Wiz's spam analysis for the week ending Feb 19, 2012
For the third week in a row my percentage of spam has remained around the 25% mark. This is 9% less than the same period last year. The categories ranking highest have shifted again, as new spammers try their hand at the sucker trade.
This week, the highest percentage of spam went to fake pharmacies, most notably, the resurrected so-called Canadian Pharmacy. This affiliate program died in 2010, but new Russian based pharma-scam affiliate programs have spouted up to take its place.
The second most spammed category was fake casinos, then malware attachment or link fraud, closely followed by replica watches. The malware fraud covered four types of scams: the BBB, NACHA (ACH fraud), the FDIC and malware JavaScript redirects to exploit kits in attached .htm files from spoofed Xerox Work Center scans.
The goal of these fraud email messages is to draft victim computers into a spam botnet, as well as to install bank account stealing Trojans. Other forms of document theft are being carried out by one Trojan type in the wild. Office documents are being stolen and uploaded to cloud servers, then gleaned for useful information or company secrets.
The following is my analysis of spam for the week of February 13 - 19, 2012.
These spam statistics are derived from MailWasher Pro, which is a POP3 email filtering program that runs on a Windows desktop. It intercepts all incoming email and analyzes it, based upon several factors, the most prominent of which are my own custom spam filters.
Overview
Total incoming email: 395
Good mail: 295
Classified as spam: 100
Percentage rated spam: ~25%
Breakdown by category of spam
Fake (Canadian) pharmacies: 20%
Casino: 18% (14.5% last week)
ACH, BBB, or FDIC malware links: 15% (2.7% last week)
Watches: 12% (23% last week)
.com.ua or .ru spam domains: 8% (4.5% last week)
Cialis: 6% (2.7% last week)
Male Enhancement: 4% (19% last week)
Weight Loss: 2% (7.2% last week)
Known spam domains: 2% (3.6% last week)
Known spam [From]: 2% (2.7% last week)
Fake Xerox Work Center Scans: 2%
URL Shortener spam links: 2%
Other miscellaneous types of spam ~ 1% each: 7% (12.23% last week)
I made the following additions or updates to my custom MailWasher spam filters
Casino Spam #2 (just Casino Spam for new version)
.RU .SU or .UA Spam Domain Link,
Known Spam Domains.
New Filter: Email Addresses 4 Sale
New filter: FDIC Fraud,
New Filter: NACHA Fraud
The following (single or wildcard) email addresses were added to my MailWasher Blacklist:
No additions this week
About MailWasher Pro
I publish filters for both the old and new versions of MailWasher Pro. However, the new version allows for more lines of conditions than the previous ones. If you use a desktop application to send and receive POP3 email, MailWasher can act as a spam filter before you download email to your email client. You can learn more about the program, download a trial version, or purchase a subscription, at the MailWasher Pro website.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.