Spam Hits Its Highest Level Since 2010

Long-time Slashdot reader coondoggie quotes Network World: Spam is back in a big way -- levels that have not been seen since 2010 in fact. That's according to a blog post from Cisco Talos that stated the main culprit of the increase is largely the handiwork of the Necurs botnet... "Many of the host IPs sending Necurs' spam have been infected for more than two years.

"To help keep the full scope of the botnet hidden, Necurs will only send spam from a subset of its minions... This greatly complicates the job of security personnel who respond to spam attacks, because while they may believe the offending host was subsequently found and cleaned up, the reality is that the miscreants behind Necurs are just biding their time, and suddenly the spam starts all over again."
Before this year, the SpamCop Block List was under 200,000 IP addresses, but surged to over 450,000 addresses by the end of August. Interestingly, Proofpoint reported that between June and July, Donald Trump's name appeared in 169 times more spam emails than Hillary Clinton's.

Trump & spam

[Zocalo]

Donald Trump's name appeared in 169 times more spam emails than Hillary Clinton's.

Can't say I'm at all surprised by that. I've been getting a steady stream of what appear to be genuine emails from the Trump campaign (all the links are to legit Trump and GOP domains, plus a few MSM ones) asking for donations for a few weeks now. There's a whole bunch of problems with that, other than it being UBE - I'm a British citizen so I don't think Trump can legally accept my donation anyway; several of the domains involved are within the .uk ccTLD; and the addresses concerned are all (and always have been) spam traps. And yes, I have been forwarding them all to the FEC.

Seriously, Donald, if you're going to let your campaign team buy email lists from who-knows-where and spam the shit out of them, they could at least do some basic list washing first - it's starting to look like Hillary isn't the only one with an incompetent email admin team...

Re:Trump & spam

[Zocalo]

I'm sure there's a lot of election related phishing out there too, and I've got lots of examples of that too, but as I noted all of this is pointed entirely at genuine Trump/GOP domains with a few MSM ones thrown in for citations; it's almost certainly genuine campaign spam from Trump or one of his supporters acting (possibly independently) on his behalf - there are no dodgy domains at all (unless you want to count Fox News), including in the mail headers, which are from a legit ESP. They're also hitting spamtraps that go back years (some were only ever seeded on Usenet over a decade ago) so either someone in Trump's campaign, officially or otherwise, has been buying really low quality mailing lists, or someone has fed them a bunch of email addresses from them.

Re:Perhaps more likely to click

[plover]

Proofpoint is studying election related phishing attacks, not generic spam. The ratio may be an indicator that the attackers expect Trump supporters to be far more gullible than Clinton supporters.

Live and let spam is EVIL

[shanen]

Do we need to rehash the reasons why? You might not have any sympathy for the suckers, or you might not care about attacks on corporate reputations and customers. You might not have any children for the spammers to target, but in that case I think I should extend my sympathies. You don't care about false positives that lose your actual email and you think your time spent with false negatives is too small to matter (and don't care about the multiplication of that time by the millions). You're still getting victimized by the general inefficiency the spammers impose on everyone. Or perhaps worst of all, the basic spammers create noise that helps mask the serious threats of the serious scammers, such as spear-phishermen and identity thieves.

It seems like all of the big email providers have adopted the motto of "Live and Let Spam." Obviously didn't work for Yahoo, did it? Whatever Microsoft paid for the Hotmail brand must have been written off for similar reasons. The google is the saddest case of all, but perhaps that was just the generalized result of dropping "Don't be evil" in favor of "All your attention are belong to us." Anyway, at this point I monitor all three and Gmail clearly has the worst filters, both for false positives and false negatives and for feebleness of their countermeasures. Proof? In the preferences of the spammers themselves, blessing Gmail with the most spam of all.

Doesn't have to be that way. The rational spammers do have economic models that could be attacked. Dropboxes can be nuked and external email services that provide the dropboxes can be pressured. Link shorteners can be subverted against the spammers. Lots of other countermeasures are possible, but the google don't care (and Yahoo can't afford to care and who cares about Outlook).

*sigh* Just venting again, but I really wish someone provided a really good email system, one with tools that would let me help fight the spammers. Why not convert some of the universal hatred of spammers into positive sentiments towards an email system that scares the spammers?