Malicious Spam Spikes To 'Epic' Level

Trailrunner7 writes "There has been a huge spike in spam volume in the last few days, including a massive amount of malicious spam with infected attachments, and researchers say that levels of junk mail are now far higher than they were before the takedown of the notorious Spamit affiliate program last fall. The huge spike comes at a time when spam should, in fact, be dropping because of the takedown of the Rustock botnet, the Spamit network and other botnets. 'From the beginning of August, we have observed a huge surge of malicious spam which far exceeds anything we have seen over the past two years, including prior to the SpamIt takedown last October. The majority of the malicious spam comes from the Cutwail botnet, although Festi and Asprox are among the other contributors,' M86 researcher Rodel Mendrez said."

If you tear it down

[Osgeld]

they just build it back up again, you can do this for the rest of history and still be in the same place, much like the war on drugs

Re:If you tear it down

[blair1q]

So fight fire with fire.

Send out anti-spam spams with botnet-killer attachments.

They'll hit the same lusers with relatively high certainty.

Re:If you tear it down

[Nethemas+the+Great]

Send out anti-spam spams with botnet-killer attachments.

Except that that is illegal. It also wouldn't solve the problem, just postpone it.

Re:If you tear it down

Oh, and they think they can stop online piracy too.

Re:If you tear it down

Why do we have to worry about fighting Spammers in a legal way? They are attacking us (we who are going about our business) like 9/11. Our freedom is at stake and we are worrying about the legalities of fighting spammers?

Re:If you tear it down

[couchslug]

And like the War on Some Drugs, both sides are making a massive profit while furthering their personal agendas.

Re:If you tear it down

Don't make me post the form letter again!

Re:If you tear it down

[ccguy]

Well, I don't want to go to jail you know.

Re:If you tear it down

Illegal in which countries?

Re:If you tear it down

[munky99999]

LEGALIZE SPAM!!!

not according to my graphs

[fifedrum]

my graphs show a steady decline in spam capture rates since October, 2010. we're measuring an average daily rate about 1/2 of this time last year. (millions of mail boxes, dozens of MX servers, decent antispam filtering) We're blocking around %91.2 of mail at the perimeter as opposed to %98.8 last year.

Re:not according to my graphs

Amazing how much of email traffic is spam, mind boggling.

Re:not according to my graphs

That's kind of the point. Spam which is getting through is the metric to look at.

I blame Facebook because of its wanton proliferation of social info coupled with new powerful social data mining tools.

Re:not according to my graphs

[SwedishChef]

What is even more amazing is that with all the blocking and getting information out to users apparently spam is still profitable enough to keep on doing it. I have *never* responded to email spam but enough people must. Truly amazing.

Re:not according to my graphs

[Hatta]

The fact that you are blocking less spam is not necessarily evidence that there is less spam.

Re:not according to my graphs

[cratermoon]

Spam isn't so much about getting the recipient to buy things any more, it's about getting the recipient to give up a credit card number, bank account password, or something similar that can then be used to either directly rip off the individual or in an attack to compromise a higher value target.

The spammers don't need to convince users to buy pills or whatever, they just need them to be gullible enough to give up enough information to get ripped off.

Re:not according to my graphs

[damn_registrars]

And how is that going for you long-term? How much time and money do you have invested in this strategy? How often do you have to adjust it?

You may be happy with the end result, but you should also be aware on some level that what you are doing is not sustainable in the long-term. If people continue to insist on filtering only, they will never win the war on spam.

Re:not according to my graphs

[fifedrum]

you are correct, the missing data point is the volume of email considered "not spam".  This line in the graph stayed the same over the range, or within a minor fraction of a percent of the same. it's the spam counts that have dropped since 10/2010. The customer base also represents a large number of domain names, hundreds of thousands of domain names. One of our largest customers has been offering email since 1995, with many accounts in their domain being around for over a decade. I think it's a pretty solid sample of email accounts.

Re:not according to my graphs

[kwark]

Well I'm running systems a lot smaller but still for a fairly decent amount of corpotate customers. Though overall spam has been down since sep-oct last year (to about 1/4 of that time). Last couple of weeks there have been huge spikes in attempted deliveries, but 90% is stopped by using simple mail sanity checks (like a wellformed HELO) and DNS blacklists. The other 10% is stopped by greylisting.

Re:not according to my graphs

[Albanach]

Or your filters could be less effective?.

This stuff with infected attachments tends to get caught. Of course the consequences of any getting through are higher than for run of the mill spam.

Still, I've seen a lot of spam recently containing random links to hijacked websites and sent from valid MTAs. That stuff can be hard to filter out without collateral damage.

Re:not according to my graphs

Am I the only person who reads this in a robot voice?

Re:not according to my graphs

[fifedrum]

long term, we've been allowing into the environment roughly the same volume of email per customer for 10 years. Some spam gets through, most does not, and there are few false positives. those that are labeled false positives are most often bulk mail that people mark as junk. So IMO, it's junk mail.

We use rules at the protocol level, DNS responses, RBLs (combined into one large RBL with miltiple return values), external reputation lists, internal dynamic reputation lists, rate limitations, and multiple feedback systems to provide this level of protection, that's before content filtering and personal white/black lists.

