or Canada and may be seized by postal inspectors upon arrival.

The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, Power Gain Plus, Mega-Dick, or other bogus herbal enlargement formulas, all of which are scams. These male enhancement pills and patches are totally ineffective at permanently lengthening the male organ and may even be dangerous to your health.

MailWasher Pro spam category breakdown for December 8 - 14, 2008. Spam amounted to 16% of my incoming email this week, with just 42 spam messages analyzed.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for December 8 - 14, 2008" »

Posted by Wiz at 3:07 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

The overall volume of spam hitting my filters has dropped to very low levels not seen in years. This is due to the problems that Russian cyber criminals are having finding hosts for the servers used to issue command and control signals to their Botnets. This is a fluid situation, with spammers finding temporary hosts who come under pressure from security companies then terminate their connectivity. This has been going on since November 11, 2008.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common types of spam this week is for fake watches and various pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. Spam for the fake "Canadian Pharmacy" remained strong as usual, but was surpassed again by spam caught by my "Hidden ISO Subject" filter. Most of the Hidden ISO spam is for Indian Viagra or ineffective male enhancement pills and patches. This hidden ISO or ASCII command in the Subject and From fields is from a template used by a particular Bot Master for his Botnet. You be be certain this person lives in the former Soviet Union.

"Canadian Pharmacy" and it's offshoot "Canadian Health and Care Mall" is a scam website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The prescription drugs and herbal remedies promoted by the fake Canadian Pharmacy come from a lab in India, named after a flower. Those prescription drugs are illegal to import into the US or Canada and may be seized by postal inspectors upon arrival.

The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, Power Gain Plus, or other herbal enlargement formulas, all of which are scams. Male enhancement pills are totally ineffective and may even be dangerous to your health.

MailWasher Pro spam category breakdown for December 1 - 7, 2008. Spam amounted to 10% of my incoming email this week, with just 27 spam messages analyzed.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for December 1 - 7, 2008" »

Posted by Wiz at 3:22 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

On November 26, 2008, I wrote an article concerning the "Srizbi" Botnet coming back to life, following the shutdown of its Command-and-Control servers (C&C) at McColo, Inc. This happened because the Russian criminals running the Srizbi Botnet, thought to number over 450,000 PCs, were able to lease servers from a web hosting firm in Estonia, to which they uploaded the C&C software. Once these servers came online the zombie computers making up the Botnet army were able to contact the servers and receive new instructions and spam templates. This resulted in a 10% increase in the volume of spam I saw last week, over the previous week (following the C&C servers at McColo being shut down).

Well, starting on Sunday night, November 30, 2008, I noticed another sudden decline in the amount of spam that was detected, classified and deleted by my spam filtering program, MailWasher Pro. This decline continues today, Monday, December 1, 2008. There is virtually no significant amount of spam arriving in any of my accounts. Being curious I did a little investigating and learned that the people running the Estonian ISP Starline Web Services, that temporarily hosted the Command-and-Control servers for the Srizbi botnet, has cut off those servers. This followed complaints from Estonia's Computer Emergency Response Team (CERT) and threats of total disconnection by the companies who supply the Internet IP connections to that ISP, and others in Estonia.

Note, that the ISP that was temporarily hosting the Srizbi C&C machines gets their IP addresses and Internet connectivity from a hosting company named Compic, which is known to CERT as a company that has been friendly to criminals who host malware on their websites. Many complaints have been filed with Compic concerning illegal activities by their customers, conducted on their servers and those of their downstream resellers. Reference.

Most of my readers are more concerned about repelling spam, than tracing it. I have written many articles offering filtering solutions involving MailWasher Pro, as well as website email filters that can be applied by people whose websites are hosted on cPanel control panels and Linux/Apache based servers. Just look in my recent posts links, in the right sidebar, or search this blog for the keywords "spam filters." But I seem to have overlooked one area of this spam-demic that deserves mentioning now. That area is your own computers and what unknown spam applications and scripts may be running on them.

The question every computer owner should be asking themselves, or their IT personnel, is: "Am I Botted?" What I mean by this is that every computer owner needs to scan for the presence of Bot infections on their PCs. Any operating system can become invaded by a Bot infection, either as an invisible rootkit or a visible process. Each OS will have tools available to its administrators to test for the presence of hostile applications (e.g. Snort). However, the rest of this article and the recommendations in it are meant for Windows based computer owners.

Continue reading "Srizbi Spam Botnet goes offline again!" »

Posted by Wiz at 6:27 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

Before I get into the various categories of spam received this week, I want to mention the fact that while the volume of spam is still down from October and early November, it is definitely on the rise, with a 10% increase from last week. The volume of spam had dropped to near zero a couple of weeks ago, due to the termination of service to a server co-location hosting company, named McColo. McColo's customers were responsible for over 75% of the daily spam sent from zombie computers in several major Botnets. The "zombie" computers in these Botnets were unable to receive instructions from their mothership controllers and had mostly fallen silent; but have now begun to awaken.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common types of spam this week is for fake watches and various pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. Spam for the fake "Canadian Pharmacy" remained strong as usual, but was surpassed for a second week by spam caught by my "Hidden ISO Subject" filter. Most of the Hidden ISO spam is for Indian Viagra or ineffective male enhancement pills and patches.

"Canadian Pharmacy" and it's offshoot "Canadian Health and Care Mall" is a scam website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The prescription drugs and herbal remedies promoted by the fake Canadian Pharmacy come from a lab in India, named after a flower. Those prescription drugs are illegal to import into the US or Canada and may be seized by postal inspectors upon arrival.

The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, Power Gain Plus, or other herbal enlargement formulas, all of which are scams. Male enhancement pills are totally ineffective and may even be dangerous to your health.

MailWasher Pro spam category breakdown for November 24 - 30, 2008. Spam amounted to 25% of my incoming email this week, with 74 spam messages analyzed.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Nov 24 - 30, 2008" »

Posted by Wiz at 2:26 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

On November 14, 2008, I published an article on my blog about how spam had dropped significantly following the shutdown of McColo, a server co-location hosting company. The reason for the huge drop in spam was because several of the World's largest and busiest Botnets had their Command and Control (C&C) servers housed and connected to the Internet by McColo. The C&C servers send instructions and spam templates to the Zombies under their control. When those C&C servers lost their connections to the Internet the Zombie computers in the Botnets they controlled all fell silent; becoming sleeper agents awaiting new instructions from new Controllers.

Today I began seeing an increase in the number of spam emails arriving in my spam screening program, MailWasher Pro. I did a little digging into security news and discovered that this increase is not a coincidence. Apparently, the so-called "Srizbi Botnet" has been rebuilding its C&C computers, which are now hosted in Estonia. Those C&C machines are now issuing instructions to the sleeping zombies, which are awakening and beginning to send out spam again. While researchers and detectives are able to identify the new locations of those C&C machines, shutting them down will be difficult, as the people hosting them and local Government officials could care less about the damage being done by the Botnets under their control.

Whether today's spam is coming from the Srizbi Botnet, or some other Botnet is unimportant to spam recipients. Unless you are a security researcher you are probably more interested in blocking this spam than in knowing who designed it and ordered it to be sent to you. I can help you do that, using special rules in a spam filtering program named MailWasher Pro. This can only be done if you read your email in a POP3 desktop email client, like Outlook, Outlook Express, Windows Live Mail, Apple Mail, Mozilla Thunderbird, etc. MailWasher Pro stands between the Internet email servers and your desktop email client, where it filters out spam, scams and virus threats, before downloading any messages to your desktop email client. If you are not already using MailWasher Pro you can read about it here and download a trial or purchase a copy for yourself.

The first prong in my attack against spam is to add wildcard email addresses, that spammers repeatedly forge as the sender, to the program's Blacklist. Blacklist rules are processed before other types of rules, so the wildcard addresses in the Blacklist will cut down a lot on the amount of unclassified spam you have to deal with. Open MailWasher Pro, click on the "View" menu item, then select "Filter Side Bar." The Filter Side Bar will appear on the right side of the program. It has three tabbed sections: "Friends List" and "Blacklist" and "Filters." Click on the "Blacklist" tab, then click on the round green "Add" button. A new "Add address to list" box will open. Click on the option "Wildcard expression." Copy and paste, or type in the following codes, one per Blacklist entry, then click OK to close each new entry box. Repeat the sequence for each of the six Blacklist additions listed below. The first two entries are very commonly matched right now.

kef+diz@+

lin+met@+.de

dw+m@+

_+@+.+

-+@+.+

+@mail.*ru

After saving these Blacklist Wildcard rules you must decide how you want MailWasher Pro to deal with the messages matching these expressions. While still in the mail Blacklist tab, click on the "Options" button. In the "Actions" section select "Delete the email." Just under that you can choose whether that happens manually, where you see the email flagged as "Blacklisted" in the incoming messages list, or if any messages matching those criteria are automatically deleted off the email server, on the spot. I use automatic deletion, as nobody I communicate with has an email prefix or suffix matching these criteria. To be safe, use manual deletion for a while, while listing (add to Friends list) any false detections, then switch to "Automatically, without notification" when you are confident in the accuracy of these (and other) Blacklist rules.

Next, go to my MailWasher Pro Custom Filters web page and scroll down to the iframe, in which one of my three versions of my custom MailWasher Pro filters will be loaded. Read the notes about each of these filters and choose the one that you prefer to use. You can either copy and paste the rules from the iframe into your own "filters.txt" file, or download the file, deposit it into the appropriate location, renaming it to filters.txt if required. MailWasher Pro keeps all user settings, filters and white/black lists in your logged-in identity's %AppData%\MailWasherPro folder. You may need to edit your Folder View settings to unhide hidden and system files and folders, and show known extensions, to see these files. You can also locate and open the data folder where the filters.txt lives by clicking on "Help" (with MailWasher Pro open), then "About," then click on the link to your application data files, at the bottom of the "About" box. More details about using my filters are found on the aforementioned Custom Filters web page.

Continue reading "Spam volume increasing as Srizbi Botnet is reactivated" »

Posted by Wiz at 4:20 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

Before I get into the various categories of spam received this week, I want to mention the fact that I saw a humongous drop in the volume of incoming spam analyzed by MailWasher Pro, beginning Tuesday, November 11 and continuing throughout this past week. It was on November 11, 2008, that Global Crossing and Hurricane Electric disconnected a server co-location hosting company named McColo from the Internet. McColo's customers were responsible for as much as 75% of the daily spam sent from zombie computers in several major Botnets. The "zombie" computers in these Botnets are unable to receive instructions from their mothership controllers and have mostly fallen silent; for now.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common types of spam this week is for fake watches and various pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. Spam for the fake "Canadian Pharmacy" remained strong as usual, but was surpassed this week by spam caught by my "Hidden ISO Subject" filter. Most of the Hidden ISO spam is for Indian Viagra or ineffective male enhancement pills.

"Canadian Pharmacy" and it's offshoot "Canadian Health and Care Mall" is a scam website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The prescription drugs and herbal remedies promoted by the fake Canadian Pharmacy come from a lab in India, named after a flower. Those prescription drugs are illegal to import into the US or Canada and may be seized by postal inspectors upon arrival.

The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, or other herbal enlargement formulas, all of which are scams. Male enhancement pills are totally ineffective and may even be dangerous to your health.

MailWasher Pro spam category breakdown for November 17 - 23, 2008. Spam amounted to a mere 15% of my incoming email this week, with only 44 spam messages analyzed.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Nov 17 - 23, 2008" »

Posted by Wiz at 1:40 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

Before I get into the various categories of spam received this week, I want to mention the fact that I saw a large drop in the volume of incoming spam analyzed by MailWasher Pro, beginning Tuesday, November 11. It was during the afternoon of November 11, 2008, that Global Crossing and Hurricane Electric disconnected a server co-location hosting company named McColo from the Internet. McColo's customers were responsible for as much as 75% of the daily spam sent from zombie computers in several major Botnets. Spam began diminishing on Tuesday and continues to drop today. A BIG THANKS goes to HostExploit and it's research partners who compiled evidence over a more than two year period, that led to the termination of McColo's connectivity to the Internet. I recently published an article about how the volume of spam dropped when McColo was disconnected from the Internet.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common types of spam this week is for fake diplomas and various pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. Spam for the fake "Canadian Pharmacy" continues to dominate all spam categories. This type of spam had decreased last month, after the arrest and indictment of some of the people behind these scams. Unfortunately, other criminals have taken up the slack and continue to promote their own "Canadian Pharmacy."

"Canadian Pharmacy" and it's offshoot "Canadian Health and Care Mall" is a scam website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The prescription drugs and herbal remedies promoted by the fake Canadian Pharmacy come from a lab in India, named after a flower. Those prescription drugs are illegal to import into the US or Canada and may be seized by postal inspectors upon arrival.

The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, or other herbal enlargement formulas, all of which are scams. Male enhancement pills are totally ineffective and may even be dangerous to your health.

MailWasher Pro spam category breakdown for November 10 - 16, 2008. Spam amounted to 49% of my incoming email this week, with 229 spam messages analyzed.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Nov 10 - 16, 2008" »

Posted by Wiz at 1:43 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

My incoming volume of Spam email has dwindled this week, steadily, since Tuesday, November 11. I have waited a few days to write about this in order to see how matters played out. Interestingly, Tuesday was also Veterans' Day in the USA and Armistice Day around the World. Coincidentally, there was a temporary armistice between the senders of spam and the targets of their spam messages. This armistice occurred around 1:30 PST in San Jose, California, USA.

