My Spam analysis & filter updates for the week of Oct 11 - 17, 2010
This is the latest entry in my weekly series about classifications of spam, according to my custom filter rules used by MailWasher Pro. The categories are shown on the "Statistics" page > "Junk Mail," as a pie chart, based on my custom filters and blacklist. The amount of email flagged as spam is shown on the "Summary" page of Statistics. These reports can help you adjust the order of your own spam filters.
MailWasher Pro is a POP3 and IMAP email spam screener that checks email before it is downloaded to your desktop email client. It can be set to delete recognized spam either manually or automatically when a user-defined filter, or the built-in learning filter, or a blacklist entry, or known spam source is matched, or an attached virus is detected.
My incoming spam levels have increased 2% this week, to 63% of all my incoming email. Most of the spam was typical junkmail for counterfeit Cialis and Viagra and other illicit prescription drugs, male enhancement scams, counterfeit Chinese watches, fake diplomas, "pics" dating scams from Russia and a slew fake Electronic Tax Payment phishing scams.
October 1st saw the shutdown of the criminal Spamit affiliate payment network through which the spammers promoting the fake "Canadian Pharmacy" websites received commissions. They simply moved over the already operating medical and dating spam affiliate network: Bunker.biz. That operation is run out of The Ukraine and Russia, with fake pharmacy websites hosted on compromised PCs belonging to various spam Botnets. The replacements for the now dead "Canadian Pharmacy" network are Canadian Neighbor Pharmacy and Canadian Health and Care Mall. No matter what name they go by, or certificates and licenses they display, they are all fake, as are the drugs they sell. They are as Canadian as the Pope! The sole reason for their existence is to scam gullible Americans into using their credit and debit cards to buy fake pharmaceuticals.
The classifications of spam in my analysis (below) can help you adjust your email filters according to what is most common, on a weekly basis. If you are using my custom MailWasher Pro filters, keep the filters for the highest percentage categories of spam near the top of the filters list, to minimize the impact on your CPU when analyzing incoming messages for spam content.
Since virtually all spam is now sent from and hosted on hijacked PCs that are zombie members of various spam Botnets and all email sender addresses are forged, there is no point in complaining to the listed From or Reply To address. These accounts are inserted by the same script that composes the spam on the compromised PCs. These are innocent spam victims themselves, whose harvested names are reused in forged From addresses.
Sometimes, your own email address is forged as the sender, as well as being the recipient. The practice of forging the recipient's own email address in the From field is known as a "Joe Job." Fortunately, MailWasher Pro has a custom filter option that overrides the "Friends" list (a Whitelist of approved senders), allowing user created spam filters to read the content and flag or auto delete spam that's using one's own accounts as the forged sender.
You can take preventative measures to secure your computers from becoming members of Botnets, by installing Trend Micro Internet Security and MalwareBytes Anti-Malware (see pages for details).
See my extended comments for this week's breakdown of spam by category, for Oct 11 - 17, 2010, and the latest additions to my custom MailWasher Pro filters and Blacklist.
MailWasher Pro spam category breakdown for Oct 11 - 17, 2010. Spam amounted to 63% of my incoming email this week. This represents +2% change from last week.
Here are some facts from my MailWasher Statistics for the past week. Of the 558 incoming email messages that were classified as spam, 479 were classified by my custom filters, 16 were deleted by my custom Blacklist and another 12 were classified by the learning and Bayesian filters. I actually saw 47 spam messages (but classified by filters set to manual deletion, for safety), all of which I reported through my SpamCop reporting account. The rest were automatically deleted by my other custom filters and Blacklist. See the updates to my filters below the spam categories list.
Fake Cialis & Viagra (counterfeit & dangerous): | 51.14% |
---|---|
Male Enhancement Scams (fake & dangerous): | 11.42% |
Known Spam Domain Links (mostly .RU - Russian): | 7.99% |
Pharmaceutical Spam (dangerous & illegal): | 7.99% |
Phishing Scams (fake EFTPS notices): | 5.25% |
Other Filters (misc filters with small percentages): | 3.88% |
Blacklisted Senders (dating scams & Viagra, etc): | 3.65% |
Counterfeit Watches: | 3.42% |
Diploma scams: | 2.05% |
Pills: | 1.60% |
Pics dating scams: | 0.91% |
Numeric IP link: | 0.68% |
HTML Tricks, Viagra Spam [From], New filter: Courier Scam #5 (UPS w/malware attachment)
Blacklist updates this week: customers*@eftps.gov (EFTPS Phishing Scam)
Note, that the Blacklist works in both the old and new versions of MailWasher Pro. You can import the Blacklist from version 6.x when you move up to MailWasher Pro 2010 and newer. You can find my most effective published Blacklist on my MailWasher Pro Custom Filters page.
About MailWasher Pro
MailWasher Pro intercepts POP3 and IMAP email before you download it to your desktop email client (e.g: Microsoft Outlook, Outlook Express, Windows Live Mail) and scans it for threats or spam content, then either manually or automatically deletes any messages matching your pre-determined criteria and custom filters. It is my primary line of defense against incoming spam, scams, phishing and exploit attacks. If you are not already using this fine anti-spam tool I invite to to read about it on my MailWasher Pro web page. You can download the latest version and try it for free for a month. Registration costs just $29.95, with an annual renewal fee of only $9.95, to cover the costs of development and the FirstAlert community spam database.
All of the spam and scams targeting my numerous accounts were either automatically deleted by my custom MailWasher Pro spam filters, or if they made it through, was reported to SpamCop, of which I am a reporting member, and manually deleted.
If you use a POP email client on your desktop to send and receive your email, rather than your browser, you too will benefit from the added protection that MailWasher Pro provides. I can't even begin to tell you how many dangerous attachments, exploit encoded messages, 419 fraud, as well as courier, bank, eBay and PayPal phishing scams, plus hundreds of hostile link emails it has deleted, after identifying them with my rules and its own heuristic and known spam detections.
I am available for hire to write custom MailWasher Pro filters for you or your company. They require that you have a copy of MailWasher on each computer to be customized.
Finally, many security threats will come to you via spam email; some in hostile attachments, some as "phishing" scams, some as financial fraud or money laundering scams, and many more in links to web pages rigged to serve up exploit codes or Trojan downloads.You need really good up-to-date protection to fight off the multitude of attack codes flying like machine gun bullets these days. To protect your computer from web pages rigged with exploit codes, malware in email attachments, dangerous links to hostile web pages, JavaScript redirects, Phishing scams, or router DNS attack codes, I recommend Trend Micro Internet Security (or Internet Security Pro for travelers). It has strong realtime monitoring modules that stop rootkits and spam Trojans from installing themselves into your operating system. Also known as PC-cillin, it is very frequently updated as new and altered malware definitions become available and it checks for web based threats and new malware definitions by searching secure online servers owned by Trend Micro. This is referred to as "in-the-cloud" security. Best of all, you can try it fully functional for a month, then decide to pay to keep it or uninstall it.
See you all next week, same time, same station! Keep the sunny side up and don't take no wooden nickles!
Wiz - out
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.