Just today, on the protocol layer, we're blocking 60% at banner (RBLs, bad DNS) , %14 of the remainder at HELO, %3.5 of the remainder Mail From (fake domain names) and finally a good chunk of what's left is blocked because it's destined to bad email addresses (which feeds back into the reputation lists).

Customer feedback helps stop those who are newly spewing spam, and since the feedback systems are widely distributed over many different email service providers, a massive spike at one translates into a blocked email at the others (whether by IP or content).

Better still, we do the same thing on the outbound side of things. If a customer catches a virus, they're cut off from email pretty fast and the feedback system is a very very tight loop internally.

But you are right, it's an ever escalating war, and if we could skip a few steps and jail (permanently, with broken hands) the spammers and bot coders, we wouldn't have to spend the money on the filtering and RBLs and feedback loops and hardware. We adjust the rules slowly over time, the feedback systems are maintained by the "trusted" customer, we're spending hundreds of thousands of dollars a year to protect against junk mail. I'm not certain of the math here, but an educated guess, this translates to around %5 of the cost to serve a user's mailbox. That's just operations staff time, and datacenter space for the extra hardware, the hardware itself, the subscription fees to the antispam service, wasted bandwidth etc.

Re:not according to my graphs

[Dogtanian]

Out of curiosity, what's your reason for posting in the fixed-space "tt" typeface like that? Is there a good excuse or is it just an attention-grabbing tactic?

Re:not according to my graphs

[fifedrum]

sorry, just hit reply, and that's the font that came up after preview/submit. I'm not normally a LOOK AT ME!!! type of guy. Well, I am. Just in this case it was inadvertent.

Re:not according to my graphs

[ccguy]

Amazing how much of email traffic is spam, mind boggling.

Indeed. I just can't get my boss to stop.

Re:not according to my graphs

[Dogtanian]

Out of curiosity, what's your reason for posting in the fixed-space "tt" typeface like that? Is there a good excuse or is it just an attention-grabbing tactic?

sorry, just hit reply, and that's the font that came up after preview/submit. I'm not normally a LOOK AT ME!!! type of guy. Well, I am. Just in this case it was inadvertent.

So you're claiming there's a bug in Slashdot that causes all your posts to appear in that typeface? Strange, because I've never heard anyone here actually complaining about that, despite you being far from the only person that does it. :-/

Re:not according to my graphs

[ginbot462]

No.

Re:not according to my graphs

[_0xd0ad]

https://slashdot.org/prefs/d2_posting

Change "default posting style" to "plain old text".

Re:not according to my graphs

[OverZealous.com]

I'm not saying what you are saying is false, but if I did the math right, you are saying that you are only seeing about 13.5% as much email (total) as last year?

I got this by assuming that non-spam mail was constant, and calculating the difference between a body of mail that was 98.8% spam and 91.2% spam.

For example, using a fixed value of 1 email for non-spam, you should be getting 83.33 spam messages at 98.8%, and only 11.36 spam messages at 91.2%. (83.33/(1+83) = .988)

To me, a reduction down to 13.6% (11.36/83.33) of your previous amount of spam in one year seems more amazing than anything else.

Re:not according to my graphs

[arth1]

Or your filters could be less effective?.

After being tired of all the malicious spam that spamassassin with razor, pyzor and dkim let through, I added a simple rule:

if $h_content-type contains "5601-1987"
or $h_content-type contains "windows-1251"
then
  logwrite "$tod_log $message_id FOREIGN-SPAM sender=$sender_address \
    subject=$h_subject: recipients_count=$recipients_count \
    recipients=$recipients"
  fail text "Nobody speaks your language here"
endif

That simple rule cut down the spam getting through spamassassin here by at least 80%.

The first test blocks Korean, the second Cyrillic (and a LOT of spam from Ukraina).

Re:not according to my graphs

[seifried]

There may be more blocking/filtering prior to actual attempted email delivery, i.e. blacklists of IPs, grey listing, DNS/IP based reputation, etc.

Re:not according to my graphs

[Delgul]

Strange... I run a anti-spam business and we only see spam rising on our end. Perhaps you are missing something? Like you are blocking IP ranges (which you shouldn't) and therefore not counting those attempts as spam if at all? This mistake is made by many spam 'experts' in the field at the moment. Our servers accept every message, from every source, because we can learn from large volumes and I can say for sure: The volume only dropped for a few weeks after the takedowns. After that we were back up where we were before....

Re:not according to my graphs

[Rik+Rohl]

Hawking, actually. :-)

Re:not according to my graphs

[aekafan]

For some reason it was in my head in the voice of the stranger from the half-life series, go figure.

Re:not according to my graphs

[MattBurke]

You missed the point of the article. It's not saying spam volume has spiked - it hasn't - it's saying that the ratio of malicious spam (as in with a trojan attached) to harmless spam has spiked.

Re:not according to my graphs

[fifedrum]

that would require actually reading the article and comprehending what I read. people ask too much around here. Sheesh ;-)

Re:not according to my graphs

[fifedrum]

nope, we're counting all reasons for rejections in those figures reported, we don't block by IP except on temporary basis or what's in well established RBLs, and listings in those RBLs are all temporary (no use of permanent RBLs like that one particular one who blackmails people into paying $50 to get their IP off the list after baiting senders with subscriptions)

Let's say you notice 10.10.10.0/24 has only ever sent junk, why not block the entire class C?