Something major happened on Tuesday, November 11, 2008, that resulted in the huge drop in the volume of spam hitting my MailWasher Pro spam filtering program. It was on Tuesday afternoon, November 11, 2008, that Internet Backbone and Colocation Provider Hurricane Electric and global IP-based network Global Crossing terminated their Internet peering connections to the web server colocation hosting company known as McColo Corporation, located in San Jose, California. They did this after being presented with irrefutable evidence of long-term extreme badness being conducted by the hosting customers of McColo. It is estimated that up to 75% of the spam sent out on a daily basis is run by Command and Control servers hosted on machines at McColo's facilities. Without being commanded to receive new spam templates and then send out spam runs, the zombie PCs in numerous Botnets fell silent over the last few days.

This badness conducted by the McColo customers includes various unfriendly and illegal activities, including, but not limited to the following:

• Hosting distribution machines for malware executables and browser exploits, to be served to innocent web surfers drawn there by trickery, to infect their computers with Trojans and make them members of botnets.


• Command and Control over the World's most prolific Botnets, the members of which are remotely controlled to send spam, host malware laden web pages, or launch denial of service attacks on behalf of the Bot Masters.


• Hosting fake anti virus and rogue anti spyware scanners, used to scam victims into paying for useless removal programs. The so-called removal programs in fact only remove the pop-up notices, or balloon messages, or phony screensavers or desktop backgrounds that are made to resemble a Windows BSOD. They operate in collusion as a tandem infection.


• Hosting Phishing web sites that steal login credentials from banking customers, then empty their bank accounts, or make unauthorized purchases with their stolen credit card accounts.


• Hosting of illegal child pornography.


• Hosting of payment portals and systems by means of which cyber criminals receive payments.


• Hosting servers that are used to store information stolen by means of Phishing or Dictionary attacks against innocent parties.


• Databases containing the names and locations of Bot Masters, cyber criminals, pornographers and spammers.


• The hosting of fake pharmacy websites and payment systems.


• Launching DDoS attacks against the Republic of Georgia infrastructure and Government websites, and against other legitimate governments and companies.

The cyber criminals whose servers were taken offline when McColo went dark will eventually find other places to operate their servers and will rebuild their illegal businesses. In the meantime, you and I can enjoy a few days relief from the constant onslaught of spam that paralyzes our inboxes everyday. I can only hope that this shutdown will be a major inconvenience to them and will cost them a lot of time and money to rebuild. You and your friends can do your part by deleting all spam messages and by never ever buying anything that is spamvertised!

If you are in need of an effective spam filtering program that sits ahead of your email client, I use and recommend MailWasher Pro. MailWasher Pro intercepts your incoming POP3 email and filters out spam before you download it to your desktop email application.

Posted by Wiz at 4:42 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common types of spam this week is for pirated software, fake diplomas and various pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. This week I saw another resurgence in the amount of spam for the fake "Canadian Pharmacy." This type of spam had decreased after the arrest and indictment of some of the people behind these scams.

"Canadian Pharmacy" and it's offshoot "Canadian Health and Care Mall" is a scam website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The prescription drugs and herbal remedies promoted by the fake Canadian Pharmacy come from a lab in India, named after a flower. Those prescription drugs are illegal to import into the US or Canada and may be seized by postal inspectors upon arrival.

The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, or other herbal enlargement formulas, all of which are scams. Male enhancement pills are totally ineffective and may even be dangerous to your health.

MailWasher Pro spam category breakdown for November 3 - 9, 2008. Spam amounted to 50% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Nov 3 - 9, 2008" »

Posted by Wiz at 3:28 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week (again) is pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. This week I saw a big decrease in the amount of spam for the fake "Canadian Pharmacy." This is a scam website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, or other herbal enlargement formulas, all of which are scams.

MailWasher Pro spam category breakdown for October 20 - 26, 2008. Spam amounted to 67% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Oct 20 - 26, 2008" »

Posted by Wiz at 3:18 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week (again) is pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. At this time almost all spam email for any kind of pharmaceuticals is pointing to the fake "Canadian Pharmacy" website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, or other herbal enlargement formulas, all of which are scams.

For those who don't know, "Canadian Pharmacy" is a fake pharmacy, with fake accreditation banners, that is either hosted on compromised home or office computers (in Bot-nets), or on "bullet-proof" web hosting servers in Panama (200.63.40/21), China (CNCGROUP - 218.60.0.0/15), Korea, Vietnam, Romania, Russia, or The Ukraine. The Canadian Pharmacy spam gang sells counterfeit drugs that could harm or even kill you, but certainly won't help you in the manner advertised. This fake pharmacy is used by cyber criminals to raise money for themselves and to fund illegal activities that they engage in. Once they get your credit or debit card number they may max out your spending limit, or empty out bank account, or sell your credit card details to other criminals. Please do not be deceived into thinking that these are legitimate online pharmacies. Despite any banners, labels, or claims to the contrary, they are NOT approved to sell their (counterfeit) pills in most countries outside of China. Don't become a victim of the fake Canadian Pharmacy scam.

MailWasher Pro spam category breakdown for October 13 - 19, 2008. Spam amounted to 61% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Oct 13 - 19, 2008" »

Posted by Wiz at 1:45 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week (again) is pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. At this time almost all spam email for any kind of pharmaceuticals is pointing to the fake "Canadian Pharmacy" website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, or other herbal enlargement formulas, all of which are scams.

For those who don't know, "Canadian Pharmacy" is a fake pharmacy, with fake accreditation banners, that is either hosted on compromised home or office computers (in Bot-nets), or on "bullet-proof" web hosting servers in Panama (200.63.40/21), China (CNCGROUP - 218.60.0.0/15), Korea, Vietnam, Romania, Russia, or The Ukraine. The Canadian Pharmacy spam gang sells counterfeit drugs that could harm or even kill you, but certainly won't help you in the manner advertised. This fake pharmacy is used by cyber criminals to raise money for themselves and to fund illegal activities that they engage in. Once they get your credit or debit card number they may max out your spending limit, or empty out bank account, or sell your credit card details to other criminals. Please do not be deceived into thinking that these are legitimate online pharmacies. Despite any banners, labels, or claims to the contrary, they are NOT approved to sell their (counterfeit) pills in most countries outside of China. Don't become a victim of the fake Canadian Pharmacy scam.

MailWasher Pro spam category breakdown for Sept 29 - October 5, 2008. Spam amounted to 54% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Oct 6 - 12, 2008" »

Posted by Wiz at 2:22 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

I got the idea for this article while reading through various recent Craigslist items listed for sale in my city; Flint, Michigan. The listing that got my attention is: W. H. Turner Bronze "Fox and Goose" Sculpture, which was listed on October 8, 2008. According to the description of this item, it is a numbered bronze sculpture of "a fox diving after a fleeing goose and catching it by its tail feathers," and would be of interest to collectors of such things.

So, what has a bronze sculpture got in common with scammers and spammers? Plenty! Like a hungry sly fox, scammers and spammers craft their ploys to enable them to sneak up on their intended victims, striking when the victim is in a vulnerable position. Much of the spam and scams that I catch in my spam traps is crafted to catch people off-guard by playing on their inadequacies or curiosity. The subjects and body text are designed to fool gullible recipients into thinking that the links in those spam email messages can bring them something they are lacking, or to show them a video that is titillating, or sensational in content.

This is sucker bait. All of these things being advertised via spam emails (I call them Spamvertised) are scams and are meant to either steal your money or credit, or sell you counterfeit drugs, shoes, or watches, or to trick you into installing a Trojan Horse application onto your computer. Think of the web surfing general public as being akin to free-spirited geese, searching the World Wide Waters for knowledge and goodies, and criminal spammers as foxes - looking to turn them into prey.

So, the next time you get a spam email offering you incredible discounts on Viagra, Cialis, herbals, male enhancement products, or unsecured loans, or cheap "Bling" from counterfeit goods, or sensational videos of phony news or imaginary events involving actors or recording artists, or alarming messages supposed coming from a financial institution you may deal with, think twice or three times before you click on the links in those messages. The criminal minds behind these spam blasts are like foxes. They are sneaky and use stealth to trap their intended victims. They do not come in peace. They want to steal from you. If you are tricked into purchasing something spamvertised chances are very high that your credit or debit card information is in the hands of criminals. They may use it themselves, and/or sell it to the highest bidder, on special chat forums frequented by members of the spam underground. Buy from a spammer and your "goose" is going to be cooked. The fox has your account by the tail, like the fox in the sculpture gets the goose.

My own solution - and suggestion for you - is to use MailWasher Pro to filter out spam email before you download it to your email client. The program is very effective at recognizing spam, using a built-in learning filter, consulting online databases of known spam senders and domains, and custom written spam filter rules, many of which I write and publish.

Posted by Wiz at 12:42 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

For the past several weeks I have seen a huge increase in the volume of spam email promoting the fake Canadian Pharmacy. I write about it in my weekly reports about the classifications of spam, according to the anti-spam program MailWasher Pro and my custom MailWasher spam filters.

Whenever a spam email makes it through my automatic deletion spam filters I analyze it's contents and add the appropriate words or regular expressions to existing filter rules, or create new ones. Since most spam messages contain links to the spamvertised websites I will perform a stealth investigation of the website in the spam links. So far, all of the links in a recent spate of fake Fox News spam email lead to the fake Canadian Pharmacy. There is also a huge amount of spam the begins with the words Canadian Pharmacy.

Each day, or multiple times per day, the links point to a different website where the spamvertised pharmacy resides. So, I lookup the domains every now and then, using commercial Whois tools. Sometimes the fake pharmacy is located on a zombie computer in a Botnet. These are easy to spot because the header of the website reveals that it is running on the Nginx web server. Nginx is a tiny http server, made in Russia, and a favorite tool for use by Russian criminals to install on zombie machines under their control. But, not all Whois reports lead to zombies.

A large number of Whois IP traces in Canadian Pharmacy and Male Enhancement scams now lead to websites hosted on PanamaServer.com. This server farm is a new favorite place for spamvertised websites, phishing website, malware hosting and other dodgy goings on. Normally, one would not even know about the existence of PanamaServer unless they rented space on them to do business, or did Whois lookups of spam domains. But all that changed today for me, in another way.

I read my raw access logs every day, looking for sources of abuse, or referring domains, or other matters of interest to a Webmaster. Today's log revealed a long list of hits from somebody trying to harvest my entire website and trying to post spam comments via my contact form (failed due to my security implementation). All of these hits came from one IP address: 200.63.42.91, which the Whois reports as belonging to PanamaServer.com. The IP range (CIDR) assigned to this company is 200.63.40.0/22, ranging from 200.63.40.0 to 200.63.43.255. I have added that CIDR to my published Exploited Servers Blocklists, in .htaccess form and in iptables form. If you have an Apache based website you can block this domain and all spammers and scammers operating through websites hosted there. Just add 200.63.40.0/22 to your deny from list in .htaccess, or to the iptables list. Or, just download my Exploited Servers blocklist in the format you can use and install the entire blocklist. You will be protected against a huge number of exploited servers.

In case you don't know which list applies to your server, here's how to decide. If you are the administrator of the server and have root access to the Linux operating system, go with the iptables blocklist. If you are a customer on a shared hosting server, you must use the .htaccess blocklist. Full instructions for use are included on each blocklist.

I also maintain other country wide blocklists, in both .htaccess and iptables form. The landing pages for these blocklists are found at htaccess-blocklists.html and at iptables-blocklists.html.

Posted by Wiz at 4:24 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week (again) is pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. The most common spam subject and message body text included or started with the words "Canadian Pharmacy" along with fake Fox News Newsletters, with all of the links going to a fake Canadian Pharmacy website, hosted unknowingly on hijacked (Botnetted) personal computers.

For those who don't know, "Canadian Pharmacy" is a fake pharmacy, with fake accreditation banners, that is either hosted on compromised home or office computers (in Bot-nets), or on "bullet-proof" web hosting servers in Panama, China, Korea, Vietnam, Romania, Russia, or The Ukraine. The Canadian Pharmacy spam gang sells counterfeit drugs that could harm or even kill you, but certainly won't help you in the manner advertised. This fake pharmacy is used by cyber criminals to raise money for themselves and to fund illegal activities that they engage in. Once they get your credit or debit card number they may max out your spending limit, or empty out bank account, or sell your credit card details to other criminals. Please do not be deceived into thinking that these are legitimate online pharmacies. Despite any banners, labels, or claims to the contrary, they are NOT approved to sell their (counterfeit) pills in most countries outside of China. Don't become a victim of the fake Canadian Pharmacy scam.

MailWasher Pro spam category breakdown for Sept 29 - October 5, 2008. Spam amounted to 53% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Sept 29 - Oct 5, 2008" »

Posted by Wiz at 3:12 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

As many of you know, I write and publish custom spam filters for the anti-spam program named MailWasher Pro. In addition to publishing my custom MailWasher Pro filters on my own website, I have a thread about them on the new Firetrust MailWasher Forum. The title and location is: Wizcrafts Custom MailWasher Pro Filters discussed here.

For the curious who are not yet using MailWasher Pro, you can read about it on my MailWasher Pro web page. There are links there to try it or buy it. There is a one time fee of $39.95 US to license the program and all updates to the program itself are then free for life. It does have an included reporting service called FirstAlert! that is subscription based, but is purely optional. All new purchasers get the first year of FirstAlert! for free.

The spam filters used by MailWasher Pro (MWP) are in plain test and are stored in a file named: filters.txt. That file, along with the blacklist (and friends list), the bayesian learning filter database and other personalized files are stored separately from the program itself, inside your user profile, under Application Data, or AppData for Vista users. That location depends on which version of Windows you are using. If you don't already know about the location of your application data, open the Run box by pressing the "Windows" key + R together and when the Run box opens, type in : %AppData% and press Enter. If you are notified that the contents are hidden, click on the link to Show these files, and/or modify your Folder View options to Display hidden files and folders and to not hide known file type extensions.

