My Spam analysis for Aug 24 - 30, 2009
This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.
Spam levels have increased significantly after being unusually low for two weeks in a row.This probably means that the Bot Masters running spam Botnets have regained access to their command and control servers, which have reactivated sleeping zombie computers. Those zombie PCs are now sending out large volumes of spam, as commanded by their Bot Masters.
Almost all spam is now sent from zombie computers in spam Botnets, under the control of Bot Masters who rent the use of their networks to spammers. Major changes in the overall volume of spam indicate problems or successes of the Bot Masters with command and control over their robotic armies of spamming PCs. Sometimes their command and control servers are shut down by the efforts of security organizations, forcing them to look for other spam-friendly hosting companies. Other times, Microsoft's monthly Windows Updates, featuring an updated MSRT, or other security products, will clean Bot infections from millions of zombie computers. When this happens the overall volume of spam drops, as it has this week.
However, Bot Herders don't give up easily. If they lose one Command and Control server they will hunt for another one, often in China or Eastern Europe. Once they get those hostile servers back online, with other spam friendly hosts, the zombies are awakened and we see lots more spam. If the Botnet loses zombies after a major cleanup, they will acquire more through compromised or hostile websites exploiting vulnerabilities in browsers and their plug-ins and add-ons.
The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. Most of the spam this week, especially the "Known Spam Domains" category, was for male enhancement scams and fake Viagra. There was also a bunch of Nigerian lottery scams and counterfeit watches.
In case anybody doesn't already know, virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets. All email sender addresses are forged, so there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."
See my extended comments for this week's breakdown of spam by category, for Aug 24 - 30, 2009 and the latest additions to my custom MailWasher Pro filters.
MailWasher Pro spam category breakdown for Aug 24 - 30, 2009. Spam amounted to 15% of my incoming email this week. This represents a +10% change from last week.
"Other Filters" category: | 20.59% |
---|---|
Canadian Pharmacy Scams: | 11.56% |
Blacklisted Senders: | 8.82% |
Diploma Scams: | 8.82% |
Male Enhancement Scams: | 8.82% |
Google Reader Spam Links: | 8.82% |
Known Spam Domains (a great filter!): | 5.88% |
Pharmaceutical spam: | 5,88% |
Quit Smoking spam: | 5,88% |
"Approve Order" spam: | 5,88% |
Viagra spam: | 2.94% |
Blocked Country filter: | 2.94% |
The latest weekly updates to my custom MailWasher Pro filters were to the Known X-Mailer, Herbal, Male Enhancement [B], Phishing and Canadian Pharmacy filters. I also added a new "Google Reader Spam Link" filter and two Blacklist wildcard entries: tequil*a+@+.com and [email protected]. Everything else is working as it should. Without MailWasher Pro filtering out all the junk mail I would waste a lot more time deleting it my email program's inbox. If you're not already using MailWasher Pro to filter out spam, read on...
MailWasher Pro intercepts POP3 and IMAP email before you download it to your desktop email client (e.g: Microsoft Outlook, Outlook Express, Windows Live Mail) and scans it for threats or spam content, then either manually or automatically deletes any messages matching your pre-determined criteria and custom filters. It is my primary line of defense against incoming spam, scams, phishing and exploit attacks. If you are not already using this fine anti-spam tool I invite to to read about it on my MailWasher Pro web page. You can download the latest version and try it for free for a month. Registration is only required once, for the life of the program.
To protect your computer from web pages rigged with exploit codes, malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security. It has strong realtime monitoring modules that stop rootkits and spam Trojans from installing themselves into your operating system. Also known as PC-cillin, it is very frequently updated as new and altered malware definitions become available and it checks for web based threats and new malware definitions by searching secure online servers owned by Trend Micro. This is referred to as "in-the-cloud" security.
All of the spam and scams targeting my accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted. MailWasher Pro is able to forward messages marked as spam to SpamCop, which then sends a confirmation email to you, containing a link. You must click on the enclosed reporting link and open it in your browser, then manually submit your report. This is how SpamCop wants it done.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.