If a reliable reputation/feedback database says that mail originating in that subnet is reported as junk 100% of the time, why allow that subnet to waste your money?

Re:not according to my graphs

[fifedrum]

not claiming a bug, just don't remember ever setting my posting preference to "CODE". though if that's a legitimate setting, why does it bug people that it's in use and why don't more people use it?

i changed it to plain text, because I don't like controversy.

Huh?

What's this "email" thing I keep hearing about? Does anyone use it?

Re:Huh?

so you use facebook messages instead?

Re:Huh?

What's a face book? Never heard of it. Is it like IRC?

Re:Huh?

[Xtifr]

It's something that people with actual jobs are generally forced to use. People who live in their parent's basement playing video games non-stop may be unfamiliar with the concept.

It's also something that provides the backbone of many large free software projects. The Linux kernel and the Debian project, for example, mainly run on email.

Re:Huh?

[TheRaven64]

It's the thing old people in Korea use instead of IM.

Obvious

[Arancaytar]

Apparently, most of the current spam is aimed at building new botnets. Which is sort of what you'd expect after a lot of botnets are taken down.

Noticed it

[mariushm]

Yeah, I noticed it... I only have 3 email accounts and get batches of 15-20 emails every 5-10 minutes with the Win32/Kryptik.RAM trojan virus (ups notifications and invoices) ... they go straight to spam

Re:Noticed it

Thanks! I got an e-mail claiming to be from UPS a couple of days ago. The anti-virus stripped the attachment off so I was wondering what they were attempting. Still that's the first spam I've seen in ages and was enough to spark my curiousity; thanks for telling me what it was attempting to do.

Re:Noticed it

[stephathome]

Same here. I don't check my emails much, but the infected spam rate is atrocious right now. Overall spam is about normal, I think, but more of them have infected attachments.

Re:Noticed it

[fafaforza]

Yup, I get virus discard notices from amavis from a few mail systems and those UPS ones just skyrocketed in the past week or so. Makes sense that they'd try to rebuild that way.

Lazy Spammer Grammar

[seven+of+five]

If these knuckleheads ever learn correct English, we're screwed.

Re:Lazy Spammer Grammar

[CAPSLOCK2000]

Most people in the (western) world speak English to some degree, but not very good. When you work in an international environment you'll get used to poor English to some degree.

Re:Lazy Spammer Grammar

[TheRaven64]

They're not even trying anymore. The last few things to get through my spam filters have been in Thai (and, apparently, not very good Thai).

Re:Lazy Spammer Grammar

well* FTFY

Re:Lazy Spammer Grammar

[ginbot462]

Mmm... spicy spam.

Re:Lazy Spammer Grammar

Most people in the (western) world speak English to some degree, but not very good. When you work in an international environment you'll get used to poor English to some degree.

We're very used to people not using English well.

Re:Lazy Spammer Grammar

Most people in the (western) world speak English to some degree, but not very good.

Not very "well", you mean...

Re:Lazy Spammer Grammar

[Anachragnome]

"If these knuckleheads ever learn correct English, we're screwed."

Back in my WoW raiding days, an idea occurred to me that I kept to myself out of fear that someone might actually do it. I don't play WoW anymore, so I couldn't really give a damn (I know. Nice guy, huh?), but you just made me realize that gold-farmers wouldn't be the only target customers.

The general idea is a native-English speaking person contracting out to Chinese customers to write proper sounding communications such as WoW account phishing emails. It would be just as valuable to email writers with other goals in mind.

To be honest, I am surprised it hasn't happened yet.

Now that I think about it, why are these guys (spammers) not using a little spear-phishing to get the real companies to send them actual examples of emails to copy? You know, open a dummy account and then fuck with it to get an automated-response triggered? It would be trivial to copy such a notice, cutting/pasting a little to personalize it.

Man, it sucks to find your career calling so late in life. I should have opted for the Chinese class in junior high instead of Maori.

unless

Yup, send out massive amounts of mails to people that automatically
whipes all Windows-partitions and installs Linux.

People will cry and booo, until they realize their machines suddenly works. Forever.

Re:unless

[blair1q]

you think linux can't be hacked. that's so cute.

Re:unless

[EraserMouseMan]

Whindows partitions getting whiped and their machines whork? Suddenly? I can't whait!

Re:unless

You don't know what the word "hacked" means. That's not cute anymore.

Re:unless

[bjwest]

This argument really needs to go away. For several years now, I've had no problem with my laptops. I install Linux (usually Kubuntu, but Mandrake, Suse and Debian as well) and the wireless (usually broadcom) asks me for my password and connects right up to my network. It's been about 4 or 5 years since I've had to use a wired connection to get WiFi working. It's been well over a decade since I've had any problems with my desktop connecting as well. Wired connections are totally automatic and don't ask you a thing - they're just connected. It does it so much better than Windows, even to this day, can.

Stop using old outdated excuses on why not to use Linux and give it a try. If you don't like it, discover new reasons to bash it.

Re:unless

[Robert+Zenz]

You mean they're too dumb to plug in the ethernet cord?