Once you open your personal identity's Application Data (or AppData) directory, look for the MailWasherPro subdirectory. Your own filters.txt and blacklist.txt files, spamlog.txt and the learning filter database are all inside that location. To edit filters.txt, or to use my custom downloadable filters you must first close MailWasher Pro, or your changes will be overwritten.

Download MailWasher Pro Here

Some things to keep in mind when editing filters.txt are as follows:

• Every rule starts with either [enabled] or [disabled]


• Every rule starts on a new line and occupies one long line of code.


• you must not have any blank spaces after the end of any rule.


• There must not be any blank lines between rules.


• MWP will add a single line feed to the last rule if none is present in your custom filters.


• Comments are proceeded with double forward slashes: // and will be overwritten with the default comments after the program opens and closes.


• Pay careful attention to double quotes (") in your rules. A misplaced quote will cause that rule to be deleted when the program opens! If there are spaces between words or regular expressions, you must enclose that segment inside double quotes. If there are bouble quotes in the rule you must add another double quote to each one, thus "escaping" them.


• If in doubt you should use the custom filter wizard to add data to fields and select your desired actions. The wizard will add the necessary quotes for you and the correct terminology for matching conditions. You can then open your filters.txt and see how the rule looks in the list.

Posted by Wiz at 12:47 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week (again) is pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. The most common spam subject and message body text included or started with the words "Canadian Pharmacy."

For those who don't know, "Canadian Pharmacy" is a fake pharmacy, with fake accreditation banners, that is either hosted on compromised home or office computers (in Bot-nets), or on "bullet-proof" web hosting servers in China, Korea, Vietnam, Romania, Russia, or The Ukraine. The Canadian Pharmacy spam gang sells counterfeit drugs that could harm or even kill you, but certainly won't help you in the manner advertised. This fake pharmacy is used by cyber criminals to raise money for themselves and to fund illegal activities that they engage in. Once they get your credit or debit card number they may max out your spending limit, or empty out bank account, or sell your credit card details to other criminals.

The runner up subject begins with"from" followed by fake first and last names. The body text often contains "Canadian Pharmacy" or "CanadianRX," or other words alluding to pharmaceuticals, and leads to compromised computers running the Russian Nginx server software, unbeknownst to their owners. Those zombie computers are used to host the fake Canadian Pharmacy website. My spam log also showed a large number of other repetitive pharmaceutical subjects, such as: Doctor Approved and Recommended, Enlarge, Very discreet shipping and billing, and RE: Message (5 to 7 numbers). Please do not be deceived into thinking that these are legitimate online pharmacies. Despite any banners, labels, or claims to the contrary, they are NOT approved to sell their (counterfeit) pills in most countries outside of China. Don't become a victim - delete all spam on sight!

Other categories of spam that rated a sizable percentage included unsecured loans, credit cards, or debt reduction. Common Subject words include "Refinance" or "Loans." These are scams. No legitimate company ever uses spam sent through botnets to advertise its financial services! Never, ever, ever buy anything that is "spamvertised!"

MailWasher Pro spam category breakdown for Sept 22 - 28, 2008. Spam amounted to 53% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Sept 22 - 28, 2008" »

Posted by Wiz at 2:12 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of spam messages.While spam is an annoyance to most people, it is combat for me. I publish custom filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week (again) is pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. The most common spam subject included or started with the words "Canadian Pharmacy."

For those who don't know, "Canadian Pharmacy" is a fake pharmacy, with fake accreditation banners, that is either hosted on compromised home or office computers (in Bot-nets), or on "bullet-proof" web hosting servers in China, Korea, Vietnam, Romania, Russia, or The Ukraine. The Canadian Pharmacy spam gang sells counterfeit drugs that could harm or even kill you, but certainly won't help you in the manner advertised. This fake pharmacy is used by cyber criminals to raise money for themselves and to fund illegal activities that they engage in.

The runner up subject begins with"from" followed by fake first and last names. The body text often contains "Canadian Pharmacy" or "CanadianRX," or other words alluding to pharmaceuticals, and leads to compromised computers running the Russian Nginx server software, unbeknownst to their owners. Those zombie computers are used to host the fake Canadian Pharmacy website.

Other categories of spam that rated a sizable percentage included unsecured loans, credit cards, or debt reduction. Common Subject words include "Refinance" or "Loans." These are scams. No legitimate company ever uses spam sent through botnets to advertise its financial services! Never, ever, ever buy anything that is "spamvertised!"

MailWasher Pro spam category breakdown for Sept 15 - 21, 2008. Spam amounted to 56% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Sept 15 - 21, 2008" »

Posted by Wiz at 3:16 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of spam messages.While spam is an annoyance to most people, it is combat for me. I publish custom filters to block spam email for people who use the MailWasher Pro anti-spam email client.

This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week (again) is pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. The most common spam subject included or started with the words "Canadian Pharmacy."

For those who don't know, "Canadian Pharmacy" is a fake pharmacy, with fake accreditation banners, that is either hosted on compromised home or office computers (in Bot-nets), or on "bullet-proof" web hosting servers in China, Korea, Vietnam, Romania, Russia, or The Ukraine. The Canadian Pharmacy spam gang sells counterfeit drugs that could harm or even kill you, but certainly won't help you in the manner advertised. This fake pharmacy is used by cyber criminals to raise money for themselves and to fund illegal activities that they engage in.

The runner up subject begins with"from" followed by fake first and last names. The body text also contains "Canadian Pharmacy, or other words alluding to pharmaceuticals, and leads to compromised computers running the Russian Nginx server software, unbeknownst to their owners. Those zombie computers are used to host the fake Canadian Pharmacy website.

Other categories of spam that rated a sizable percentage included unsecured loans, credit cards, or debt reduction. These are scams. No legitimate company ever uses spam sent through botnets to advertise its financial services! Never, ever, ever buy anything that is "spamvertised!" Replica watches also kept showing up in measurable spam numbers this week. All of the spam and scams were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted. I never have and never will buy anything that is Spamvertised!

MailWasher Pro spam category breakdown for Sept 8 - 14, 2008. Spam amounted to 53% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 4:10 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week (again) is male enhancement products, Viagra, Cialis and other drugs. The most common spam subject was "Solution for your sexual problems," or something including the words "Canadian Pharmacy."

For those who don't know, "Canadian Pharmacy" is a fake pharmacy, with fake accreditation banners, that is either hosted on compromised home or office computers (in Bot-nets), or on "bullet-proof" web hosting servers in China, Korea, Vietnam, Romania, Russia, or The Ukraine. The Canadian Pharmacy spam gang sells counterfeit drugs that could harm or even kill you, but certainly won't help you in the manner advertised.

The runner up again is spam for unsecured loans, credit cards, or debt reduction. These are scams. No legitimate company ever uses spam sent through botnets to advertise its financial services! Never, ever, ever buy anything that is "spamvertised!" Exploit video links and replica watches also kept showing up in measurable spam numbers this week. All of the spam and scams were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted. I never have and never will buy anything that is Spamvertised!

MailWasher Pro spam category breakdown for Sept 1 - 7, 2008. Spam amounted to 56% of my incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 2:10 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week is male enhancement products and drugs. The most common spam subject was "Solution for your sexual problems."

The runner up was spam for loans or debt reduction. These are mostly scams. No legitimate company ever uses spam sent through botnets to advertise its financial services! Never, ever, ever buy anything that is "spamvertised!"

MailWasher Pro spam category breakdown for August 25 - 31, 2008. Spam amounted to 53% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 2:34 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.

When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common email threat this week is male enhancement products. Previously, it was Trojan Video exploit links. These messages either have fake news headlines, or use the names of famous actresses in the subject, with ludicrous or nasty claims about their activities. The message body may contain links to read more, view or play a video, or even have a pornographic image of the actress whose name is used in the subject. All either have links to exploit web pages, or to directly download a Trojan file.

If you have clicked on one of these Trojan download links you may have either knowingly, or unknowingly allowed a hostile file to be installed, and are probably in need of the services of an up-to-date anti-spyware program to disinfect your PC. I recommend Spyware Doctor, from PC Tools, because it specializes in spyware detection and removal, and is updated very frequently. As Spyware tools go, Spyware Doctor is one of the top rated in the industry. Symantec also thinks that PC Tools makes great security programs and just bought the company. However, PC Tools will continue to market Spyware Doctor on its own, so you are assured of continuing updates and support..

MailWasher Pro spam category breakdown for August 18 - 24, 2008. Spam amounted to 47% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 1:32 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category; "Other."

The most prevalent social engineering email threat continues to be a video exploit link scam that has a subject and sender containing the words "Breaking Alert" or "Breaking News." This threat is sent from a humongous botnet, and has transformed from claiming to be a CNN "My Custom Alert," to an "msnbc.com Breaking News," to the current just "Breaking News." All of these contain lines about fake breaking news stories, and all contain disguised links to a compromised web site hosting a payload named "get_flash(_update).exe" - or a variation thereof. This is not the real Adobe Flash Player, but a fake Video Codec, containing malware that has been identified as being either a "Tibs," "Zlob," or "Storm/Nuwar" Trojan variant. If you are lured to a web page containing such a link (mouse-over links to see their destination in your browser's status bar, on the bottom), and you survive the automatic attempts to exploit browser vulnerabilities, do not click on the download links offered to you! There may be a pop-up message claiming you require a video codec, or ActiveX Object to view a news story, but it is a trick to fool you into self-installing the Trojan.

If you have clicked on one of these Trojan download links and allowed the file to be installed, you are probably in need of the services of an up-to-date anti-spyware program. I recommend Spyware Doctor, from PC Tools, because it specializes in spyware detection and removal, and is updated very frequently. As Spyware tools go, Spyware Doctor is one of the top rated in the industry. It gets the job done where others fail.

MailWasher Pro spam category breakdown for August 11 - 17, 2008. Spam amounted to 47% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for Aug 11 - 17, 2008" »

Posted by Wiz at 2:48 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category; "Other."

The most recent social engineering email threat is a video exploit link spam that has a subject and sender containing the words "CNN Alerts: Custom Alert," which contains a link to a web page hosting a payload named "get_flash(_update).exe" - or a variation thereof. This is serious malware that has been identified as being either a "Tibs," "Zlob," or "Storm/Nuwar" Trojan variant. If you are lured to a web page containing such a link (mouse-over links to see their destination in your browser's status bar, on the bottom), and you survive the automatic attempts to exploit browser vulnerabilities, do not click on the download links offered to you! There may be a pop-up message claiming you require a video codec, or ActiveX Object to view a news story, but it is a trick to fool you into self-installing the Trojan.

MailWasher Pro spam category breakdown for August 4 - 10, 2008. Spam amounted to 45% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 12:26 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

I'm writing this two days late, due to other commitments over the weekend.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category; "Other."

For the last couple of weeks most of the spam/scam email I saw or auto-deleted, was in the form of ludicrous news headlines in the subject and body and a single link to website where your computer is bombarded with multiple exploits. Should your computer be too well protected to fall for the automatic exploits there is one left trick that is netting as many victims as the auto-exploits do. The web page presents you with a fake PornTube or YouTube player containing a notice that you must click to download a missing video codec to play the movie. Of course, the only thing downloaded when one clicks on the image is a copy of a Trojan installer file and your computer instantly becomes a Zombie member of a Botnet.

The most recent spate of video exploit link spam has a subject and sender containing the words "Daily Top 10" and has multiple stacked lines of "news" links, all leading to a single web page with a payload named "get_flash_update.exe" - or a variation thereof. This is malware that has been identified as being either a "Zlob" or "Storm/Nuwar" Trojan variant. If you are lured to a web page containing such a link (mouse-over links to see their destination in your browser's status bar, on the bottom), and you survive the automatic attempts to exploit browser vulnerabilities, do not click on those executable links!

MailWasher Pro spam category breakdown for July 28 - August 4, 2008 (one extra day). Spam amounted to 42% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 11:59 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category; "Other."

For the last couple of weeks much of the spam/scam email I saw or auto-deleted, was in the form of ludicrous news headlines in the subject and body and a single link to website where your computer is bombarded with multiple exploits. Should your computer be too well protected to fall for the automatic exploits there is one left trick that is netting as many victims as the auto-exploits do. The web page presents you with a fake PornTube or YouTube player containing a notice that you must click to download a missing video codec to play the movie. Of course, the only thing downloaded when one clicks on the image is a copy of a Trojan installer file and your computer instantly becomes a Zombie member of a Botnet.

MailWasher Pro spam category breakdown for July 21 - 27, 2008. Spam amounted to 45% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 3:16 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category; "Other."

I want to make mention that the largest type of spam/scam I saw this week is from the Storm Botnet, in the form of ludicrous news headlines in the subject and body and a single link to website where your computer is bombarded with multiple exploits. Should your computer be too well protected to fall for the automatic exploits there is one left trick that is netting as many victims as the auto-exploits do. The web page presents you with a fake PornTube or YouTube player containing a notice that you must click to download a missing video codec to play the movie. Of course, the only thing downloaded when one clicks on the image is a copy of the Storm Trojan installer file and your computer instantly becomes a Zombie member of the Storm Botnet.

MailWasher Pro spam category breakdown for July 14 - 20, 2008. Spam amounted to 44% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 2:00 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Note: Updated on July 20, 2008, with new information

There is a surge going on right now in the amount of spammed email messages being blasted out by Botnets, with ludicrous news headlines in the Subjects. The subjects try to tempt you to read the message, then click on the enclosed link to read the details about the subject, or some other alleged news story. The headlines are sucker bait, with a nasty payload at the other end of the links contained in the message bodies.

Different from any news flashes to which you may actually subscribe, these arrived unsolicited in your inbox, from unknown, forged sender names and addresses and from domains you have to relationship with. Many are sent using forged .de (German) domains in the From address, in addition to .it, .ru and others.

