My Spam analysis for Oct 6 - 12, 2008
If you are reading this you have a computer. If you have a computer you also probably have at least one email address. Unless you live on another planet, or your email provider only allows whitelisted email through, you, like me, get a lot of junk mail, a.k.a. "spam" messages.While spam is an annoyance to most people, it is combat for me. I publish custom spam filters to block spam email for people who use the MailWasher Pro anti-spam email client.
This is the latest entry in a weekly series about classifications of spam, according to my custom filter rules used by the anti-spam tool, MailWasher Pro.
MailWasher Pro is a spam screening POP3 email program that goes between your email servers and your desktop email client (application). With this program you can actually read all of your incoming email in plain text, and click on links, if you are so inclined. MailWasher Pro uses a variety of techniques to recognize and designate what is and isn't spam, including a learning filter and user created custom filter rules. I personally write and use MailWasher Pro custom filters to detect and delete most incoming spam email. I have created and published a large assortment of spam filters which "plug-in" to MailWasher Pro, to flag or delete known spam. You can read about them, or download and use them in your own registered copy of MailWasher Pro.
MailWasher Pro has a "Statistics" display page that breaks down the types of spam it has deleted, listed by categories. Each program and user-created filter has a name and when a measurable percentage of spam is matched by a particular filter it shows up in the Statistics, with its percentage shown next to it. The percentages for various categories of spam listed below are taken from my MailWasher Pro "Statistics" page.
The category "Other Filters" combines several of my custom filters which did not receive enough spam to rate a measurable percentage, thus were all grouped into the one category called "Other Filters." Since I have a lot of custom filters and spam types do vary every week, the Other Filters category is always quite large, percentage-wise.
When it comes to major spam runs, sent entirely through zombie computers which are unwittingly members of Botnets, certain types of spam rise to the top of the threat list, every week or two. The most common type of spam this week (again) is pharmaceuticals, including male enhancement pills, Viagra, Cialis and other sex oriented drugs. At this time almost all spam email for any kind of pharmaceuticals is pointing to the fake "Canadian Pharmacy" website, hosted unknowingly on hijacked (Botnetted) personal computers, or on bulletproof Chinese hosting servers owned by criminals in Russia. The male enhancement spams are mostly leading to Botnetted computers hosting a web page touting VPXL, or other herbal enlargement formulas, all of which are scams.
For those who don't know, "Canadian Pharmacy" is a fake pharmacy, with fake accreditation banners, that is either hosted on compromised home or office computers (in Bot-nets), or on "bullet-proof" web hosting servers in Panama (200.63.40/21), China (CNCGROUP - 218.60.0.0/15), Korea, Vietnam, Romania, Russia, or The Ukraine. The Canadian Pharmacy spam gang sells counterfeit drugs that could harm or even kill you, but certainly won't help you in the manner advertised. This fake pharmacy is used by cyber criminals to raise money for themselves and to fund illegal activities that they engage in. Once they get your credit or debit card number they may max out your spending limit, or empty out bank account, or sell your credit card details to other criminals. Please do not be deceived into thinking that these are legitimate online pharmacies. Despite any banners, labels, or claims to the contrary, they are NOT approved to sell their (counterfeit) pills in most countries outside of China. Don't become a victim of the fake Canadian Pharmacy scam.
MailWasher Pro spam category breakdown for Sept 29 - October 5, 2008. Spam amounted to 54% of my incoming email this week.
Fake "Canadian Pharmacy" spam (Viagra, Cialis, etc): | 6.82% |
---|---|
Misc. Pharmaceutical spam (inc. Viagra, Cialis, Levitra & misc. pills & herbals): | 23.11% |
Known Spam (From: or Body): | 14.39% |
Other filters: (See my MWP Filters page) | 12.50% |
Male enhancement spam (subject or body): | 10.61% |
Known Spam Subjects (by my filters): | 7.58% |
Counterfeit Watches: | 7.58% |
Known Spam Domains: (mostly pharmaceutical spam) | 4.55% |
Loans/Bankruptcy/Refinance/Insurance Scams: | 4.17% |
Pirated Software: | 2.65% |
Blacklisted Domains/Senders: (by pattern matching wildcard rules) | 1.89% |
Blocked Countries, RIPE, LACNIC, APNIC: | 1.89% |
DNS Blacklists: | 1.14% |
Bayesian learning filter: | 1.14% |
If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).
All of the spam and scams targeting my accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted. I never buy anything that is Spamvertised and recommend you don't either! Remember, almost all spam is now sent from compromised home or business PCs, zombies in various Botnets, all of which are controlled by criminals. If you purchase anything advertised in spam messages, you have given your credit or debit card information to the criminals behind that enterprise. If you are really lucky you will only be charged for the fake items you purchased, but, if not, you might find your credit limit used up, or your bank account emptied (for debit card transactions), by cyber criminals.
Also, unsubscribing through links in botnet-sent spam messages is futile, as you never opted-in, in the first place; your email address was captured by an email harvester on an infected computer belonging to somebody you corresponded with. Instead of receiving less spam as one might expect (by unsubscribing), all it does is confirm that your email address is active and you will see even more spam than before.
Another common way your email address may get harvested by spammers is if it appears in a large C.C. (Carbon Copy) list on a computer that gets Botnetted. Many people engage in forwarding messages among all their friends. Each time they forward chain letters their address gets added to the growing list of recipients (called Carbon Copy, or CC). If just one recipient of that message has an email harvesting malware infection, all of the email addresses listed in that message will be sent home to the spammer behind that spam run.
Smart folks who want to forward or send a message to multiple recipients use B.C.C. instead of C.C. Using B.C.C. hides all of the recipients from displaying. The To field will just show "Undisclosed Recipients" in a message sent using B.C.C. This is safest for you and your friends or mailing list. All email clients have a means of displaying a B.C.C. field.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.