Re:unless

[Quirkz]

He also thinks that the normal botnet-infested user, presented with a Linux interface, is going to have the impression their computer "finally works" rather than "looks all weird and don't work at all." Also cute.

Re:unless

[Quirkz]

No, they know how to plug the cord in to the computer. Problem is they're too dumb to realize a cord has two ends.

And before you think I'm completely user bashing, I'm an old tech support veteran who on multiple occasions has shown up after the user assured me the device was plugged in, only to then admit, "Oh, I didn't check THAT end of the cord."

providers

Maybe if the ISPs put forth even the smallest effort at notifying users that their computers appear to have been comprimised some of this would drop off in a meaningful way.

Re:providers

[Jeng]

Time Warner did cut off a co-worker of mine when their computer got infected.

Re:providers

[EXrider]

I've actually had Cox call to tell me that one of our satellite offices was spewing out spam that appeared to be from a machine infected with the Cutwail bot. Turned out that it was someone's personal laptop they brought in on our guest wifi. Granted, it was a "business class" connection and they were responding to a complaint from someone else.

Re:providers

Yeah, everytime I get an email from my ISP telling me I've been compromised, I open it. All I have to do is click the link in the e-mail, and ISP approved software will download and clean the machine for me. (end sarcasm).

Even more spam then before?

[93+Escort+Wagon]

They must've turned it up to 11.

It's not the botnets.

It's "Micro$oft.

Older people

What is even more amazing is that with all the blocking and getting information out to users apparently spam is still profitable enough to keep on doing it. I have *never* responded to email spam but enough people must. Truly amazing.

I volunteer in a call center for consumer help.

Many older people (that call us, anyway) think of email offers or anything via email for that matter, on the same level as regular mail. In other words, if they get an offer in their email inbox, it has the same weight as something they get in their regular mail - is the best way I can explain it.

It's the same with the email spam from certain lobbying organizations that claim that their Social Security and Medicare are going to be cut and they need to RESPOND NOW and DONATE to stop this! - regardless of the merits of the claim.

If someone in an email says they "checked it out and it's TRUE" they believe them, too.

We need to tell our parents and grand parents to treat all unsolicited email as scams and even have serious doubts about emails from organizations that they do deal with.

Re:Older people

[omnichad]

And if people that age have domain names, they're probably customers of Domain Registry of America

Re:Older people

We need to tell our parents and grand parents to treat all unsolicited email as scams and even have serious doubts about emails from organizations that they do deal with.

We need to set up a separate internet just for clueless users (parents, grandparents, /. wannbes) and require they only connect to it. It will only have a few web pages, and only emails from registered users will be allowed. Anyone who tries to break out of the network will have to answer to Obama's death panels.

Re:Older people

[hairyfeet]

Oh it ain't just the old folks, you can get the others just by changing up the tactic. Back in the day my admin buddy Glenn ended up getting hauled before the regional head of the bunch he was working for by a PHB that wanted to have him fired because, and I quote "You have NO RIGHT to tell ME who I can and can't speak to! You WILL allow my emails from Melissa through this very minute!". That's right folks, he was actually fighting for the right to get infected!

Oh and for the moron that ALWAYS ends up posting some "Give them Linux!" total horseshit? Won't work dumbass. number one Linux is a fiddly little bitch so unless you are gonna pay an army of admins to go out and do the forum dance to fix all the fucked drivers with all that funky Chinese hardware, which BTW on consumer goods most likely NEVER had a Linux driver ever written, certainly not by the OEM? good luck Chuck.

Second as a social experiment I actually tried that with a "Must click on teh porn password emails!" type of dumbass. I gave him either Mepis or PCLOS, I can't remember which. So what happened, was it him and RMS dancing through the flowers? Nope he broke that sucker in less than a week, had Linux completely unbootable. How did he do that? Simple he didn't like that whole package management bullshit so he went and Google'd what he wanted, downloaded a bunch of shit off of Freshmeat, and promptly put the machine in dependency hell.

So can we please quit the "give them Linux!" crap already? the people that are infected by shit like this simply don't have the skills to deal with the 6 month upgrade deathmarch, the forum dance where you do the two step looking for fixes, nor have the ability to tweak said fixes because they were written for hardware f rev g and they have hardware h rev k. And the people that DO have the skills? Well they ain't clicking on stupid email attachments so they have no problem running Windows. Maybe when you make a Linux where drivers don't break, the OS don't need to be upgraded every six months, and the CLI has been permanently removed, maybe then Linux will work for the people in TFA. Yeah and when that day comes I'll be riding a purple pony with She-Ra.

This is what we get...

[damn_registrars]

When our anti-spam activities center on filtering received mail and chasing down the spammers themselves. Eventually someone else comes in and comes up with a different way to send spam so it gets around existing filters, which just starts a new round of whac-a-mole.

Until we do something about the motivating factors behind spam - that is, the economics of spam - we will continue to get nowhere, while wasting more time and money on the problem.

Re:This is what we get...

[Arlet]

Sounds great, except there's not much you can do about the economics of spam.

On the other hand, filters have become pretty good. I'm only getting a few spam messages a week that manage to get past the filters.

Re:This is what we get...

What we need to do, is to drop the bots of the net. They shouldn't exist in the first place, and second an infected computer shouldn't be allowed internet access.

