My Spam analysis for the week of Jan 11 - 17, 2010
This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics.
MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.
Spam levels have increased a whopping 25% this week from last week's level. Fluctuations in spam levels sometimes are seasonal, or may be due to problems or successes Bot-masters have with maintaining the command and control (C&C) servers used to reactivate sleeping zombie computers in their spam Botnets. Or, these changes in spam levels may be caused when large numbers of zombie computers are disinfected, or taken offline by the ISPs who provide Internet connectivity to them. In case you didn't already know this, almost all spam is now sent from "zombie" computers in spam Botnets, unbeknown to the owners of those infected PCs.
The classifications of spam in my analysis can help you adjust your email filters according to what is most common, on a weekly basis. This past week again saw a large variety of categories of spam, including Russian dating spam, fake diplomas and counterfeit brand name watches, counterfeit Viagra and the fake Canadian Pharmacy. My updated blacklisted senders list proved extremely effective again this week, auto-deleting ~27% of all incoming spam.
Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses. This practice is known as a "Joe Job."
You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).
See my extended comments for this week's breakdown of spam by category, for Jan 11 - 17, 2010, and the latest additions to my custom MailWasher Pro filters.
MailWasher Pro spam category breakdown for Jan 11 - 17, 2010. Spam amounted to 57% of my incoming email this week. This represents a +25% change from last week.
Blacklisted Senders (mostly dating scams this week): | 27.18% |
---|---|
Other Filters (misc filters): | 15.05% |
Canadian Pharmacy Scams: | 13.35% |
Viagra: | 12.86% |
Counterfeit Watches: | 10.68% |
HTML Tricks: | 4.61% |
Pirated Software (like "Eurosoft"): | 3.16% |
Diploma Scams: | 3.16% |
Male Enhancement Scams: | 3.16% |
Casinos: | 2.18% |
Nigerian 419 Scams: | 2.18% |
Blocked Countries: | 2.18% |
DNS Blacklisted Servers: | 0.24% |
The latest weekly updates to my custom MailWasher Pro filters were to the Known Spam [From], Pharmaceuticals [B], Pharmaceuticals [S], Nigerian 419 Scams, Known Spam Domains, Western Union Scam, Lottery Scam, Dating Spam, UPS Phishing Scam #2, Diploma Spam and pirated Software filters. Everything else is working as it should. If you're not already using MailWasher Pro to filter out spam you should consider doing so! Read the next three paragraphs for more details about it.
I made the following additions to the MailWasher Pro Blacklist:
+@+.jp
+@+.kr
+@+.ru
martynov@+
These expressions instantly delete any messages with a "From" email address ending with one of those domains, or the prefix "martynov." Coupled with last week's addition of +@+.cn and +@+.hinet, these additions resulted in over 27% of spam being captured by the MWP Blacklist. Since the Blacklist is processed before the custom filters, the processing time and cpu load is greatly reduced.
MailWasher Pro intercepts POP3 and IMAP email before you download it to your desktop email client (e.g: Microsoft Outlook, Outlook Express, Windows Live Mail) and scans it for threats or spam content, then either manually or automatically deletes any messages matching your pre-determined criteria and custom filters. It is my primary line of defense against incoming spam, scams, phishing and exploit attacks. If you are not already using this fine anti-spam tool I invite to to read about it on my MailWasher Pro web page. You can download the latest version and try it for free for a month. Registration is only required once, for the life of the program.
All of the spam and scams targeting my accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted. MailWasher Pro is able to forward messages marked as spam to SpamCop, which then sends a confirmation email to you, containing a link. You must click on the enclosed reporting link and open it in your browser, then manually submit your report. This is how SpamCop wants it done.
If you use a POP email client on your desktop to send and receive your email, rather than your browser, you too will benefit from the added protection that MailWasher Pro provides. I can't even begin to tell you how many dangerous attachments, exploit encoded messages, 419 fraud, as well as courier, bank, eBay and PayPal phishing scams, plus hundreds of hostile link emails it has deleted, after identifying them with my rules and its own heuristic and known spam detections.
Finally, many security threats will come to you via spam email; some in hostile attachments, some as "phishing" scams, some as financial fraud or money laundering scams, and many more in links to web pages rigged to serve up exploit codes or Trojan downloads.You need really good up-to-date protection to fight off the multitude of attack codes flying like machine gun bullets these days. To protect your computer from web pages rigged with exploit codes, malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security (or Internet Security Pro for travelers). It has strong realtime monitoring modules that stop rootkits and spam Trojans from installing themselves into your operating system. Also known as PC-cillin, it is very frequently updated as new and altered malware definitions become available and it checks for web based threats and new malware definitions by searching secure online servers owned by Trend Micro. This is referred to as "in-the-cloud" security. Best of all, you can try it fully functional for a month, then decide to pay to keep it or uninstall it.
See you all next week, same time, same station! Keep the sunny side up and don't take no wooden nickles!
Wiz - out
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.