If you hold your mouse pointer over the links in these messages you will see a lot of domains extensions for various countries around the World. Some I have seen just today include .de, .it, .fr and .ru. The domain name is followed by a forward slash (/) and a file name. The initial spam run file name was "main.html" (e.g. example.com/main.html). Other Trojan link file names have already appeared, such as "start.html" and "news.html." If you were to go to those domains in the links, using "wannabrowser," with "follow redirects" unchecked, you would see that many of the first responding domains are hosted on hacked Microsoft IIS servers. They all contain meta redirect tags that forward normal browsers to another domain, usually a zombie PC in the Storm Botnet, or a web site hosted in China or Russia. Once you arrive there your browser gets assaulted by numerous hostile JavaScript codes and iframe exploits. Should all those fail to automatically exploit your computer they supply self-infection links!

And what method do they employ to get you to click on these links to infect your own computer? The bait is a fake, look-alike "Porntube" video player that requires a special video "codec" to play the free sample movie. They even provide fake reviews under the fake player placeholder, from make-believe happy viewers before you! These guys are professionals and very good at the Con Game they are playing.

The payload file name may vary, but so far I have seen "video.exe," "watch.exe" and "view.exe" as the name of the payload file it delivers. That file is actually the "Storm Trojan" and it is infecting unprotected computers, or gullible computer owners, all around the World.

If you know, or suspect that you have become a victim of the Storm, or any other Trojan, you should obtain legitimate anti-malware software and scan for and remove all threats, after updating the program with the latest definitions. I use Spybot Search and Destroy, which is updated weekly and is totally free, but which you must remember to update manually and scan manually. It is one of my routine tasks that I do on Wednesdays, when the Spybot S&D definition updates are released.

Most people don't want to mess with security programs that they have to micro manage every time they want to use them. For you folks a commercial application makes more sense. While I know of many security products and have ads for them I am leaning towards Trend Micro Internet Security now. Their existing program used to be called PC-cillin and is well respected in the anti virus field. But, they are venturing where no man has gone before: to the Cloud!

I'll tell you more about this new development soon. For now, if you need a really solid anti-virus | anti-spyware | anti phishing | and anti-spam solution, you will not go wrong with Trend Micro Internet Security 2008. As a favor to my readers, enter coupon code TrendIS08 during your purchase and I'll save you 10% off the going rate!

Till next time, practice safe hex !

Posted by Wiz at 3:16 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category; "Other."

MailWasher Pro spam category breakdown for July 7 - 13, 2008. Spam amounted to 53% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 12:44 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

"Stupid Russian Blog Spammers Still Wasting Their Time" makes for a catchy, surreal title, but it's true. The same country that produced the brilliant criminal masterminds behind the Storm and Grisbi Worms has also produced some of the stupidest blog spammers to ever set finger to keyboard!

Let me explain what I am referring to regarding stupid blog spammers. First of all, look up in the upper right corner of this blog, just under the Google search field. Here's what it says in capital letters: "SORRY: NO COMMENTS, NO TRACKBACKS!" That should be self explanatory to almost anybody who can read English words, including people intent on spamming a blog such as this one, using English words. You know the crap I'm talking about; links to buy unlicensed or illegal drugs or herbal solutions, to cure "ED" or enlarge one's "natural size." When I first started this blog I did allow trackbacks and comments and that is what I was getting submitted, all in English and all traced to Russian and Ukrainian IP addresses.

As soon as I realized that only blog spammers were trying to comment on my blog I decided to disable the codes and modules that allowed comments and trackbacks. Still, these idiots in Russia and the Ukraine continued trying to POST comments and trackbacks to the now disabled modules that used to handle those functions. This led me to write three articles about these incidents, during the spring and summer of 2007. Their names and links to them are as follows:

1. Stupid Blog Trackback Spammers Don't Understand Server 403 Responses


2. Russian and Ukrainian Blog Spammers are STUPID!


3. Blog spammers still wasting their time tying to spam this unspammable blog

Anyway, insults to the enemy aside (it feels good though!), I never see the comments they are typing, just an access log entry containing a 403 Forbidden, or 302 redirect back to their own websites (lol). My Apache-based, shared-hosting web server is protected with a custom ".htaccess" file that contains my entire, now-famous, "Russian Blocklist!" Many webmasters are using this blocklist to keep Russian and Turkish spammers and hackers from accessing their web sites.

If your web site and blog is hosted on a shared Apache/Linux based web server and you want to block access to IP addresses in the former Soviet Union and Turkey, just download my Russian .Htaccess Blocklist and either use it as your new .htaccess file, or merge the "deny from" list into your existing .htaccess. Full instructions are included on my .htaccess blocklists landing page and on each blocklist page. The landing page has links to all of my existing .htaccess IP blocklists (Chinese, Nigerian, Russian and Exploited Servers), as well as my iptables Linux firewall blocklist equivalents.

An actual access log entry and codes you can use to block web site access to these people, are in my extended content.

Continue reading "Stupid Russian Blog Spammers Still Wasting Their Time" »

Posted by Wiz at 6:28 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category; "Other."

MailWasher Pro spam category breakdown for June 30 - July 6, 2008. Spam amounted to 51% of incoming email this week.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 2:00 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

MailWasher Pro is a spam screening program that goes between your email servers and your desktop email client (application). It uses a variety of techniques to recognize what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category; "Other."

MailWasher Pro spam category breakdown for June 23 through 29, 2008.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 3:25 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

In the beginning of this series I was using MailWasher Pro filters exclusively, to detect and delete incoming spam email. Since then I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page. I am no longer stating the overall percentage of spam to good email, due to the huge effect my cPanel mail server filters on reducing the overall volume of junk mail. What does get through my server filters is still representative of what types of spam others are seeing and the same categories occupy the top positions for me as they do for you.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category.

Download MailWasher Pro Here

MailWasher Pro spam category breakdown for June 16 through 22, 2008.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 3:08 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

In the beginning of this series I was using MailWasher Pro filters exclusively, to detect and delete incoming spam email. Since then I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page. I am no longer stating the overall percentage of spam to good email, due to the huge effect my cPanel mail server filters on reducing the overall volume of junk mail. What does get through my server filters is still representative of what types of spam others are seeing and the same categories occupy the top positions for me as they do for you.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category.

Download MailWasher Pro Here

MailWasher Pro spam category breakdown for June 9 through 15, 2008.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 11:49 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

In the beginning of this series I was using MailWasher Pro filters exclusively, to detect and delete incoming spam email. Since then I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page. I am no longer stating the overall percentage of spam to good email, due to the huge effect my cPanel mail server filters on reducing the overall volume of junk mail. What does get through my server filters is still representative of what types of spam others are seeing and the same categories occupy the top positions for me as they do for you.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category.

Download MailWasher Pro Here

MailWasher Pro spam category breakdown for June 2 through 8, 2008.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 1:27 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

In the beginning of this series I was using MailWasher Pro filters exclusively, to detect and delete incoming spam email. Since then I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page. I am no longer stating the overall percentage of spam to good email, due to the huge effect my cPanel mail server filters on reducing the overall volume of junk mail. What does get through my server filters is still representative of what types of spam others are seeing and the same categories occupy the top positions for me as they do for you.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category.

Download MailWasher Pro Here

MailWasher Pro spam category breakdown for May 26 through June 1, 2008.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 3:06 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

After taking a few weeks off from reporting my spam categories I thought I would resume the exercise today. This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

In the beginning of this series I was using MailWasher Pro filters exclusively, to detect and delete incoming spam email. Since then I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page. I am no longer stating the overall percentage of spam to good email, due to the huge effect my cPanel mail server filters on reducing the overall volume of junk mail. What does get through my server filters is still representative of what types of spam others are seeing and the same categories occupy the top positions for me as they do for you.

The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category.

Download MailWasher Pro Here

MailWasher Pro spam category breakdown for May 19 through 25, 2008.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 4:02 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

In the beginning of this series I was using MailWasher Pro filters exclusively, to detect and delete incoming spam email. Since then I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

My analysis of this week's spam shows that male enhancement pills, Viagra and other pharmaceuticals occupy the top spot in my spam categories, with counterfeit brands of watches, clothes and shoes, pirated software and Google redirect exploits to fake "video codecs" (e.g: the Zlob Trojan and other Trojan Horse executables) falling further behind. All of the spam emails for pharmaceuticals have links to websites hosted in China or Korea. Most of the fake and counterfeit goods, drugs, enhancement pills and herbal solutions being spamvertised are produced in China. Foremost among these are fake pharmacy websites, like the so called "Canadian Pharmacy," which is not in Canada at all (it's in China and Indo-China), nor, despite the presence of fake accreditation logos, are they approved to sell pharmaceuticals in the US or Canada. Most of the fraudulent "Canadian Pharmacy" web pages are now hosted on compromised home or office PC's, that are unknowingly members of various spam Botnets. In fact, virtually all of the billions of spam messages hitting our inboxes these days comes from zombie computers, used as spam relays, in various Botnets.

As is usually the case, the category "Other Filters" has the second largest percentage in this week's spam analysis. That category contains all manner of miscellaneous filters that are matched by supposedly clever email subjects, such as: one word subject, digits and consonants senders, various HTML tricks, 2 line spam tricks, and some lottery and financial fraud and phishing scams. The spam main categories that rated a measurable percentage are listed below.

The current percentage of identified spam that made it through the filters on my mail server is 38% for the week ending May 4, 2008. These messages were all identified and dealt with by MailWasher Pro. I assigned some truly miscellaneous messages to the "learning filter" which then flags any similar messages as spam, making them easy to spot in the message list. This has earned the category "Learning Filter" a small spot in the list below. :-)

Download MailWasher Pro Here

MailWasher Pro spam category breakdown for April 28 through May 4, 2008.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Mail, Eudora, Mozilla and other stand-alone email programs).

Posted by Wiz at 3:33 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

In the beginning of this series I was using MailWasher Pro filters exclusively, to detect and delete incoming spam email. Since then I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

My analysis of this week's spam shows that male enhancement pills, Viagra and other pharmaceuticals occupy the top spot in my spam categories, with counterfeit brands of watches, clothes and shoes, pirated software and Google redirect exploits to fake "video codecs" (e.g: the Zlob Trojan and other Trojan Horse executables) falling further behind. All of the spam emails for pharmaceuticals have links to websites hosted in China or Korea. Most of the fake and counterfeit goods, drugs, enhancement pills and herbal solutions being spamvertised are produced in China. Foremost among these are fake pharmacy websites, like the so called "Canadian Pharmacy," which is not in Canada at all (it's in China and Indo-China), nor, despite the presence of fake accreditation logos, are they approved to sell pharmaceuticals in the US or Canada. Most of the fraudulent "Canadian Pharmacy" web pages are now hosted on compromised home or office PC's, that are unknowingly members of various spam Botnets. In fact, virtually all of the billions of spam messages hitting our inboxes these days comes from zombie computers, used as spam relays, in various Botnets.

As was the case before, the category "Other Filters" has the largest percentage in this week's spam analysis. That category contains all manner of miscellaneous filters that are matched by supposedly clever email subjects, such as: one word subject, digits and consonants senders, various HTML tricks, 2 line spam tricks, and some good old Nigerian 419 lottery and financial fraud scams. The spam main categories that rated a measurable percentage are listed below.

The current percentage of identified spam that made it through the filters on my mail server is 38% for the week ending April 27, 2008. These messages were all identified and dealt with by MailWasher Pro. I assigned some truly miscellaneous messages to the "learning filter" which then flags any similar messages as spam, making them easy to spot in the message list. This has earned the category "Learning Filter" a small spot in the list below. :-)

MailWasher Pro spam category breakdown for April 21 through 27, 2008.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for April 21 - 27, 2008" »

Posted by Wiz at 12:44 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This is the latest entry in a series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.

In the beginning of this series I was using MailWasher Pro filters exclusively, to detect and delete incoming spam email. Since then I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

My analysis of this week's spam shows that male enhancement pills, Viagra and other pharmaceuticals occupy the top spot in my spam categories, with counterfeit brands of watches, clothes and shoes and Google redirect exploits to fake "video codecs" (e.g: the Zlob Trojan and other Trojan Horse executables) following closely behind. All of the spam emails for pharmaceuticals have links to websites hosted in China or Korea. Most of the fake and counterfeit goods, drugs, enhancement pills and herbal solutions being spamvertised are produced in China. Foremost among these are fake pharmacy websites, like the so called "Canadian Pharmacy," which is not in Canada at all (it's in China and Indo-China), nor, despite the presence of fake accreditation logos, are they approved to sell pharmaceuticals in the US or Canada. Most of the fraudulent "Canadian Pharmacy" web pages are now hosted on compromised home or office PC's, that are unknowingly members of various spam Botnets. In fact, virtually all of the billions of spam messages hitting our inboxes these days comes from zombie computers, used as spam relays, in various Botnets.

As was the case before, the category "Other Filters" has the largest percentage in this week's spam analysis. That category contains all manner of miscellaneous filters that are matched by supposedly clever email subjects, such as: one word subject, digits and consonants senders, various HTML tricks, 2 line spam tricks, and some good old Nigerian 419 lottery and financial fraud scams. The spam main categories that rated a measurable percentage are listed below.

The current percentage of identified spam that made it through the filters on my mail server is 34% for the week ending April 20, 2008. These messages were all identified and dealt with by MailWasher Pro. I assigned some truly miscellaneous messages to the "learning filter" which then flags any similar messages as spam, making them easy to spot in the message list. This has earned the category "Learning Filter" a small spot in the list below. :-)

MailWasher Pro spam category breakdown for April 14 through 20, 2008.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as a front-end screener to your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for April 14 - 20, 2008" »

Posted by Wiz at 2:42 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

After taking one week off from analyzing my spam (junk-mail) statistics, I am resuming them this weekend. I have instituted email spam filters on my website's mail server, which has greatly reduced the amount of spam I see at all. The balance that does get through is identified and either flagged as spam, or instantly deleted, by my POP3 mail anti-spam tool; MailWasher Pro. MailWasher Pro identifies what is spam by a combination of methods, including the use of custom written personal spam filter rules. I have created a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.