"Luckily" measures are being taken to restrict internet access. It's being done to appease the **IAA but it could easily be used against those spammers.

Re:This is what we get...

[Bob+the+Super+Hamste]

Is that like the economics of narcotics, other illicit drugs, illegal firearms? As much as I wish that spam was the same as those economies (I don't have to deal with it unless I wanted to) it isn't because it actively tries to harm me or take my stuff. It is more like that of the meth head who tries to break into you house than the drug king pin. Too bad the castle doctrine doesn't extended to spammers and virus writers.

Re:This is what we get...

[StillNeedMoreCoffee]

Ok lets say you ban user from the Internet that has an infected computer. Lets say you have a techy friend that likes pranks or is out to get you because they didn't like your opinion on something. They hack your system and install a bot (or something that looks to the censors like a bot) and bam your taken off the Internet and have to go through hoops to get connected again. Not unlike the article I just read about people that get identified as Dead to Social Security, Their checks stop and their credit gets distroyed, etc, as bad as Identity theft. Or lets say you get put on a no-fly list, or a sex offenders list. The bathtub ring of that kind of trouble can last a long time.

I'm not in favor of putting hostages in jail, its not their fault.

Your logic is close to the logic that says, their PC should get a virus if they don't protect it, or she deserved it because of the way she dressed. You can get into some dangerous logic if you don't think of the consequences to the innocent.

Re:This is what we get...

[damn_registrars]

Your logic is close to the logic that says, their PC should get a virus if they don't protect it, or she deserved it because of the way she dressed.

No, my logic is nothing like that whatsoever. I'm not sure how you reached that conclusion, so I will rephrase my aim for you.

Filtering spam doesn't work as a long-term solution, because it only creates an arms race with the spammers, that the people who are setting up filters cannot ever win. They will invest more time and more money and eventually the collateral costs will be too high and they will need to find a different way to address the problem.

I do not seek to punish the people who receive spam, or even the people who purchase items that are spamvertised. What I do seek to do is to interfere with the prime motivation behind spam - money.

There are many places where the flow of money between the spammer, the spamvertisted, and all the middlemen can be interrupted and real effects on spam will be realized. Ultimately it is only through economic actions that spam can ever be defeated because it is at its root an economic problem. Anything else is a band-aid for a gushing head wound.

Were you perhaps intending to reply to a different message on here and accidentally clicked on mine?

Re:This is what we get...

[bughunter]

the economics of spam

About $3 a can, or $4/lb.

Re:This is what we get...

[StillNeedMoreCoffee]

Yes probably replied to the wrong message. I agree attaching the economics is the key. People can stop buying, spam filters can attenuate the effect so more spam has to be done for the same result, or fines or imprisonment can effect the supply side.

China

I run a SMTP server, and have noticed a lot of SPAM traffic and hacking attempts coming from China. In addition to running OSSEC's "active response" (firewalling), I've added blocking whole ranges of IP addresses from China. Cut down on my bogus traffic by "2/3rds".

Re:China

[jekewa]

Word. I use the IP blocks from http://ipdeny.com/ to configure ip-filter to stop systems in the top ten malicious countries (http://www.countryipblocks.net/malicious-internet-traffic/malicious-internet-activity-the-top-10-countries/) from getting SSH and SMTP access to my servers. This dropped the amount of relay-attempted e-mail to practically nothing (by three orders of magnitude, from 10Ks of attempts to 10s of attempts), and unknown user attempts to less than a quarter of what they had been.

Yeah, I might miss a little bit of legit e-mail, but if they really need me, we can work out a specific allowance or they can use an otherwise accepted (and content-filtered) server.

A radical solution

[Synerg1y]

If everybody stopped clicking on the spam, opening the attachments, etc... suddenly it wouldn't be profitable and it would stop.

Finished reading? Good job you didn't click on spam while u were reading this, now just do it, now just keep at it... baby steps... no viagra ftw.

Re:A radical solution

Sure, lots of people click on the attachments and get pwned, but nobody really buys anything advertised by spam!
But they don't have to.
Spammers make their money by convincing dummies that spam is an effective marketing technique.

USE FOR THE LESS PRIVILEGED

Good day,

This is an important message to you.The lord directs me to share this with you. As you read this comment, you should sympathize with my current situation and assist me. My name is Isabella Carmel the only survivor from family of four. I was narrowly escaped from the tsunami disaster which affected my spinal cord and also my ear drum and claim the lifes of my entire family, husband (Denis caromel) and two sons (Ugo and Tom) who went for holidays in Sri-Lanka.

Right now I am currently in Kuala Lumpur Malaysia. After staying a week in my family hospital, I was disabled by the catastrophe and now on a wheel cheer after all the treatment.This has defiled all forms of medicine and right now I have only about a few months to live, according to medical experts.I have not lived my life so well as my primary interest and focus was only on my late fathers business. Though my father is very rich and was never generous. But now I regret all this, as I know that there is more in life than just wanting to have or make all the money in the world.The bible says what shall it profit a man to wine the whole world and loose his soul. I believe when God gives me a second chance to come to this world I will live my life a different way from how I have lived before. I have willed and given most of my fathers properties to the less privileges because I want God to be merciful to me and accept my soul. I have decided to give arms to charity organizations and give succor and comfort to the less privileged in our societies. I want this to be one of the last good deeds I do on earth since my father has never recognized that.

