Wiz's email spam & threat analysis for the week ending March 4, 2012
This past week saw some changes in position in the main categories of spam and threats contained in some of them. There were far less malware messages than usual. Diplomas, drugs and casinos filled the top categories, with the percentages listed further down this article.
First off I will detail the malware threats I captured this week. There was 1 scam spoofing a QuickBooks update and Intuit. This contained a hostile link to a malware exploit kit. I saw one each of fake Facebook Friend Request and a fake map to a meeting scam, with a link leading to the same Blackhole Exploit kit as the Facebook scam. One email scam claimed my credit card was blocked and invited me to open the report in the .htm attachment. Another claimed I had a DHL package that couldn't be delivered because the address was wrong. Like the fake credit card message, it contained a malicious JavaScript redirect and iframe load in the attached .htm file.
The danger lies in opening those .htm attachments, which some of the messages tell you is an Internet Explorer file. When you open those files the JavaScript codes inside them are executed immediately and you are attacked silently. If your computer has an unpatched vulnerable version of Java, or Adobe reader or Flash installed, your PC will become botted and a copy of the Zeus banking Trojan will be installed.
Last, there were 2 scams spoofing BBB complaints against me. Sadly, for anybody fooled into clicking on the links, to read the "COMPLAINT REPORT" - they got JavaScript redirected twice, ending up at, you guessed it: the Russian Blackhole Exploit Kit.
Here then are the details about this past week's spam percentages, listed by category.
These spam statistics are derived from MailWasher Pro, which is a POP3 email filtering program that runs on a Windows desktop. It intercepts all incoming email and analyzes it, based upon several factors, the most prominent of which are my own custom spam filters.
Overview
Total incoming email: 440 (just 4 less than last week)
Good mail: 340 (332 last week)
Classified as spam: 100 (112 last week)
Percentage rated spam: ~22.7%
Breakdown by category of spam
Diploma scams: 17% (5.3% last week)
Fake pharmacies: 17% (20.5% last week)
Watches: 13% (8.9% last week)
Casino:11% (18.7% last week)
Cialis (fake): 9%
Work at home scams: 5%
Nigerian 419 scams: 4%
Weight Loss HCG scams: 4% (2.7% last week)
Russian pharmacies: 3%
Viagra (fake) spam: 3%
Russian domain links: 2%
BBB fraud link: 2%
Other fraud exploit links: 4%
Other miscellaneous types of spam = 1% each: 6% (11.75% last week)
I made the following additions or updates to my custom MailWasher spam filters
Diploma Spam [Body (plain text and RegExp)],
Fake Query String in Link,
Known Spam Subjects #4,
Work At Home Scam #1, #2 and (new filter) #3,
Watches (Replicas),
New Filter: Credit Card Locked Scam
The following (single or wildcard) email addresses were added to my MailWasher Blacklist:
None added
About MailWasher Pro
I publish filters for both the old and new versions of MailWasher Pro. However, the new version allows for more lines of conditions than the previous ones. If you use a desktop application to send and receive POP3 email, MailWasher can act as a spam filter before you download email to your email client. You can learn more about the program, download a trial version, or purchase a subscription, at the MailWasher Pro website.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.