On to the spam analysis at hand!

My analysis of this week's spam shows that male enhancement pills and other pharmaceuticals have reclaimed the top spot in my spam categories, with counterfeit brands of watches, clothes and shoes and Google redirect exploits to fake "video codecs" (e.g: the Zlob Trojan and other Trojan Horse executables) following closely behind. All of the spam emails for pharmaceuticals have links to websites hosted in China or Korea. Most of the fake and counterfeit goods, drugs, enhancement pills and herbal solutions being spamvertised are produced in China. Foremost among these are fake pharmacy websites, like the so called "Canadian Pharmacy," which is not in Canada at all (it's in China and Indo-China), nor, despite the presence of fake accreditation logos, are they approved to sell pharmaceuticals in the US or Canada. Most of the fraudulent "Canadian Pharmacy" web pages are now hosted on compromised home or office PC's, that are unknowingly members of various spam Botnets. In fact, virtually all of the billions of spam messages hitting our inboxes these days comes from zombie computers, used as spam relays, in various Botnets.

As was the case before, the category "Other Filters" has the largest percentage in this week's spam analysis. That category contains all manner of miscellaneous filters that are matched by supposedly clever email subjects, such as: one word subject, digits and consonants senders, various HTML tricks, 2 line spam tricks, and some good old Nigerian 419 lottery and financial fraud scams. The spam main categories that rated a measurable percentage are listed below.

The current percentage of identified spam that made it through the filters on my mail server is 34% for the week ending April 13, 2008. These messages were all identified and dealt with by MailWasher Pro. I assigned some truly miscellaneous messages to the "learning filter" which then flags any similar messages as spam, making them easy to spot in the message list. This has earned the category "Learning Filter" a small spot in the list below. :-)

MailWasher Pro spam category breakdown for April 7 through 13, 2008.

Download MailWasher Pro Here

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as a front-end screener to your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Mail, Eudora, Mozilla and other stand-alone email programs).

Continue reading "My Spam analysis for April 7 - 13, 2008" »

Posted by Wiz at 11:55 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Exim Spam Filters for Websites with CPanel

If you have a website that uses cPanel as the control panel and it has email filtering enabled, on an account-wide basis, the rules below will reduce the amount of spam you see, dramatically.

First of all, you should be aware that not all cPanel icon layouts are the same, nor are all of the same options available from various hosting companies. I have my websites hosted at Bluehost and enjoy lots of user configurable options, including account-wide user-created email filter rules. I gain access to the email filters by following this path: Login to cPanel > "Home" > "Mail" section > "Account Level Filtering" icon. This opens a new cPanel page with the heading: "Edit Filters for All Mail On Your Account" - "In this area you can manage filters for your main account. Note, that if you have add-on domains hosted under the main account, their email accounts will also be covered by these filters. My cPanel also has an icon that when clicked upon allows me to create filters on an individual account basis. This way I can apply more restrictive rules to the accounts receiving the most spam, leaving the others to be filtered less drastically.

For simplicity sake I have grouped all of my various account rules into one set, which can be applied site-wide. You'll still see some spam, but not nearly as much as you do before applying these rules.

On the cPanel "Account Level Filtering" page, click the button labeled "Create a new Filter." The first input field is labeled: "Filter Name:" and you should type in the name you want to assign to each rule, or use mine, shown below. Each rule must have a unique filter name.

The next section down is labeled "Rules" and is where you select the various criteria for the rules. The options list on the left is where you choose which part of the email message the rule on that line will apply to. Use the down-arrow button to open the options list. Most commonly used filter selections are: "From, Subject, To, Body and Any Header."

The options list on the right side of Rules section determines how that rule will be applied. The options in the flyout list are: "Equals, Matches Regex, Contains, Does Not Contain, Begins With, Ends With, Does Not Begin With, Does Not End With, Does Not Match."

The actual rule text goes into the input field under the flyout options. Type, or copy and paste my rules below, into the input field for each rule. Next, under Actions, choose Discard Message, then click on the button labeled: "Activate." You will be taken to a page reporting that rule "such and such" was successfully created, and which contains a button to take you back to the main Filters page. There, under "Filter Test," you can test your rules in the test message area. Just enter text, or headers to be tested into the appropriate section, adding to or replacing what is already there, then press the "Test Filter" button. The results page will tell you what, if any filter rule has been matched and that the results would be a delivery to "/dev/null" (the bit bucket).

If the results of a filter test are "Normal Delivery," for a filtered spam message, something is wrong with your input selections. Use the Edit button next to the filter that should have applied and check your options settings and look for typos in the actual rule text. Save changes by clicking the Activate button, then test again. You'll get it right eventually. Trust me, I know - I've gone through this already.

Every rule group has a plus and a minus button on the right side. These are used to add additional criteria to the rule set. Plus adds a new rule, while minus removes the last rule. Each rule can apply to a different part of the message and have a different matching criteria. Theoretically, one could apply all of my rules to one filter set, but that would make it very hard to debug if legitimate email gets sent to the bit bucket in the sky. Keep the rules separate and properly labeled to make it easy to edit or remove them, if it becomes necessary.

See my extended comments in the section below, for the actual rules.

Continue reading "Exim Spam Filters for Websites with CPanel" »

Posted by Wiz at 4:36 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This article is about current email spam categories and percentages, based on rule sets created for and reported by the anti spam tool - MailWasher Pro.

I use MailWasher Pro to screen all of my various incoming POP email accounts, and for which I write my own custom spam filter rules. I give each rule a unique name so I can track the different types of spam I am deleting and reporting. The program has an interesting incoming email statistics window, that includes a pie chart breakdown of the various types of spam that are recognized and dealt with by the software. I thought I would start sharing my spam pie chart results with you all. This is the first installment, which I will try to update during, or at the end of the week. I post a new report each week, running from Monday through Sunday.

My analysis of this week's spam shows that male enhancement pills and other pharmaceuticals were finally displaced from the top spot in my spam categories, with Nigerian 419 and lottery scams, counterfeit brands of watches, clothing and footware, fake diplomas and debt consolidation loans, leading the pack. Most of the spam emails have links to websites hosted in China or Korea. Most of the fake and counterfeit watches, clothing, drugs, enhancement pills and herbal solutions being spamvertised are produced in China. Foremost among these are fake pharmacy websites, like the so called "Canadian Pharmacy," which is not in Canada at all (it's in China and Indo-China), nor, despite the presence of fake accreditation logos, are they approved to sell pharmaceuticals in the US or Canada. Most of the fraudulent "Canadian Pharmacy" web pages are now hosted on compromised home or office PC's, that are unknowingly members of various spam Botnets.

< rant >
The only rational explanation for the continued existence of these fake pharmacies must be that there are enough gullible people in the World, who will purchase enough drugs from links in spam emails to make it financially worth while for spammers to pay to rent botnets to send this crap. Considering the fact that most of these pharmaceuticals are fake, or contaminated, one has to wonder how many people get sick, or die, because they foolishly bought spamvertised, counterfeit medicine from fraudulent, online pharmacies?
< /rant >

Due to my ongoing procedures I have merged some filters to simplify the reporting process, so the categories shown below may differ from the previous weeks' results. I have also created a special sender recognition filter, that when matched, assigns the status "BlackList" to those spam messages. This excludes lots of spam emails being categorized, since my blacklist rule is processed first. This saves processing power that is normally required by my custom filters. Furthermore, I have now applied some of my blacklist terms to the email server, on my website, automatically eliminating a huge portion of certain types of forged sender spam.

My current statistics show that spam is now 55% of all my incoming email, for the week of March 24 through 30, 2008. Without my custom MailWasher Pro filters identifying and automatically deleting most of this crap, email would be essentially useless for me (if I had to sort out the spam manually). Thanks to those custom filters, which I work hard to keep updated, I only have to manually delete a handful of spam messages on a daily basis (which I then classify into filters for you all). The machines sending this deluge of spam are all members of BotNets, with spam relays and remote command and control software surreptitiously installed, mostly by Trojans people are tricked into clicking on. I see many identical spam messages in my statistics (sorted by subject), but sent from different places in the World, all with forged sender names, confirming that this is a World-wide Spam-demic."

MailWasher Pro spam category breakdown for March 24 through 30, 2008.

Download MailWasher Pro Here

These spam categories and their relative percentages shift a bit each week, as the BotMasters send new spam scripts to the zombie computers under their control. I will try to keep the percentages updated and merge miscellaneous categories as I am able to identify what they were spamvertising. Also, for over two months now, I have been blacklisting particular forged senders that match a pattern. The blacklisted category is quickly rising above all independent spam classifications, proving that my pattern matching is working. Many of the blacklisted spam messages are for counterfeit Viagra, illegal HGH, dubious male enhancement drugs, or pirated software.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as a front-end screener to your POP email program (Outlook, Outlook Express, Microsoft Mail, Thunderbird, Eudora, etc).

Continue reading "My Spam analysis for March 24 - 30, 2008" »

Posted by Wiz at 3:39 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

Lately, I have been getting lots of Nigerian 419 Lottery scams, with the originating IP located in Spain, especially the ISPs - Ono.com and Telefonica.es. However, when I report these scams to SpamCop, a lot of the sending (not originating) IP addresses end up belonging to residential customers of broadband services in the US, Europe and South America. This tells me that the Nigerian crime gangs have buddied up with the owners of a botnet and are using it to relay some of their scam messages. Furthermore, some, but not all, of the scam emails also contain clickable links that lead to instant downloads of Trojan Horse downloaders, Keyloggers and Backdoors. This stinks of the Storm-Worm-Zhelatin Gang, located in St. Petersburg, Russia, although it could be a different botnet being rented out to Nigerians.

The main point of this article is not about botnets. Rather, it is to point out that many Nigerian 419 fraudsters are moving out of Africa, and Amsterdam (where they got arrested, convicted and deported), and settling in Spain. Not wanting to have their scam/spam messages traced directly to them, they have taken to the airwaves, literally. They are "piggybacking" on their neighbors' unsecured wireless routers, in apartment complexes or houses, using IP addresses assigned to other legitimate customers, to send scam runs. The victims are completely unaware that anything illegal is happening, until the Police come knocking on their door. Fortunately, the Nigerians who are piggybacking on the broadband accounts are in the same buildings. This has allowed the Spanish Police to locate and arrest some of them, as happened on February 18, 2008. Here is a quote from the Sophos article about those arrests:

Ten Nigerians arrested in Spain for email lottery scam
February 18, 2008

The ten people, all Nigerian nationals, are suspected of making more than 19,000 Euros ($28,000) in three months by demanding payments from innocent internet users who believed they had won a lottery.

Police report that the emails sent by the suspects were sent from the Teatinos area of Malaga in Spain, by piggybacking on a neighbour's wi-fi internet connection without permission. Seven arrests were made in Malaga, and three more in Huelva province.

Malaga is no stranger to Nigerian-run email scams. In 2005, 310 people were arrested in Malaga in what was said to be the biggest ever bust of a lottery scam gang. The arrests followed an investigation by the FBI and Spanish police into a scam run by Nigerian gangs.

If you run a forum or website that is plagued by Nigerian scammers you can block them from accessing it by employing a "blocklist." I publish and maintain a Nigerian Blocklist in two common formats:

1. .htaccess - for most Apache-based, shared hosting websites, where the webmaster only has control over his/her own website. The .htaccess rules will only block browsing you site and form submissions, but not email scams.


2. iptables - for those administrator-webmasters, who have Root access to dedicated, or VPS - Linux based servers. Iptables rules can be imported into your APF firewall, to block all access to undesirables, including email access.

End users, who receive email via a POP client (Outlook, Outlook Express, Microsoft Mail, Thunderbird, Eudora), and are tired of sorting through dozens or hundreds of daily email scams and other spam, can use the program I use to filter out spam and scams. That program is MailWasher Pro, which you can read about here.

In the meantime, do not fall for any lottery scams, or other free money pitches coming from Nigerian criminals. To see the details about what they have been up to recently, read my blog article about the sudden surge in Nigerian lottery scams.

Posted by Wiz at 1:14 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

For the last two days I have been getting lots of spam messages sent by Nigerian criminals, who are running a new 419 Advance Fee Fraud campaign. The current crop of 419 scams are mostly composed using all capital letters in the subject (but not always), and when you read the message body, it appears to come from a Barrister, or Solicitor, or a lottery, or a Will Executor. Huge rewards supposedly await the Mugu's (Fools) who respond and are willing to pay some processing fees to get this money transferred into their soon to be emptied bank accounts.

This request for fees to be paid in advance of the transfer of the imaginary funds is referred to as a 419 scam. That is the number of the statute in the Nigerian Criminal Code that covers financial advance fee fraud.

Here is a list of the subjects from the email scams I have received in the past 60 hours (Updated 3/28/08):

Download MailWasher Pro here

ASSISTANCE
ATM PAYMENT
Attention, Attention,, Attention
Attn:Beneficiary
CONTACT EFEX COURIER COMPANY ASAP
CONTACT FEDEX COURIER COMPANY FOR YOUR DELIVERY
CONTACT FEDEX COURIER COMPANY FOR YOUR PARCEL
CONTACT REV. DR. KENNETH OKOM DIRECTOR OF ATM CARD BANK
CONTACT YOUR ATM MASETR CARD
CONTACT YOUR ATM PAYMENT CENTER
Contact your claims agent
Dear Friend
From Barrister James.
FROM: PETER SUMEN. (NPA)
GOOD NEWS
IMPORTANT NOTICE
THIS IS FOR YOUR ATTENTION.
WILL EXECUTION
YOUR CONTRACT PAYMENT
Your Payment
GOOD NEWS CONTACT HALLMARK DELIVERY COMPANY FOR THE DELIVERY OF YOUR CONSIGNMENT ASAP.