So far I have to distribute money to charity organizations now that my health has deteriorated so badly,I cannot do this myself anymore that is why am soliciting your assistant to make this donation through you. The last of my late fathers money that am willing to donate to the less privileged right now is the huge sum of $10.6M USD that is concealed in a consignment and deposited in (OVERSEA CREDIT COMMISSION ABROAD) for safekeeping which he intends to invest on profitable factory.

I want you to help me claim this funds where is deposited and disburse it to charity organizations and the less privileged in the society.Please I will appreciate you to indicate interest for the disbursement and also include your contact telephone/fax numbers that I will forward to the(OVERSEA CREDIT COMMISSION ABROAD) to be able to contact you as the appointed beneficiary. I will provide you the certificate of deposit and the letter of authority to enable you claim the consignment of the funds.

If you are willing and ready to assist with this project, please follow this link without delay, while I wait to hear from you. Thanks once again for your kindness may God guide and reward you in all your endeavors as you make me realize my last dreams and wishes.

Remain blessed,
Mrs.Isabella Caromel

Re:USE FOR THE LESS PRIVILEGED

+1 for starting with "Good Day", although "Good Day Sir" would have been better.
+1 for the brilliant URL in the link
+1 for appearing religious
-1 for near-perfect spelling and grammar

I'd give you my account info for sure!

Re:USE FOR THE LESS PRIVILEGED

[LordSnooty]

Must be a good parody of spam, because I scanned it for about four seconds and thought, "that's enough for me".

Cutwail, Festi and Asprox

[roguegramma]

Obviously, these are names fit for medicine:

Cutwail - a pain blocker
Festi - makes soft muscles hard again
Asprox - makes your bowels work faster

Re:Cutwail, Festi and Asprox

[ilsaloving]

I was expecting Festi to be an antibiotic for treating infected wounds.
Or possible something to repair a fistula.

Re:Cutwail, Festi and Asprox

[fafaforza]

Reminds me of this: http://www.youtube.com/watch?v=ue4m_2F8vJc

correction in the summary:

[nimbius]

A security company with 11 products designed to solve your spam problem, has made a picture showing a bombastic and ludicrous increase in spam the likes of which you cannot possibly cope with. This spam targets your genitals using african money laundering transfers to smuggle a dirty bomb into your new nike jordans and boochi bags at 80% discount, and free shipping.

It is imperative you believe this un-renound seldom-published security engineer working for a vague corporation that runs its main website on a dated version of microsoft IIS 6.0 with ASP. this company worked hard to ensure its pretty pictures had maximum market placement, and slashdot is no exception.

Re:correction in the summary:

[EXrider]

Say whatever you want about the company who published the article, I didn't even RTFA. I can vouch for what they're saying though; I've seen a massive uptick in quarantined viruses lately, the most I've seen in years since the Pre-XP SP3 days. Most of them are password protected zips or exe's with multiple extensions. Overall spam volume is still lower than last year however.

Re:correction in the summary:

[Clsid]

I second what the parent post is saying. I kind of thought somebody was trying to hack my accounts or something since I started receiving lots and lots of fake UPS and FedEx emails. In my particular case, the first e-mail I received made me call a company that was sending me a product, since I was already having shipping issues with them. After closer examination of the email I realized it was fake but after that day, I have been receiving 2 or 3 of those fake emails per day with a variety of themes.

Re:correction in the summary:

Thirded.

I had to adjust some filters due to a massive spike of some "crafty" new spams pretending to be from the IRS (U.S. Tax collection arm) and IRS analogues from other countries.
Each contained a multiple extension .pdf.exe that was infected.

One of the few things I like about exchange is that I was able to pull all of the spam from everybody's email boxes, even if it had already been delivered (and thankfully it hit in the middle of the night, when we're on skeleton crew and most employees are techy enough to know what they were seeing and make my phone ring within about 5 minutes of the first one getting through.

Since then I've seen a staggering amount of these same style spam emails getting filtered.

Re:correction in the summary:

[MichaelSmith]

I have had a couple of supposed emails from New York City telling me I have parking fines to pay, with executables attached and called zip files. I live in Australia and the first one made my wife go WTF?

The money's still there

[HalAtWork]

There's still companies willing to pay for it, so there's still some greedy fucks willing to take it. The desire/benefit of getting the extra edge will prompt the greedy to distort laws/policies in order to profit from having something that others with more scruples (or who simply aren't in a position to cover their ass with expensive lawyers, to compete in terms of what they can get away with) won't have. It needs to become undesirable to carry out this practice, and for that there needs to be severe penalties, or consumer awareness such that it gives those who practice a negative enough perception that it causes sales to drop. Spam is usually delegated and it is not obvious who is (indirectly) behind it, so the latter will probably not happen any time soon.

Good luck with that.

[khasim]

Until we do something about the motivating factors behind spam - that is, the economics of spam - we will continue to get nowhere, while wasting more time and money on the problem.

The problem with that approach is that the economics of spam are totally slanted in favour of the spammer.

One machine can send out MILLIONS of spam messages per day.

And it only takes a couple of people purchasing something to make it profitable.

