My Spam analysis & filter updates for the week of Feb 7 - 13, 2011
Something is up with the spam botnets. For the 2nd week in a row my incoming volume of spam has decreased. However, the remaining active botnets are still spewing out email spam for fake Viagra, counterfeit watches, fake and illegal to import prescription drugs, pump and dump stocks, Nigerian lottery/419 scams and work at home kit scams.
This past 7 days, spam for various types of garbage amounted to 30% of my incoming email. This is according to MailWasher Pro, which I use to screen incoming email before downloading it to my desktop email program (Windows Live Mail). I often see the same spam message sent to several of my accounts at the same time. I report any spam messages that make it through my auto-delete filters to SpamCop.
Here are some statistics regarding the spam received and categorized, from Feb 7 - 13, 2011. These classifications are based upon my own custom MailWasher spam filters. Most of this spam is automatically deleted by MailWasher Pro and my custom filters. The statistics are obtained from the program's logs.
Percentage classified as spam: 30%; down 5% from last week Number of messages classified as spam: 138 Number classified by my custom spam filters: 129 Number and percentage of spam according to my custom blacklist: 3 Number classified as spam according to DNS Blocklists (SpamCop, Spamhaus, etc): 0 Number of spam messages seen, reported to SpamCop & manually deleted: 17The order of spam according to the highest percentages, is as follows:
Pharmaceuticals and fake prescription drugs: 30.30% Fake Viagra and Cialis: 25.00% Counterfeit Watches: 20.45% Known Spam Domains in links (usually Russian: .RU): 5.30% Work At Home Scam: 4.55% Nigerian 419 Scams: 3.04% Lottery Scams: 3.03% Other Filters (with small percentages): 3.03% Blacklisted sender names and domains (my blacklist): 2.27% Pump and Dump stock spam: 1.52% URL Shortener Links to spam: 1.52%
I made 10 additions/updates to my custom filters:
Canadian Pharmacy,
E-Card Scam,
Known Spam Subjects #2,
Nigerian 419 Scam #3 [S, F, R],
Pump & Dump Scam (2x),
Watches Spam,
Work At Home Scam (3x)
I made 0 changes to my custom Blacklist:
See my extended content for more details about protecting your computers from the threats posed by email spam.
As mentioned in the previous paragraphs, I use MailWasher Pro to delete spam before I download it to my email program (Windows Live Mail). This is my first line of defense against email-borne threats. If you are using a desktop email client (Windows Live mail, Outlook, Outlook Express, etc) and are not pre-screening incoming email for threats, you may be at risk from scripted attacks carried inside email messages, or from infected attachments, or from hostile links enclosed in them.
Note, that currently, all spam email is sent from infected PCs that are zombie members of various Botnets. Hopefully, your computers aren't part of any spam Botnets! If that is true, let's keep it that way, by using the best spam and malware detection and prevention software you can afford.
How to prevent your computer from becoming a member of a spam Botnet
First of all, if you use a desktop (POP3) email client (program), rather than your browser, to send and receive email, try using MailWasher Pro to screen your incoming email for spam, before you download it to your desktop email client. Set MailWasher to check for mail every 15 or 20 minutes, but disable automatic checking in your email client. Once MailWasher has inspected your incoming messages and you have deleted spam and malware infected threats, then manually sync or receive the desirable email to your email program. My custom MailWasher filters will make it easier to identify and delete spam and known threat email.
One of the great features of MailWasher Pro is that it does not render HTML layouts or images in email, nor does it react to scripting tricks. All email is displayed as plain, safe text. You can instantly view the source code with the click of a mouse. This reveals and hidden HTML word placement tricks, shows the real destination of cloaked links, and alerts you to script threats that could be triggered if you opened those messages in your POP3 desktop email client. You can also see if there is a possibly hostile attachment in an email message. Attachments are used to spread Trojans that draft PCs into spam Botnets, or to install keyloggers that steal your login credentials to banks and other important web sites.
Next, you need to protect your PC from constantly evolving viruses, spyware, keyloggers and Bot malware. I recommend Trend Micro Internet Security (TMIS), with its "cloud-based" definitions that are updated constantly, as malware is altered by criminal software writers, hackers and Bot herders. You can read about TMIS and download it from my webpage about Trend Micro security products. You can even try it for free for a month! A nice feature of TMIS, is that one annual license allows you to install it on 3 PCs.
Trend Micro security programs all feature what they call the Smart Protection Network. It is part of the "cloud" based protection I mentioned. As hostile web pages are discovered their locations are added to the definitions in the cloud. Any computers that use TMIS, with valid subscriptions, are blocked from accessing those pages, until their webmasters remove the infections (if ever).
If you use your Internet browser to handle email, any embedded threats will be downloaded into the browser's cache, or temporary files. These threats may be able to launch from those hidden caches and infect your computer. MailWasher Pro doesn't protect browser based email, but Trend Micro Internet Security does. With its advanced Bot detection and prevention mechanisms, it could become your computer's best friend.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.