Many of the message bodies begin with "Dear Friend,". Every one of these spam messages was an attempted 419 scam. If you get any email with these subjects you can probably be safe deleting it without reading the crap inside. If your email system allows for special filter rules, create one to delete or flag as spam all messages containing ALL CAPS. Spam Assassin already has this rule built into it. I personally use MailWasher Pro to screen all of my incoming POP email, before I download it to Outlook Express. MailWasher Pro uses a variety of methods to recognize spam and scams, including user created custom filters. I happen to write and maintain a group of filters for MailWasher Pro. They are available on my MailWasher Filters Page.

If you already have MailWasher and need a filter rule to detect messages containing all capital letters, here it is (the rule should be on one long continuous line):

[enabled],"Subject All Caps/Missing (S)","Subject All Caps/Missing (S)",33023,OR,Delete,Subject,doesn'tContainRE,(?-i)[a-z],Subject,doesn'tContainRE,.

Here is my MailWasher filter for known 419 scams (one long line):

[enabled],"Nigerian 419 Scams","419 Scam",16711680,OR,Blacklist,Delete,Body,containsRE,"^(?-i)Dear\ (Sir/Madam|Friend),(
)?$",Body,contains,"URGENT AND CONFIDENTIAL",Body,contains,"BANK OF NIGERIA",Subject,is,"URGENT AND CONFIDENTIAL",Body,containsRE,"unclaimed\ (benefits|funds)",Subject,contains,"CONFIDENTIAL MUTUAL BUSINESS PROPOSAL",Body,contains,"contacting you based on Trust",From,contains,"Department of National Lotteries",Subject,contains,"UNITEDN NATION",Subject,containsRE,"TREAT\ (AS|VERY)\ (CONFIDENTIAL|URGENT)"

Just copy and paste that rule into your MailWasher filters.txt file, which is found in (Windows XP) your logged in identity > Documents and Settings > Application Data > MailwasherPro folder. Make sure MailWasher is closed before you add this rule, save the file, then open MWP again. The rule should be visible when you click on View > Filter Sidebar (Ctrl+F7). You can download MailWasher Pro here.

Do not ever fall for the pitches from these Con men in Nigeria. They are very good at relieving North Americans and Brits of their excess money, using greed as the bait.

Continue reading "Sudden surge in Nigerian 419 Scam emails" »

Posted by Wiz at 9:42 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This article is about current email spam categories and percentages, based on rule sets created for and reported by the anti spam tool - MailWasher Pro.

I use MailWasher Pro to screen all of my various incoming POP email accounts, and for which I write my own custom spam filter rules. I give each rule a unique name so I can track the different types of spam I am deleting and reporting. The program has an interesting incoming email statistics window, that includes a pie chart breakdown of the various types of spam that are recognized and dealt with by the software. I thought I would start sharing my spam pie chart results with you all. This is the first installment, which I will try to update during, or at the end of the week. I post a new report each week, running from Monday through Sunday.

My analysis of this week's spam shows that male enhancement pills and other fake pharmaceuticals dominated all spam categories, but, with counterfeit brands of watches, clothing and footware, along with fake diplomas, making a big comeback. Most of the spam emails for pharmaceuticals have links to websites hosted in China or Korea. Much of the fake and counterfeit drugs, enhancement pills and herbal solutions being spamvertised are produced in China. Foremost among these are fake pharmacy websites, like the so called "Canadian Pharmacy," which is not in Canada at all (it's in China and Indo-China), nor, despite the presence of fake accreditation logos, are they approved to sell pharmaceuticals in the US or Canada. Most of the fraudulent "Canadian Pharmacy" web pages are now hosted on compromised home or office PC's, that are unknowingly members of various spam Botnets.

< rant >
The only rational explanation for the continued existence of these fake pharmacies must be that there are enough gullible people in the World, who will purchase enough drugs from links in spam emails to make it financially worth while for spammers to pay to rent botnets to send this crap. Considering the fact that most of these pharmaceuticals are fake, or contaminated, one has to wonder how many people get sick, or die, because they foolishly bought spamvertised, counterfeit medicine from fraudulent, online pharmacies?
< /rant >

Due to my ongoing procedures I have merged some filters to simplify the reporting process, so the categories shown below may differ from the previous weeks' results. I have also created a special sender recognition filter, that when matched, assigns the status "BlackList" to those spam messages. This excludes lots of spam emails being categorized, since my blacklist rule is processed first. This saves processing power that is normally required by my custom filters. Furthermore, I have now applied some of my blacklist terms to the email server, on my website, automatically eliminating a huge portion of certain types of forged sender spam.

My current statistics show that spam is now 50% of all my incoming email, for the week of March 17 through 23, 2008. This is 6% down from last week, much of which is attributable to me applying pattern matching spam filters to my mail server. However, 50% spam is still getting through and without my custom MailWasher Pro filters identifying and automatically deleting most of this crap, email would be essentially useless for me (if I had to sort out the spam manually). Thanks to those custom filters, which I work hard to keep updated, I only have to manually delete a handful of spam messages on a daily basis (which I then classify into filters for you all). The machines sending this deluge of spam are all members of BotNets, with spam relays and remote command and control software surreptitiously installed, mostly by Trojans people are tricked into clicking on. I see many identical spam messages in my statistics (sorted by subject), but sent from different places in the World, all with forged sender names, confirming that this is a World-wide Spam-demic."

MailWasher Pro spam category breakdown for March 17 through 23, 2008.

Download MailWasher Pro Here

These spam categories and their relative percentages shift a bit each week, as the BotMasters send new spam scripts to the zombie computers under their control. I will try to keep the percentages updated and merge miscellaneous categories as I am able to identify what they were spamvertising. Also, for over two months now, I have been blacklisting particular forged senders that match a pattern. The blacklisted category is quickly rising above all independent spam classifications, proving that my pattern matching is working. Many of the blacklisted spam messages are for counterfeit Viagra, illegal HGH, dubious male enhancement drugs, or pirated software.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as a front-end screener to your POP email program (Outlook, Outlook Express, Microsoft Mail, Thunderbird, Eudora, etc).

Continue reading "My Spam analysis for March 17 - 23 2008" »

Posted by Wiz at 12:45 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

If I got this, you will too. Be on the lookout for a spam email with the name of a major female recording artist in a subject and a message body claiming it has a link to a video or mp3 file. Clicking on said link will result in the download and possible execution of a file named mgp.exe, which has been identified by AVG as Backdoor IRCBOT.DNZ. Activating this threat will give control of your PC to hackers who will control it using IRC channels and commands. After that, there is no telling what other malware or spam-ware will be installed onto your computer.

The file I tested (mgp.exe) is 61.5 kb in size and was delivered from a compromised Italian website, AlterVista.org, whose IP address range is from 75.126.135.128 - 75.126.135.143, which is hosted on servers leased from Softlayer, Inc.

Those of you who use my exploited servers blocklist are already aware that Softlayer's IP range is in the list of servers being exploited for spam and hosting malware. The IP range is expressed as what is known as a CIDR and in the case of Softlayer the CIDR to block is 75.126.0.0/16 - which covers all IP addresses from 75.126.0.0 through 75.126.255.255. The CIDR assigned to the infected Italian website is 75.126.135.128/28. This message has already been reported to SpamCop, by numerous reporting recipients. They will notify the companies involved in hosting this malware threat, but, the timing of this spam threat is no coincidence. This threat was released on the Easter long holiday weekend, when support personnel may be out or short-handed until Tuesday, in the hopes of maximizing the usability of the ruse.

If you have control over incoming email on your web server, you may wish to apply a filter to block traffic from these CIDRs, unless you have business with websites hosted there. Otherwise, create a filter to block email where the Subject contains "Stunning video" and "Carmen Electra" - and the body contains "Only 1 day trial" and "download it now."

The full text of the spam threat I examined is as follows...

Subject: Stunning video without cowards Carmen Electra Message Body:

Milla Jovovich Interesting video with a naked celebrity.

The video is Kick-up!

Only 1 day trial - get this Full mp3 now!

{link removed} Download it now!

Read about what you should do if you have already clicked on such a link, in my extended comments...

Continue reading "New backdoor threat in spam email using recording artist names" »

Posted by Wiz at 11:35 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This article is about current email spam categories and percentages, based on rule sets created for and reported by the anti spam tool - MailWasher Pro.

I use MailWasher Pro to screen all of my various incoming POP email accounts, and for which I write my own custom spam filter rules. I give each rule a unique name so I can track the different types of spam I am deleting and reporting. The program has an interesting incoming email statistics window, that includes a pie chart breakdown of the various types of spam that are recognized and dealt with by the software. I thought I would start sharing my spam pie chart results with you all. This is the first installment, which I will try to update during, or at the end of the week. I post a new report each week, running from Monday through Sunday.

My analysis of this week's spam shows that fraudulent pharmaceuticals, mostly Viagra and male enhancement pills, dominated all spam categories, but, with counterfeit brands of watches, clothing and footware, along with fake diplomas, making a big comeback. Most of the spam emails for pharmaceuticals have links to websites hosted in China or Korea. Much of the fake and counterfeit drugs and herbal solutions being spamvertised are produced in China. Foremost among these are fake pharmacy websites, like the so called "Canadian Pharmacy," which is not in Canada at all (it's in China and Indo-China), nor, despite the presence of fake accreditation logos, are they approved to sell pharmaceuticals in the US or Canada. Most of the fraudulent "Canadian Pharmacy" web pages are now hosted on compromised home or office PC's, that are unknowingly members of various spam Botnets.

< rant >
The only rational explanation for the continued existence of these fake pharmacies must be that there are enough gullible people in the World, who will purchase enough drugs from links in spam emails to make it financially worth while for spammers to pay to rent botnets to send this crap. Considering the fact that most of these pharmaceuticals are fake, or contaminated, one has to wonder how many people get sick, or die, because they foolishly bought spamvertised, counterfeit medicine from fraudulent, online pharmacies?
< /rant >

Due to my ongoing procedures I have merged some filters to simplify the reporting process, so the categories shown below may differ from the previous weeks' results. I have also created a special sender recognition filter, that when matched, assigns the status "BlackList" to those spam messages. This excludes lots of spam emails being categorized, since my blacklist rule is processed first. This saves processing power that is normally required by my custom filters. Furthermore, I have now applied some of my blacklist terms to the email server, on my website, automatically eliminating a major portion of certain types of forged sender spam.

My current statistics show that spam is now 56% of all my incoming email, for the week of March 10 through 16, 2008. This is the same amount as last week. Without my custom MailWasher Pro filters identifying and automatically deleting most of this onslaught of spam, email would be essentially useless for me (if I had to sort out the spam manually). Thanks to those custom filters, which I work hard to keep updated, I only have to manually delete a handful of spam messages on a daily basis (which I then classify into filters). The machines sending this deluge of spam are all members of BotNets, with spam relays and remote command and control software surreptitiously installed, mostly by the Storm Worm or related Trojans. I see many identical spam messages in my statistics (sorted by subject), but sent from different places in the World, all with forged sender names, confirming that this is a World-wide Spam-demic."

MailWasher Pro spam category breakdown for March 10 through 16, 2008.

Download MailWasher Pro Here

These spam categories and their relative percentages shift a bit each week, as the BotMasters send new spam scripts to the zombie computers under their control. I will try to keep the percentages updated and merge miscellaneous categories as I am able to identify what they were spamvertising. Also, for over two months now, I have been blacklisting particular forged senders that match a pattern. The blacklisted category is quickly rising above all independent spam classifications, proving that my pattern matching is working. Many of the blacklisted spam messages are for counterfeit Viagra, illegal HGH, dubious male enhancement drugs, or pirated software.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as a front-end screener to your POP email program (Outlook, Outlook Express, Microsoft Mail, Thunderbird, Eudora, etc).

Continue reading "My Spam analysis for March 10 - 16, 2008" »

Posted by Wiz at 1:40 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This article is about current email spam categories and percentages, based on rule sets created for and reported by the anti spam tool - MailWasher Pro.

I use MailWasher Pro to screen all of my various incoming POP email accounts, and for which I write my own custom spam filter rules. I give each rule a unique name so I can track the different types of spam I am deleting and reporting. The program has an interesting incoming email statistics window, that includes a pie chart breakdown of the various types of spam that are recognized and dealt with by the software. I thought I would start sharing my spam pie chart results with you all. This is the first installment, which I will try to update during, or at the end of the week. I post a new report each week, running from Monday through Sunday.

My analysis of this week's spam shows that fraudulent pharmaceuticals, mostly Viagra and male enhancement pills, dominated all spam categories, but, with counterfeit brands of watches, clothing and footware making a big comeback. Most of the spam emails for pharmaceuticals have links to websites hosted in China or Korea. Much of the fake and counterfeit drugs and herbal solutions being spamvertised are produced in China. Foremost among these are fake pharmacy websites, like the so called "Canadian Pharmacy," which is not in Canada at all (it's in China and Indo-China), nor, despite the presence of fake accreditation logos, are they approved to sell pharmaceuticals in the US or Canada. Most of the fraudulent "Canadian Pharmacy" web pages are now hosted on compromised home or office PC's, that are unknowingly members of various spam Botnets.

< rant >
The only rational explanation for the continued existence of these fake pharmacies must be that there are enough gullible people in the World, who will purchase enough drugs from links in spam emails to make it financially worth while for spammers to pay to rent botnets to send this crap. Considering the fact that most of these pharmaceuticals are fake, or contaminated, one has to wonder how many people get sick, or die, because they foolishly bought spamvertised, counterfeit medicine from fraudulent, online pharmacies?
< /rant >

Due to my ongoing procedures I have merged some filters to simplify the reporting process, so the categories shown below may differ from the previous weeks' results. I have also created a special sender recognition filter, that when matched, assigns the status "BlackList" to those spam messages. This excludes lots of spam emails being categorized, since my blacklist rule is processed first. This saves processing power that is normally required by my custom filters. Furthermore, I have now applied some of my blacklist terms to the email server, on my website, automatically eliminating a major portion of certain types of forged sender spam.

