My Spam analysis & filter updates for the week of Jan 24 - 30, 2011
For the third week in a row, the volume has increased again. Botnets are again spewing out email spam for fake Cialis and Viagra, counterfeit watches, bogus male enlargement herbs and pills, illegal to import prescription drugs, pirated software, Russian brides and Work at home (Money Mule - criminal money laundering) scams.
This past 7 days, spam for various types of garbage amounted to 49% of my incoming email. This is according to MailWasher Pro, which I use to screen incoming email before downloading it to my desktop email program (Windows Live Mail). I often see the same spam message sent to several of my accounts at the same time. I report any spam messages that make it through my auto-delete filters to SpamCop.
Here are some statistics regarding the spam received and categorized, from Jan 24-30, 2011. These classifications are based upon my own custom MailWasher spam filters. Most of this spam is automatically deleted by MailWasher Pro and my custom filters. The statistics are obtained from the program's logs.
Percentage classified as spam: 49%; up 3% from last week Number of messages classified as spam: 328 Number classified by my custom spam filters: 279 Number and percentage of spam according to my custom blacklist: 39 Number classified as spam according to DNS Blocklists (SpamCop, Spamhaus, etc): 3 Number of spam messages seen, reported to SpamCop & manually deleted: 20The order of spam according to the highest percentages, is as follows:
Pharmaceuticals and fake prescription drugs: 21.50% Fake Viagra and Cialis: 17.13% Counterfeit Watches: 16.82% Known Spam Domains in links (usually Russian: .RU): 15.58% Blacklisted sender names and domains (my blacklist): 12.15% Male Enhancement scam: 4.67% Russian Bride scam: 4.36% Re: (digits): 1.87% Other Filters (with small percentages): 1.87% Software Spam: 1.25% Work At Home Scam: 1.25% DNS Blacklisted Senders: 0.93% Lottery Scam: 0.62%
I made 9 additions/updates to my custom filters:
Dating Spam,
Russian Bride Scam,
Diploma Spam,
Facebook Scam,
Known Spam Domains,
Pump and Dump Scam,
Work At Home Scam (3x),
Viagra [B].
New filter: Russian Bride Scam.
I made 1 changes to my custom Blacklist:
[email protected]
As mentioned in the previous paragraphs, I use MailWasher Pro to delete spam before I download it to my email program (Windows Live Mail). This is my first line of defense against email-borne threats. If you are using a desktop email client (Windows Live mail, Outlook, Outlook Express, etc) and are not pre-screening incoming email for threats, you may be at risk from scripted attacks carried inside email messages, or from infected attachments, or from hostile links enclosed in them.
Where does email spam come from?
In the last decade of the 20th Century, most spam was sent from email providers that were paid to send out spam runs. Some was even sent through the personal email accounts of spammers, until they had their accounts terminated for violating the terms of service. As complaints mounted against unsolicited commercial email blasts, International laws, like the American "Can-Spam Act" were enacted to address the issue. As a result, the legitimate bulk email companies began dropping obvious spam accounts and refusing to take on new ones.
When email spammers were unable to rent the use of legitimate, or even quasi-legitimate bulk mail services, they turned to Chinese based email hosts that were billed as "bullet-proof" email services. They were called bullet-proof because they totally ignored complaints from angry spam recipients and spam reporting companies, like SpamCop. Furthermore, they were affiliated with similarly unconcerned upstream IP service providers who also turned a blind eye to complaints.
With so much spam being sent from China and its neighboring countries, email server administrators began blocking all Chinese and other Asian IP addresses. I myself began compiling a series of IP blocklists, one of which is known as the Chinese Blocklist. The Chinese Blocklist (and all others I publish) is available in two formats: .htaccess (for use on personal websites on shared hosting account servers) and iptables (for installation into Linux firewalls in the operating system of the server). Mail server admins often download my regularly updated iptables blocklists and use them to block undesirable traffic from particular regions of the World.
About 5 years ago the email spam sender-scape changed again, in large part due to the blocking of Chinese IP addresses at incoming email servers. This time, it shifted to the use of compromised personal and business computers that had become infected with malware known as "Botnet" executables. The Bot infections were spread by; what else: spam. People were tricked into downloading and installing Bot Trojans, turning their own PCs into zombies in spam armies. Now, in January 2011, all spam email is sent from infected PCs that are members of various Botnets.
How to prevent your computer from becoming a member of a spam Botnet
First of all, if you use a desktop (POP3) email client (program), rather than your browser, to send and receive email, try using MailWasher Pro to screen your incoming email for spam, before you download it to your desktop email client. Set MailWasher to check for mail every 15 or 20 minutes, but disable automatic checking in your email client. Once MailWasher has inspected your incoming messages and you have deleted spam and malware infected threats, then manually sync or receive the desirable email to your email program. My custom MailWasher filters will make it easier to identify and delete spam and known threat email.
Next, you need to protect your PC from constantly evolving viruses, spyware, keyloggers and Bot malware. I recommend Trend Micro Internet Security (TMIS), with its "cloud-based" definitions that are updated constantly, as malware is altered by criminal software writers, hackers and Bot herders. You can read about TMIS and download it from my webpage about Trend Micro security products. You can even try it for free for a month! A nice feature of TMIS, is that one annual license allows you to install it on 3 PCs.
Trend Micro security programs all feature what they call the Smart Protection Network. It is part of the "cloud" based protection I mentioned. As hostile web pages are discovered their locations are added to the definitions in the cloud. Any computers that use TMIS, with valid subscriptions, are blocked from accessing those pages, until their webmasters remove the infections (if ever).
If you use your Internet browser to handle email, any embedded threats will be downloaded into the browser's cache, or temporary files. These threats may be able to launch from those hidden caches and infect your computer. MailWasher Pro doesn't protect browser based email, but Trend Micro Internet Security does. With its advanced Bot detection and prevention mechanisms, it could become your computer's best friend.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.