Instead, focus on understanding the spam process. I was able to reduce 99%+ of spam at one place I worked using SpamAssassin, clamAV, a Bayesian filter and lots of spam trap email addresses on a smart host.

Re:Good luck with that.

[Jeng]

Much like an advertising campaign, spamming does not have to be profitable to those who employ spam. It only has to be profitable to the organization that is being paid to spam.

The only people who have to buy anything are the people who buy the spamming service.

Re:Good luck with that.

[damn_registrars]

Until we do something about the motivating factors behind spam - that is, the economics of spam - we will continue to get nowhere, while wasting more time and money on the problem.

The problem with that approach is that the economics of spam are totally slanted in favour of the spammer.

We seem to view the economics of spam differently. Your view seems to be focused on the return on investment, which is certainly one aspect of spam. From my vantage point I see the important factor in spam being the ease of the spamvertised in paying the spammers, coupled to the various middlemen who also take a cut on the action.

Spam is a very imperfect machine (thankfully). There are plenty of ways that one can approach it that would have a more meaningful and lasting impact on spam than just adjusting filters (and swallowing the costs of the same).

In a similar vein others have identified that there is a very short list (say around 3) of credit card processors who handle the transactions for >90% of all spamvertised "pharmacy" sites. Interfering with them can have lasting and dramatic effects on who spammers will spam for, as they won't be getting paid anymore.

After all, the most important - and perhaps most overlooked - fact about spam is that spammers send spam to make money. Many people seem to have convinced themselves that spam is sent out to piss them off personally, and that attitude does not accomplish anything. The correct view is that spam is sent out because spammers make money doing it, there are no more complicated driving forces behind it.

Re:Good luck with that.

[Antique+Geekmeister]

Currrently, yes. There is no punishment, and in general only modest engineering cost to setting up a new spam net. This encourages new "entrepreneurs" to enter the field, even if they make no overall profit doing so. Spam services are being _sold_ to legitimate and illegitimate clients, and the claims of profit are overblown. But since no one publishes good numbers on its success rates, they can continue lying and drumming up business to fools and criminals.

The return on investment need not be real: it only needs to be portrayed as real to get customers of the wholesale spamming services, which are such a large proportion of modern spam.

Hydra

[Bob+the+Super+Hamste]

Does this really surprise anyone. It is like a damn hydra. Chop off one head and 2 new ones grow in its place.

Re:Hydra

[gewalker]

You have to burn the stump after you cut off the head. This step is effective when applied to spammers too.

Re:Hydra

[Kittenman]

You have to bury the-head-that-never-dies under a rock. And yes, this also works for spammers.

spamassassin + bogofilter

[hedley]

First spamassassin, then whatever it thinks is ham gets fed through bogofilter (Bayesian). What comes out of that is almost pure ham. Some stragglers get through but its not a major deal.

H.

Re:spamassassin + bogofilter

[ShaunC]

That you aren't seeing the spam doesn't mean it isn't a major deal. Someone's bandwidth, drive space, etc. has to be used (even if in an ephemeral sense) long before SA shitcans the message.

Re:spamassassin + bogofilter

[SCHecklerX]

Spamassassin is the last thing I use in my arsenal. It's too processor intensive. I use Mimedefang and sendmail checks as the first line of defense (spoofing, bad rcpt throttling, mail to system accounts, invalid helos, trustworthy RBL listings, etc.) On a typical day I *REJECT* about 5000 messages before going beyond 'HELO', 'MAIL FROM', and 'RCPT TO'. Of the rest that come though, I drop maybe 50 via spamassassin, and another 50 get flagged as spam. That's 100 things analyzed versus 5000.

If you are using nothing but SA and Bayes, you are doing it wrong.

I'd post this week's stats from my servers, but slashdot's junk character detector is a piece of shit.

Re:spamassassin + bogofilter

[fafaforza]

Sure, but SMTP checks will only go so far. They are very basic, often not even able to run a check against more than 1 line at a time. SpamAssassin filters are pretty detailed, so they do play a role, and I personally am surprised at the number of senders that don't seem to get a bounceback from a 5xx error. Instead they'll waste our helpdesk time to be told something was rejected due to an RBL, etc. So in that respect, checking against an RBL, adding a match to the score and tagging it can end up being less of a hassle in the long run.

Re:spamassassin + bogofilter

[SCHecklerX]

Did you even read my post? Spamassassin is used, but it is the last thing used. If people are not getting an error back, then the sender's mail server is misconfigured or a zombie anyway, and we don't want mail from them.

Re:spamassassin + bogofilter

[fafaforza]

And did you read mine? Obviously the sender not getting a bounce is their problem, but they still end up on YOUR helpdesk, wasting YOUR time. I was also responding to your comment on having defenses at the SMTP level, and I commented that they are basic, and can result in the aforementioned issue, so it isn't always the best solution. It is cheap in terms of processing, but has it's own drawbacks.

Absolutely true

[Kamiza+Ikioi]

If they ever learned correct English (non-copied, random, yet intelligent looking grammar), we'd lose a valuable tool in both machine AND human filtering of spam.

But, at that point, SkyNet will kill us all anyways, so I'm not too worried just yet.

"Malicious" Spam?

As opposed to the cute, warm and fuzzy kind that people just love receiving?

