My Spam analysis for Jan 12 - 18, 2009
This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.
Wow! Spam is down for another week, thanks to the efforts of some of our colleagues in the security field. Starting with the takedown of the colocation facility McColo, on November 11, 2008, levels of incoming messages MailWasher identified as spam have dropped dramatically. That company provided hosting space and maintenance for privately owned servers that were used by spammers to command and control spam-sending Botnets. Those spammers are rebuilding or replacing their Botnets as I type this, so let's not become complacent. In fact, I suspect that a huge new Botnet is currently being assembled, via the Conficker/Downadup Worm. More about this emerging threat will be in a forthcoming article.
Once again, with the main command and control servers being partially or fully offline, I urge all Windows computer owners and sys admins to install security applications that are capable of detecting SpamBot activity. Please do yourself a favor and protect your PCs against Bots with Trend Micro's free program called RUBotted.
Some of the top rated Internet security products now contain Bot detections and prevention components. These in include Symantec and Trend Micro Internet Security Suites. I wrote a blog article about detecting and removing Bots in December, 2008. You can also visit Microsoft's download center and grab a current copy of the Malicious Software Removal Tool and let it scan your computer for malware and Bots. It will remove any threats listed in the tool's database, which now include the widespread Conflicker/Downadup Worm. Microsoft has been at war with Botnets since September 2007 (when they took down much of the Storm Botnet) and has made a huge dent in their numbers. This tool is totally free and is updated once a month. It is regularly released on Patch Tuesdays.
Note, that I have re-enabled my pattern matching blacklist filters to automatically delete spam messages containing a forged From address matching either of these Regular Expressions: lin+met@+.de and kef+diz@+, in MailWasher Pro. These two blacklist rules caught 26% of this week's spam!
MailWasher Pro spam category breakdown for Jan 12 - 18, 2009. Spam amounted to 24% of my incoming email this week.
Blacklisted Domains/Senders: (by pattern matching wildcard rules like: lin+met@+.de) | 26.67% |
---|---|
Counterfeit Watches: | 20.00% |
Misc. Pharmaceutical spam (inc. Viagra, Cialis, Levitra & misc. pills & herbals): | 13.34% |
Casino Spam: | 13.33% |
Fake Diplomas: | 6.67% |
Pirated Software: | 6.67% |
Hidden ISO Subject: | 6.67% |
Viagra spam: | 6.67% |
If you are reading this and wondering what you can do to reduce the huge volumes of spam emails that must be overwhelming your POP client inboxes, I recommend MailWasher Pro (with my downloadable custom filters) as an incoming email screener for your POP email program (Microsoft Outlook, Microsoft Outlook Express, Microsoft Live Mail, Eudora, Mozilla and other stand-alone email programs).
All of the spam and scams targeting my accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted. I never buy anything that is Spamvertised and recommend you don't either! Remember, almost all spam is now sent from compromised home or business PCs, zombies in various Botnets, all of which are controlled by criminals. If you purchase anything advertised in spam messages, you have given your credit or debit card information to the criminals behind that enterprise. If you are really lucky you will only be charged for the fake items you purchased, but, if not, you might find your credit limit used up, or your bank account emptied (for debit card transactions), by cyber criminals.
Also, unsubscribing through links in botnet-sent spam messages is futile, as you never opted-in, in the first place; your email address was captured by an email harvester on an infected computer belonging to somebody you corresponded with. Instead of receiving less spam as one might expect (by unsubscribing), all it does is confirm that your email address is active and you will see even more spam than before.
Another common way your email address may get harvested by spammers is if it appears in a large C.C. (Carbon Copy) list on a computer that gets Botnetted. Many people engage in forwarding messages among all their friends. Each time they forward chain letters their address gets added to the growing list of recipients (called Carbon Copy, or CC). If just one recipient of that message has an email harvesting malware infection, all of the email addresses listed in that message will be sent home to the spammer behind that spam run.
Smart folks who want to forward or send a message to multiple recipients use B.C.C. instead of C.C. Using B.C.C. hides all of the recipients from displaying. The To field will just show "Undisclosed Recipients" in a message sent using B.C.C. This is safest for you and your friends or mailing list. All email clients have a means of displaying a B.C.C. field.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.