Spam and email threat analysis for the week ending Dec 18, 2011
This past week, I saw another consecutive 2% increase in my percentage of spam, vs legitimate email, bringing my spam percentage up to 26%. This week last year, my spam percentage was 47%. This year I am seeing just over half as much spam as in 2010.
As for email-borne malware threats, I received 11 messages leading to malware servers and none that carried malware in attached files. Of these malware threats, 7 spoofed NACHA and ACH pending bank transaction notices, 1 spoofed the BBB, 3 had fake query strings appended to files ending with a .htm extension. All of the above led to Russian crimeware exploit kits which use Java exploits to install either the Zeus or SpyEye banking Trojans, plus make those PC's members of spam botnets.
The balance of the incoming spam email was divided among the usual spam categories of pharmaceuticals, casinos, fake diplomas, replica watches, weight loss, and ridiculous Russian Bride dating scams, most of which had male names for the senders, but Russian female names in the message body (like "Olga from Russia, Moscow"). The grammar is absolutely horrible in those scams.
Top Spam Categories for the week ending on December 18, 2011:
These statistics were obtained from MailWasher Pro, an anti spam program that goes between email servers and your desktop email client.
The biggest biggest category was my custom Blacklist, which automatically deleted 12 spam and scam email messages. The processing of the Blacklist precedes any custom filters, making it more efficient on the CPU than the filters. The Blacklist is loaded with the program. Any messages not containing a Blacklisted sender or domain are passed on to my custom spam filters.
Tied with the Blacklist was the Male Enhancement category, with 12 spam messages for useless enlargement products..
The lesser categories of spam are as follows:
Cialis accounted for 10 messages.
Pharmaceutical spam had 9 messages, all for fake Internet pharmacies.
Casino spam occupied 7 "slots" ;-)
My Russian Brides filter blocked 5 spams.
Replica Watches filter stopped 5 spams.
Weight loss HCG drops dropped 4 spam emails.
MailWasher's built-in learning filter correctly marked 4 emails as spam.
The remaining spam messages were for fake diplomas, URL shorteners, Russian and Ukrainian spam domains and some miscellaneous spam categories.
The following updates were made to my spam filters this week.
Base 64 Encoded Body,
Casino Spam.
New Filter: BBB Fraud.
New Filter: Fake Query String In Link (plus updated twice)
I made 0 additions to my custom blacklist (individual email addresses and wildcard Regular Expressions):
I publish filters for both the old and new versions of MailWasher Pro. However, the new version allows for more lines of conditions than the previous ones. If you use a desktop application to send and receive POP3 email, MailWasher can act as a spam filter before you download email to your email client. You can learn more about the program, download a trial version, or purchase a subscription, at the MailWasher Pro website.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.