Not spam volume, just malicious attachments

[Tony+Isaac]

Overall spam volume is down, based on M86 Security and others. http://www.m86security.com/labs/spam_statistics.asp

My own spam rates via GMail, and my own domain, show spam rates down by 50% since last year.

It might depend on who you read. Try googling "spam statistics" and you'll get quite a mix of "spam is up," "spam is down."

Epic level?

[Chris+Mattern]

So, then...they're purple?

Spammers have changed tactics

[SCHecklerX]

They are compromising accounts now, using, in part, the data collected by the lulzsec breaches. I have several friends using yahoo who have now sent me spam messages. Their old tactics have been rendered ineffective by spam fighting efforts, so now they are doing this.

Spam! Spam! Spam!

[spaceyhackerlady]

I'm currently getting mountains of spam exhorting me to remodel my home, buy a new patio deck, buy business cards, even find a new apartment. Stuff that looks like junk mail I'd get on paper, except that it's cluttering up my email. Lots comes from some filth calling themselves Eclipse Media Online, who hope I enjoyed receiving their garbage. Yeah, right.

I actually do like getting email from companies I do business with, everybody from Mouser to Sephora. Emails from Barefoot Tess tend to be hard on my bank account. :-)

...laura

Re:Spam! Spam! Spam!

[mjwx]

I actually do like getting email from companies I do business with

Indeed, I like being notified to when my favourite businesses are having sales, I've saved thousands thanks to signing up to mailing lists for Singapore Airlines, Air Asia, Malaysian Air Services and that's just for travel.

But this is solicited commercial email, I want to receive this and if I dont I can unsubscribe.

It's the unsolicited stuff, such as VividWireless that I never want to hear from again, they dont have an unsubscribe feature on their emails. Also rarely does solicited advertising try to fuck up your computer, VividWireless did plenty of that.

More about Malicious Attachments than spam

After reading TFA, it clearly shows why this is NOT an issue us... we don't allow zip attachments with the same types of files in them which can have viruses in them in the first place. We don't allow type files matching what would be extensions of: cmd com js reg chm cnf hta ins scf sct vbs vbe wsc wsf wsh xnk mad maf mag mar mas mat mav maw bat pif scr exe wmf.

Been doing this since 2003 and missed most of the virus fun that others have had.

The only viruses we ever see are possible web links in email that point to a site/file download. And we get most of those too.

Malicious Spam

[PPH]

I was right!

I knew that lunch meat was up to no good. I could swear it was eying me suspiciously every time I opened the fridge. I should be wearing the aluminum foil, not the foodstuffs.

Yeah... it was nice for a while.

[rnturn]

I'd open my Inbox and only find legitimate emails in it. Then the current spike in spam started. Deadly? No. It's nithing that Ctrl-click-click-click-...-Delete can't handle. Annoying? Yep. And a little insulting. Do these bozo spammers really think I'm -- or anyone for that matter -- going to open an attachment from an email that has the same Subject: line as eight other emails in my Inbox? And do they really think that all of my UPS shipments have been going to the wrong address? Or that I would be expecting invoices from 17 different companies per day? (And I'm not even counting the daily Cialis, Viagra, and fake Rolex watch come-ons.) Come on you idiots. You're going to have to try harder than that.

Four Point Plan

[Eric+Damron]

I have a four point plan that I guarantee will eliminate spam once and for all:

1. Find the spammers and kill them.
2. Find anyone buys spammer's services and kill them.
3. Find anyone who is stupid enough to allow their PC to become infected more than twice and kill them.
4. Find Steve Ballmer and Darl McBride and kill them.

Okay its actually a three point plan. I just added Ballmer and McBride because I don't like them.

We want delicious

When is the delicious spam going to be delivered? I'm tired of the malicious sort.

spf

Just reject spf soft and hard fails. That takes care of 80% of the spam and 1% legit users (tell the legit users to fix their spf records). Take forwarded for headers and filter them based on previous spam - that is another 5-10%. Next filter for pharmaceuticals, watches, travel, and gambling and you have another 3-5%. Post a couple honeypot email addresses on the web and that should grab just about every spammer on the planet after a year or so. Filter through spamhaus or another rbl that handles only recent activity and an antivirus program + file extension filter and your job is done. PS don't let out the secret or we'll all be out of the job and then no more margaritas for you!

Did Constant Contact sell or get broken into?

I have Cyrus - so I do username+folder@example.com for my interactions with the world.

3 folder@example.com emails are being used in the UPS/IRS/other topics. 2 of the 3 original parties I emailed have claimed they have not shared/sold the email and they only interacted with Constant Contact. All 3 were last used over a year ago.

Thus far - Constant Contact has not returned my call.

Exaggerate much?

[guspasho]

Epic, huh? Really? Did it destroy Troy, or get lost at sea for ten years? Is it anywhere near that epic level of magnitude? I don't think so.

Yup

[ThatsNotPudding]

I've gotten spam in the last three days for the first time in many, many months. Ubuntu/Thunderbird/POP

MS to the rescue

[hesaigo999ca]

MS should now focus on the next 2 biggest ones...and keep at it, until the bad guys see there is no money to make any more with malware!
I hope MS jumps on the security good guy band wagon for awhile, and thinks less of the bottom line

Company?

[DrYak]

Out of curiosity, are allowed to tell us which company you work for ?