My current statistics show that spam is now 56% of all my incoming email, for the week of March 3 through 9, 2008. This is up 3% from last week. Without my custom MailWasher Pro filters identifying and automatically deleting most of this onslaught of spam, email would be essentially useless for me (if I had to sort out the spam manually). Thanks to those custom filters, which I work hard to keep updated, I only have to manually delete a handful of spam messages on a daily basis (which I then classify into filters). The machines sending this deluge of spam are all members of BotNets, with spam relays and remote command and control software surreptitiously installed, mostly by the Storm Worm or related Trojans. I see many identical spam messages in my statistics (sorted by subject), but sent from different places in the World, all with forged sender names, confirming that this is a World-wide Spam-demic."

MailWasher Pro spam category breakdown for March 3 through 9, 2008.

Download MailWasher Pro Here

These spam categories and their relative percentages shift a bit each week, as the BotMasters send new spam scripts to the zombie computers under their control. I will try to keep the percentages updated and merge miscellaneous categories as I am able to identify what they were spamvertising. Also, for over two months now, I have been blacklisting particular forged senders that match a pattern. The blacklisted category is quickly rising above all independent spam classifications, proving that my pattern matching is working. Many of the blacklisted spam messages are for counterfeit Viagra, illegal HGH, dubious male enhancement drugs, or pirated software.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as a front-end screener to your POP email program (Outlook, Outlook Express, Microsoft Mail, Thunderbird, Eudora, etc).

Continue reading "My Spam analysis for March 3 - 9, 2008" »

Posted by Wiz at 2:07 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This article is about current email spam categories and percentages, based on rule sets created for and reported by the anti spam tool - MailWasher Pro.

I use MailWasher Pro to screen all of my various incoming POP email accounts, and for which I write my own custom spam filter rules. I give each rule a unique name so I can track the different types of spam I am deleting and reporting. The program has an interesting incoming email statistics window, that includes a pie chart breakdown of the various types of spam that are recognized and dealt with by the software. I thought I would start sharing my spam pie chart results with you all. This is the first installment, which I will try to update during, or at the end of the week. I post a new report each week, running from Monday through Sunday.

My analysis of this week's spam shows that fraudulent pharmaceuticals, mostly Viagra and male enhancement pills, dominated all spam categories. Most of the spam emails for pharmaceuticals have links to websites hosted in China, where fake and counterfeit drugs are produced. Foremost among these are fake pharmacy websites, like the so called "Canadian Pharmacy," which is not in Canada at all (it's in China and Indo-China), nor, despite the presence of fake accreditation logos, are they approved to sell pharmaceuticals in the US or Canada. Most of the fraudulent "Canadian Pharmacy" web pages are now hosted on compromised home or office PC's, that are unknowingly members of various spam Botnets. The only rational explanation for the continued existence of these fake pharmacies must be that there are enough gullible people in the World, who will purchase enough drugs from links in spam emails to make it financially worth while for spammers to pay to rent botnets to send this crap. Considering the fact that most of these pharmaceuticals are fake, or contaminated, one has to wonder how many people get sick, or die, because they foolishly bought spamvertised, counterfeit medicine from fraudulent, online pharmacies?

Due to my ongoing procedures I have merged some filters to simplify the reporting process, so the categories shown below may differ from the previous weeks' results. I have also created a special sender recognition filter, that when matched, assigns the status "BlackList" to those spam messages. This excludes lots of spam emails being categorized, since my blacklist rule is processed first. This saves processing power that is normally required by my custom filters.

My current statistics show that spam is now 53% of all my incoming email, for the week of February 25 through March 2, 2008. This is the same as last week. Without my custom MailWasher Pro filters identifying and automatically deleting most of this onslaught of spam, email would be essentially useless for me (if I had to sort out the spam manually). Thanks to those custom filters, which I work hard to keep updated, I only have to manually delete a handful of spam messages on a daily basis (which I then classify into filters). The machines sending this deluge of spam are all members of BotNets, with spam relays and remote command and control software surreptitiously installed, mostly by the Storm Worm or related Trojans. I see many identical spam messages in my statistics (sorted by subject), but sent from different places in the World, all with forged sender names, confirming that this is a World-wide Spam-demic."

MailWasher Pro spam category breakdown for February 25 through March 2, 2008.

These spam categories and their relative percentages shift a bit each week, as the BotMasters send new spam scripts to the zombie computers under their control. I will try to keep the percentages updated and merge miscellaneous categories as I am able to identify what they were spamvertising. Also, for over two months now, I have been blacklisting particular forged senders that match a pattern. The blacklisted category is quickly rising above all independent spam classifications, proving that my pattern matching is working. Many of the blacklisted spam messages are for counterfeit Viagra, illegal HGH, dubious male enhancement drugs, or pirated software.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as a front-end screener to your POP email program (Outlook, Outlook Express, Microsoft Mail, Thunderbird, Eudora, etc).

Continue reading "My Spam analysis for February 25 - March 2, 2008" »

Posted by Wiz at 1:44 AM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This article is about current email spam categories and percentages, based on rule sets created for and reported by the anti spam tool - MailWasher Pro.

I use MailWasher Pro to screen all of my various incoming POP email accounts, and for which I write my own custom spam filter rules. I give each rule a unique name so I can track the different types of spam I am deleting and reporting. The program has an interesting incoming email statistics window, that includes a pie chart breakdown of the various types of spam that are recognized and dealt with by the software. I thought I would start sharing my spam pie chart results with you all. This is the first installment, which I will try to update during, or at the end of the week. I post a new report each week, running from Monday through Sunday.

My analysis of this week's spam shows that fraudulent pharmaceuticals, mostly Viagra and male enhancement pills, dominated all spam categories. Most of the spam emails for pharmaceuticals have links to websites hosted in China, where fake and counterfeit drugs are produced. Foremost among these are fake pharmacy websites, like the so called "Canadian Pharmacy," which is not in Canada at all (it's in China and Indo-China), nor, despite the presence of fake accreditation logos, are they approved to sell pharmaceuticals in the US or Canada. Most of the fraudulent "Canadian Pharmacy" web pages are now hosted on compromised home or office PC's, that are unknowingly members of various spam Botnets. The only rational explanation for the continued existence of these fake pharmacies must be that there are enough gullible people in the World, who will purchase enough drugs from links in spam emails to make it financially worth while for spammers to pay to rent botnets to send this crap. Considering the fact that most of these pharmaceuticals are fake, or contaminated, one has to wonder how many people get sick, or die, because they foolishly bought spamvertised, counterfeit medicine from fraudulent, online pharmacies?

Due to my ongoing procedures I have merged some filters to simplify the reporting process, so the categories shown below may differ from the previous weeks' results. I have also created a special sender recognition filter, that when matched, assigns the status "BlackList" to those spam messages. This excludes lots of spam emails being categorized, since my blacklist rule is processed first. This saves processing power that is normally required by my custom filters.

My current statistics show that spam is now 53% of all my incoming email, for the week of February 18 through 24, 2008. This is down 2% from last week. Without my custom MailWasher Pro filters identifying and automatically deleting most of this onslaught of spam, email would be essentially useless for me (if I had to sort out the spam manually). Thanks to those custom filters, which I work hard to keep updated, I only have to manually delete a handful of spam messages on a daily basis (which I then classify into filters). The machines sending this deluge of spam are all members of BotNets, with spam relays and remote command and control software surreptitiously installed, mostly by the Storm Worm or related Trojans. I see many identical spam messages in my statistics (sorted by subject), but sent from different places in the World, all with forged sender names, confirming that this is a World-wide Spam-demic."

MailWasher Pro spam category breakdown for February 18 through 24, 2008.

These spam categories and their relative percentages shift a bit each week, as the BotMasters send new spam scripts to the zombie computers under their control. I will try to keep the percentages updated and merge miscellaneous categories as I am able to identify what they were spamvertising. Also, for over two months now, I have been blacklisting particular forged senders that match a pattern. The blacklisted category is quickly rising above all independent spam classifications, proving that my pattern matching is working. Many of the blacklisted spam messages are for counterfeit Viagra, illegal HGH, dubious male enhancement drugs, or pirated software.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as a front-end screener to your POP email program (Outlook, Outlook Express, Microsoft Mail, Thunderbird, Eudora, etc).

Continue reading "My Spam analysis for February 18 - 24, 2008" »

Posted by Wiz at 2:20 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This article is about current email spam categories and percentages, based on rule sets created for and reported by the anti spam tool - MailWasher Pro.

I use MailWasher Pro to screen all of my various incoming POP email accounts, and for which I write my own custom spam filter rules. I give each rule a unique name so I can track the different types of spam I am deleting and reporting. The program has an interesting incoming email statistics window, that includes a pie chart breakdown of the various types of spam that are recognized and dealt with by the software. I thought I would start sharing my spam pie chart results with you all. This is the first installment, which I will try to update during, or at the end of the week. I post a new report each week, running from Monday through Sunday.

My analysis of this week's spam shows that fraudulent pharmaceuticals, mostly Viagra and male enhancement pills, dominated all spam categories. Most of the spam emails for pharmaceuticals have links to websites hosted in China, where fake and counterfeit drugs are produced. Foremost among these are fake pharmacy websites, like the so called "Canadian Pharmacy," which is not in Canada at all (it's in China and Indo-China), nor, despite the presence of fake accreditation logos, are they approved to sell pharmaceuticals in the US or Canada. Most of the fraudulent "Canadian Pharmacy" web pages are now hosted on compromised home or office PC's, that are unknowingly members of various spam Botnets. The only rational explanation for the continued existence of these fake pharmacies must be that there are enough gullible people in the World, who will purchase enough drugs from links in spam emails to make it financially worth while for spammers to pay to rent botnets to send this crap. Considering the fact that most of these pharmaceuticals are fake, or contaminated, one has to wonder how many people get sick, or die, because they foolishly bought spamvertised, counterfeit medicine from fraudulent, online pharmacies?

Due to my ongoing procedures I have merged some filters to simplify the reporting process, so the categories shown below may differ from the previous weeks' results. I have also created a special sender recognition filter, that when matched, assigns the status "BlackList" to those spam messages. This excludes lots of spam emails being categorized, since my blacklist rule is processed first. This saves processing power that is normally required by my custom filters.

My current statistics show that spam is now 55% of all my incoming email, for the week of February 11 through 17, 2008. This is up 1% from last week. Without my custom MailWasher Pro filters identifying and automatically deleting most of this onslaught of spam, email would be essentially useless for me (if I had to sort out the spam manually). Thanks to those custom filters, which I work hard to keep updated, I only have to manually delete a handful of spam messages on a daily basis (which I then classify into filters). The machines sending this deluge of spam are all members of BotNets, with spam relays and remote command and control software surreptitiously installed, mostly by the Storm Worm or related Trojans. I see many identical spam messages in my statistics (sorted by subject), but sent from different places in the World, all with forged sender names, confirming that this is a World-wide Spam-demic."

MailWasher Pro spam category breakdown for February 1 through 17, 2008.

These spam categories and their relative percentages shift a bit each week, as the BotMasters send new spam scripts to the zombie computers under their control. I will try to keep the percentages updated and merge miscellaneous categories as I am able to identify what they were spamvertising. Also, for over two months now, I have been blacklisting particular forged senders that match a pattern. The blacklisted category is quickly rising above all independent spam classifications, proving that my pattern matching is working. Many of the blacklisted spam messages are for counterfeit Viagra, illegal HGH, dubious male enhancement drugs, or pirated software.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as a front-end screener to your POP email program (Outlook, Outlook Express, Microsoft Mail, Thunderbird, Eudora, etc).

Posted by Wiz at 3:30 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This article is about current email spam categories and percentages, based on rule sets created for and reported by the anti spam tool - MailWasher Pro.

I use MailWasher Pro to screen all of my various incoming POP email accounts, and for which I write my own custom spam filter rules. I give each rule a unique name so I can track the different types of spam I am deleting and reporting. The program has an interesting incoming email statistics window, that includes a pie chart breakdown of the various types of spam that are recognized and dealt with by the software. I thought I would start sharing my spam pie chart results with you all. This is the first installment, which I will try to update during, or at the end of the week. I post a new report each week, running from Monday through Sunday.

My analysis of this week's spam shows that various pharmaceuticals, including illicit prescription drugs, male and female enhancement pills and weight loss capsules lead the pack, again (no surprise here). All of them have links to websites hosted in China, where the counterfeit drugs are produced, or Korea. Foremost among these are fake pharmacy websites, like the so called "CanadianPharmacy," which is not in Canada at all (China and Indo-China), and their drugs are definitely not FDA approved. Most of the "CanadianPharmacy" web pages are now hosted on compromised home PC's that are unknowingly members of various spam Botnets. One has to wonder how many people are dying, or ending up in emergency rooms every day, because they foolishly bought spamvertised, counterfeit, or contaminated medicine?

The Storm Botnet is actively spamming emails proclaiming love messages, getting an early start on the upcoming Valentine's Day greetings season. They all contain a short "love" message and (numeric) links to Storm Trojan infected computers. People who are tricked into clicking on those links will in all likelihood have their PCs drafted into the Storm Botnet. If past history tells us anything it is that the links will not always be numeric, for Storm Trojan spam messages. Just beware of any short email from unknown (or even known) senders, containing a brief (usually one line) message, with just a link that is either numeric, or has a word related to "love" or "Valentine" in the link.

