My Spam analysis & filter updates for the week of Mar 14 - 20, 2011
After briefly rising last week, spam levels have fallen again, following this week's takedown of the Rustock spam botnet's command and control servers, by Microsoft, Pfizer, Fire-eye and the US Marshall's Service. My statistics reveal a 7% decrease from the previous week. Prior to the shutdown of those servers, Rustock was responsible for over 40% of the world-wide spam.
Immediately following Rustock's takedown, on March 16, there was a big drop in spam. However, other botnets quickly rented out their services to spammers, so the amount of spam rebounded over the last few days to regain several percentage points. You can look for those botnets to become the next targets of Microsoft, Pfizer and other anti-spam agencies.
Pfizer was involved because so much spam is for counterfeit Viagra, which is a trademarked and controlled drug manufactured and distributed by Pfizer and it's legitimate partners. They do not license Russian, Indian, or Chinese based Internet pharmacies to make or distribute Viagra, or to use the trademarked name of the company or the drug. Anybody offering to sell Viagra (real or counterfeit) to US residents, without a valid prescription issued by a real US based and licensed doctor, after an actual physical examination, is violating US Federal law. Anybody attempting to purchase Viagra, or other controlled prescription drugs, from an Internet pharmacy located outside the USA, or any Internet pharmacy that sells pharmaceuticals that are not manufactured or licensed for sale in the USA, is guilty of violating US laws regulating the purchase of controlled substances. Those purchases are subject to seizure by US Customs and smuggling charges can be filed by Federal authorities.
This past 7 days, spam for various types of garbage amounted to 28% of my incoming email. This is according to MailWasher Pro, which I use to screen incoming email before downloading it to my desktop email program (Windows Live Mail). I report any spam messages that make it through my auto-delete filters to SpamCop.
Here are some statistics regarding the spam received and categorized, from Mar 14 - 20, 2011. These classifications are based upon my own custom MailWasher spam filters. Most of this spam is automatically deleted by MailWasher Pro and my custom filters. The statistics are obtained from the program's logs.
Statistics Overview
Percentage classified as spam: 28%; down 7% from last week
Number of messages classified as spam: 124
Number classified by my custom spam filters: 120
Number and percentage of spam according to my custom blacklist: 1
Number classified as spam according to DNS Blocklists (SpamCop, Spamhaus, etc): 2
Number of spam messages seen, reported to SpamCop & manually deleted: 11
The order of spam categories, according to the highest percentages, is as follows:
Counterfeit Watches: 28.46%
Pharmaceuticals and illegal prescription drugs: 26.02%
Fake Viagra and Cialis: 15.45%
Other Filters (with small percentages): 7.32%
Male Enhancement scams: 4.88%
Known Spam Domains in links (usually Russian: .RU): 4.07%
Work At Home Scams: 3.25%
Subject contains e-mail address: 2.44%
Twitter Phishing Scam: 2.44%
419 scams:1.63%
DNS Blacklist Servers: 1.63%
Russian Sender: 1.63%
Blacklisted sender names and domains (my blacklist): 0.81%
This week I made 7 updates to my custom filters:
Consecutive digits or consonants,
Diploma Spam,
Russian Bride Scam,
Russian Sender,
Work At Home Scam.
New filters: Courier Scam #6 and Post Express Scam.
Disabled 28 out-dated filters.
There was one false positives last week. All filters behaved as intended. Note, that I now publish three types of spam filters for MailWasher Pro. One type is for the latest 2011 series, in xml format, and two are for the previous series 6.x. One of those filters is set for manual deletions and the other for automatic deletions. You can read all about MailWasher Pro and the filters I write for it, on my MailWasher Pro Custom Filters page.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.