Due to my ongoing procedures I have merged some filters to simplify the reporting process, so the categories shown below may differ from the previous weeks' results. I have also created a special filter rule, that when matched, assigns the status "BlackList" to those spam messages. This excludes lots of spam emails being catagorized, since my blacklist rule is processed first. This saves processing power that is normally required by my custom filters.

My current statistics show that spam is now 54% of all my incoming email, for the week of February 4 through 10, 2008. This is down 2% from last week. Without my MailWasher Pro filters identifying and automatically deleting most of this onslaught of spam, email would be essentially useless for me (if I had to sort out the spam manually). Thanks to those custom filters, which I work hard to keep updated, I only have to manually delete a handful of spam messages on a daily basis (which I then classify into filters). The machines sending this deluge of spam are all members of BotNets, with spam relays and remote command and control software surreptitiously installed, mostly by the Storm Worm Trojan. I see many identical spam messages in my statistics (sorted by subject), but sent from different places in the World, all with forged sender names, confirming that this is a World-wide Spam-demic."

MailWasher Pro spam category breakdown for February 4 through 10, 2008.

These spam categories and their relative percentages will probably shift a bit each week, as the BotMasters send new spam scripts to the zombie computers under their control. I will try to keep the percentages updated and merge miscellaneous categories as I am able to identify what they were spamvertising. Also, for over a month now, I have been blacklisting particular forged senders that match a pattern. The blacklisted category is quickly rising above all independent spam classifications, proving that my pattern matching is working. Many of the blacklisted spam messages are for illicit Viagra, or male enhancement drugs.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as a front-end screener to your POP email program (Outlook, Outlook Express, Microsoft Mail, Thunderbird, Eudora, etc).

Regarding my custom MailWasher Pro spam filters; due to my continuing work of refining these filter rules, their accuracy has increased to the point that less than 2% of the spam detections flew under my radar and were classified as DNS Blacklists, for this reporting period (ditto for the learning filter). All other spam was classified and dealt with by my custom filters.

Posted by Wiz at 3:24 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

I analyze sources and destinations of various types of spam I capture in my honeypot accounts and I've begun seeing numeric IP links in spam for fake pharmacies. The numeric links point to Windows based PC's that are Zombie members of the Storm Trojan Botnet, because they did not have all available patches or good security programs installed and updated. These compromised computers are, unknown to their owners, hosting web pages containing advertisements for fake pharmacies and counterfeit drugs and male/female enhancement solutions.

As my regular readers already know, virtually all numeric links in spam messages are actually the IP addresses assigned to the modems of residential, or business customers, of DSL and Cable Internet companies. The people who think they own these computers are not aware that their computer is now owned by a criminal Botmaster, who has herded millions of insecure PC's into his network, called a Botnet. Most of the numeric links in spam messages are sent by computers in the "Storm" Botnet, the World's largest, at this time. Each one of these computers are acting like "sleeper agents," acting normally until their Botmaster sends them a remote command - to send spam, or launch a denial of service attack, or to receive a web page and file that they will host, to infect curious web surfers who are enticed there by cleverly worded spam messages.

We are 11 days away from this year's Valentine's Day celebration, and the Storm Botnet is already busy generating love messages to sucker as many people as possible, into infecting their own computers by following links in spam messages sent from other Storm Botnet zombie computers. Now, you also have them using pharmaceuticals and male enhancement as bait. The authors of these messages, while being 100% criminals, are nonetheless brilliant at social engineering. They jump on major news stories to rewrite scripts that their zombie computers will use to send spam runs, with current topics in the subject or body, all linking to infected computers that attempt to spread this Trojan to every sucker that is sent to them. Don't be one of those suckers!

I discuss how the Storm Trojan uses hidden rootkit technology to hide its presence from the computer owners, in my extended comments.

Continue reading "Storm Botnet Zombie computers now hosting spam web pages" »

Posted by Wiz at 4:05 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This article is about current email spam categories and percentages, based on rule sets created for and reported by the anti spam tool - MailWasher Pro.

I use MailWasher Pro to screen all of my various incoming POP email accounts, and for which I write my own custom spam filter rules. I give each rule a unique name so I can track the different types of spam I am deleting and reporting. The program has an interesting incoming email statistics window, that includes a pie chart breakdown of the various types of spam that are recognized and dealt with by the software. I thought I would start sharing my spam pie chart results with you all. This is the first installment, which I will try to update during, or at the end of the week. I post a new report each week, running from Monday through Sunday.

My analysis of this week's spam shows that various pharmaceuticals, including illicit prescription drugs, male and female enhancement pills and weight loss capsules lead the pack, again (no surprise here). All of them have links to websites hosted in China, where the counterfeit drugs are produced, or Korea. One has to wonder how many people are dying, or ending up in emergency rooms every day, because they foolishly bought spamvertised, counterfeit, or contaminated medicine?

The Storm Botnet is actively spamming emails proclaiming love messages, getting an early start on the upcoming Valentine's Day greetings season. They all contain a short "love" message and (numeric) links to Storm Trojan infected computers. People who are tricked into clicking on those links will in all likelihood have their PCs drafted into the Storm Botnet. If past history tells us anything it is that the links will not always be numeric, for Storm Trojan spam messages. Just beware of any short email from unknown (or even known) senders, containing a brief (usually one line) message, with just a link that is either numeric, or has a word related to "love" or "Valentine" in the link.

Due to my ongoing procedures I have merged some filters to simplify the reporting process, so the categories shown below may differ from the previous weeks' results. I have also created a special filter rule, that when matched, assigns the status "BlackList" to those spam messages. This excludes lots of spam emails being catagorized, since my blacklist rule is processed first. This saves processing power that is normally required by my custom filters.

My current statistics show that spam is now 56% of all my incoming email, for the week of January 28, through February 3, 2008. This is down 4% from last week. Without my MailWasher Pro filters identifying and automatically deleting most of this onslaught of spam, email would be essentially useless for me (if I had to sort out the spam manually). Thanks to those custom filters, which I work hard to keep updated, I only have to manually delete a handful of spam messages on a daily basis (which I then classify into filters). The machines sending this deluge of spam are all members of BotNets, with spam relays and remote command and control software surreptitiously installed, mostly by the Storm Worm Trojan. I see many identical spam messages in my statistics (sorted by subject), but sent from different places in the World, all with forged sender names, confirming that this is a World-wide Spam-demic."

MailWasher Pro spam category breakdown for January 28, through February 3, 2008.

These spam categories and their relative percentages will probably shift a bit each week, as the BotMasters send new spam scripts to the zombie computers under their control. I will try to keep the percentages updated and merge miscellaneous categories as I am able to identify what they were spamvertising. Also, beginning this week, I have begun blacklisting particular forged senders that match a pattern. The blacklisted category is quickly rising above all independent spam classifications, proving that my pattern matching is working.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as a front-end screener to your POP email program (Outlook, Outlook Express, Microsoft Mail, Thunderbird, Eudora, etc).

Regarding my custom MailWasher Pro spam filters; due to my continuing work of refining these filter rules, their accuracy has increased to the point that less than 3% of the spam detections flew under my radar and were classified as DNS Blacklists, for this reporting period (ditto for the learning filter). All other spam was classified and dealt with by my custom filters.

Posted by Wiz at 2:05 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This article is about current email spam categories and percentages, based on rule sets created for and reported by the anti spam tool - MailWasher Pro.

I use MailWasher Pro to screen all of my various incoming POP email accounts, and for which I write my own custom spam filter rules. I give each rule a unique name so I can track the different types of spam I am deleting and reporting. The program has an interesting incoming email statistics window, that includes a pie chart breakdown of the various types of spam that are recognized and dealt with by the software. I thought I would start sharing my spam pie chart results with you all. This is the first installment, which I will try to update during, or at the end of the week. I post a new report each week, running from Monday through Sunday.

My analysis of this week's spam shows that various pharmaceuticals, including illicit prescription drugs, male and female enhancement pills and weight loss capsules lead the pack, again (no surprise here). All of them have links to websites hosted in China, where the counterfeit drugs are produced, or Korea. One has to wonder how many people are dying, or ending up in emergency rooms every day, because they foolishly bought spamvertised, counterfeit, or contaminated medicine?

The Storm Botnet is actively spamming emails proclaiming love messages, getting an early start on the upcoming Valentine's Day greetings season. They all contain a short "love" message and (numeric) links to Storm Trojan infected computers. People who are tricked into clicking on those links will in all likelihood have their PCs drafted into the Storm Botnet. If past history tells us anything it is that the links will not always be numeric, for Storm Trojan spam messages. Just beware of any short email from unknown (or even known) senders, containing a brief (usually one line) message, with just a link that is either numeric, or has a word related to "love" or "Valentine" in the link.

Due to my ongoing procedures I have merged some filters to simplify the reporting process, so the categories shown below may differ from the previous weeks' results. I have also created a special filter rule, that when matched, assigns the status "BlackList" to those spam messages. This excludes lots of spam emails being catagorized, since my blacklist rule is processed first. This saves processing power that is normally required by my custom filters.

My current statistics show that spam is now 60% of all my incoming email, for the week of January 21, through 27, 2008. This is up 13% from last week. Without my MailWasher Pro filters identifying and automatically deleting most of this onslaught of spam, email would be essentially useless for me (if I had to sort out the spam manually). Thanks to those custom filters, which I work hard to keep updated, I only have to manually delete a handful of spam messages on a daily basis (which I then classify into filters). The machines sending this deluge of spam are all members of BotNets, with spam relays and remote command and control software surreptitiously installed, mostly by the Storm Worm Trojan. I see many identical spam messages in my statistics (sorted by subject), but sent from different places in the World, all with forged sender names, confirming that this is a World-wide Spam-demic."

MailWasher Pro spam category breakdown for January 21, through 27, 2008.

These spam categories and their relative percentages will probably shift a bit each week, as the BotMasters send new spam scripts to the zombie computers under their control. I will try to keep the percentages updated and merge miscellaneous categories as I am able to identify what they were spamvertising. Also, beginning this week, I have begun blacklisting particular forged senders that match a pattern. The blacklisted category is quickly rising above all independent spam classifications, proving that my pattern matching is working.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as a front-end screener to your POP email program (Outlook, Outlook Express, Microsoft Mail, Thunderbird, Eudora, etc).

Regarding my custom MailWasher Pro spam filters; due to my continuing work of refining these filter rules, their accuracy has increased to the point that less than 3% of the spam detections flew under my radar and were classified as DNS Blacklists, for this reporting period (ditto for the learning filter). All other spam was classified and dealt with by my custom filters.

Posted by Wiz at 3:02 PM | Permalink

Get Norton 360 Version 4.0 - All-In-One Security. If you have a non-current version of a Symantec security program and wish to renew your definition updates subscription, or upgrade to a new version at a discount, go to the Norton Product Upgrades & Renewals page.

This article is about current email spam categories and percentages, based on rule sets created for and reported by the anti spam tool - MailWasher Pro.

I use MailWasher Pro to screen all of my various incoming POP email accounts, and for which I write my own custom spam filter rules. I give each rule a unique name so I can track the different types of spam I am deleting and reporting. The program has an interesting incoming email statistics window, that includes a pie chart breakdown of the various types of spam that are recognized and dealt with by the software. I thought I would start sharing my spam pie chart results with you all. This is the first installment, which I will try to update during, or at the end of the week. I post a new report each week, running from Monday through Sunday.

My analysis of this week's spam shows that various pharmaceuticals, including illicit prescription drugs, male and female enhancement pills and weight loss capsules lead the pack, again (no surprise here). All of them have links to websites hosted in China, where the counterfeit drugs are produced, or Korea. One has to wonder how many people are dying, or ending up in emergency rooms every day, because they foolishly bought spamvertised, counterfeit, or contaminated medicine?

The Storm Botnet is actively spamming emails proclaiming love messages, getting an early start on the upcoming Valentine's Day greetings season. They all contain a short "love" message and (numeric) links to Storm Trojan infected computers. People who are tricked into clicking on those links will in all likelihood have their PCs drafted into the Storm Botnet. If past history tells us anything it is that the links will not always be numeric, for Storm Trojan spam messages. Just beware of any short email from unknown (or even known) senders, containing a brief (usually one line) message, with just a link that is either numeric, or has a word related to "love" or "Valentine" in the link.

Noticeably reduced, again, this week, were spam for diplomas (0), refinancing (0), lottery scams (0), phishing scams (0), and pump and dump stocks (0). Due to my ongoing procedures I have merged some filters to simplify the reporting process, so the categories shown below may differ from the previous weeks' results.

My current statistics show that spam is now 47% of all my incoming email, for the week of January 14, through 20, 2008. This is down 4% from last week. Without my MailWasher Pro filters identifying and automatically deleting most of this onslaught of spam, email would be essentially useless for me (if I had to sort out the spam manually). Thanks to those custom filters, which I work hard to keep updated, I only have to manually delete a handful of spam messages on a daily basis (which I then classify into filters). The machines sending this deluge of spam are all members of BotNets, with spam relays and remote command and control software surreptitiously installed, mostly by the Storm Worm Trojan. I see many identical spam messages in my statistics (sorted by subject), but sent from different places in the World, all with forged sender names, confirming that this is a World-wide Spam-demic."

MailWasher Pro spam category breakdown for January 14, through 20, 2008.

These spam categories and their relative percentages will probably shift a bit each week, as the BotMasters send new spam scripts to the zombie computers under their control. I will try to keep the percentages updated and merge miscellaneous categories as I am able to identify what they were spamvertising. Also, beginning this week, I have begun blacklisting particular forged senders that match a pattern. The blacklisted category is quickly rising above all independent spam classifications, proving that my pattern matching is working.

If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as a front-end screener to your POP email program (Outlook, Outlook Express, Microsoft Mail, Thunderbird, Eudora, etc).