Anti Virus Softwares

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, 5 October 2009

A Day in the Life of Spam

Posted on 15:07 by Unknown
Its been quite a while since I did a "Day in the Life of Spam", but with some recent ups and downs in the trends, I thought it would be worth taking a look again.

For this study, I chose one group of trap addresses for the UAB Spam Data Mine, and decided to try to categorize every email received on October 4, 2009. These particular trap accounts received 10,583 spam emails that day. So how did they break out?

5854 emails or 55.3% = Pharmaceutical products
2303 emails or 21.7% = Watches and other counterfeit goods
1044 emails or 9.8% = Malware distribution
512 emails or 4.8% = Illegal software "OEM" software downloads
397 emails or 3.8% = Fake diplomas or instant degrees
69 emails or 0.6% = Work at home scams
66 emails or 0.6% = Russian language emails
30 emails or 0.3% = Casino spam
28 emails or 0.26% = "Giveaways gotchas" (gift cards, plane tickets,
cell phones, laptops that are called "free" but aren't)
28 emails or 0.26% = Chinese/Japanese emails

200 emails or 1.9% = miscellaneous things other than categories above
insurance, credit reports, DISH Network, ink & toner,
language learning, government grants, dating services,
GI bill info, teeth whitening, government auctions,
ab circle, timeshares, florida rental properties,
colo detox, etc.

Digging in deeper, Canadian Pharmacy dominated the pharmacy category, with what
seems to be at least 19 different spam campaigns, all pushing Canadian Pharmacy
affiliated websites. Compared to other affiliate pill programs, they win hands down:

5358 emails = Canadian Pharmacy
260 emails = Maximum Gentleman penis enlargement
107 emails = Canadian Health Care
61 emails = Online Pharmacy
32 emails = My Canadian Pharmacy
16 emails = Canadian Health & Care Mall
12 emails = Canadian Family Pharmacy
8 emails = Acai Berry

The big changes that stand out especially are that the famous "Russian Brides" spam has almost vanished entirely. Gone also is the Acai Berry spam, which was at one point nearly 15% of all of our spam email messages. 419 scams are disappearing as well, with only 7 emails out of the 10,500+ examined for this "Day in the Life" peek.

When we look at the URLs advertised just in those 5,358 Canadian Pharmacy emails, we find 7,056 unique URLs hosted on 348 domains, of which 234 are ".cn" domains:

aobypwto.cn
aohumwto.cn
bavulov.cn
biyahaj.cn
bjelunep.cn
bobobuk.cn
bohetoj.cn
botazux.cn
bsobidar.cn
bsozefew.cn
busegis.cn
buwaneg.cn
cabavov.cn
cedwoyep.cn
cixivic.cn
cmeqoher.cn
cnahehas.cn
cpiliguk.cn
cqolodar.cn
csimigek.cn
cucodag.cn
cujozas.cn
cuyilec.cn
czavoyig.cn
dadodeg.cn
dahonif.cn
darohus.cn
dbixumaq.cn
ddayatot.cn
dejoviw.cn
dhajeqiy.cn
dijajiv.cn
dilonef.cn
disaniv.cn
dnojisud.cn
doboget.cn
docuyiv.cn
dojiqur.cn
dtusukir.cn
dzayowis.cn
dzolufay.cn
fasosup.cn
fceqinaf.cn
fducilox.cn
fehavux.cn
fejunab.cn
fibujes.cn
ficimap.cn
finahoz.cn
fohiyub.cn
fovihag.cn
fpupewat.cn
fsoresok.cn
fxocefew.cn
gakarid.cn
gbukagef.cn
gebosor.cn
ggefalom.cn
girucav.cn
glimesaf.cn
gmogacof.cn
gmonigec.cn
gobahod.cn
gpevehig.cn
gzevohaq.cn
hakobiz.cn
havarul.cn
hbejivix.cn
hgodakej.cn
hkawutet.cn
hocacap.cn
holoyin.cn
huvayov.cn
hxeqotet.cn
hyunohep.cn
jagegop.cn
jimigok.cn
jiquwac.cn
jirohup.cn
jjunopov.cn
jjunopov.cn
jpatoxih.cn
jranoxug.cn
jvafohit.cn
jvoqidev.cn
jxubocot.cn
kepomat.cn
kkamugag.cn
kovupaj.cn
krecahol.cn
kufanuv.cn
kyejixey.cn
lamadul.cn
lbihakag.cn
lbogupey.cn
lemecij.cn
loganuw.cn
lqihedax.cn
ltexujis.cn
lufogay.cn
luladuz.cn
lwofepib.cn
lwofexiv.cn
lxolemaj.cn
lyarazok.cn
lyuvuced.cn
mahalam.cn
mbajihiz.cn
mivutim.cn
mobivis.cn
moqeqez.cn
mtejuxad.cn
muhazec.cn
myibaqum.cn
nagozuc.cn
nahojut.cn
napojox.cn
nhofewih.cn
niduqab.cn
njihivax.cn
nnifikaj.cn
nocigoj.cn
nosadoc.cn
nqewonih.cn
nropemij.cn
pajikub.cn
pawucit.cn
pazoxif.cn
pevular.cn
pirebav.cn
pkipuyom.cn
pqezosem.cn
puhoquj.cn
puwuwug.cn
qahomeh.cn
qdiwoxaq.cn
qelaquk.cn
qfudocik.cn
qivokex.cn
qiyejas.cn
qoconug.cn
qokutuq.cn
qonanih.cn
qoxifuw.cn
qqisuluw.cn
qtufetag.cn
qudehiv.cn
qzonumeg.cn
rasafas.cn
rewelay.cn
rfozinud.cn
rgekepum.cn
rgekepum.cn
rizexez.cn
rjuyunex.cn
rmenisul.cn
rqasesoy.cn
rwobucem.cn
scelamoq.cn
shetepoc.cn
sirepil.cn
sjowemor.cn
socowuv.cn
sodajud.cn
somorez.cn
soqunup.cn
sorufar.cn
sovuzoq.cn
spojoxiq.cn
tatapum.cn
tawamof.cn
tdiceruk.cn
tfenuhah.cn
thidafak.cn
thodurux.cn
tnawulod.cn
tnikixep.cn
tvufisux.cn
vapabog.cn
vibariq.cn
vivuxab.cn
viyezis.cn
vludihum.cn
vobenog.cn
vohuren.cn
vopaguz.cn
voxaziq.cn
vqamiwur.cn
vriyigip.cn
vvobipad.cn
wabifoy.cn
wbakilit.cn
wbohovuh.cn
wgesirok.cn
wicigeh.cn
wiyisuh.cn
wnexejip.cn
wonefaq.cn
worldvld.cn
wovewab.cn
wuqumud.cn
xehevug.cn
xexugan.cn
xifepuj.cn
xipames.cn
xozowoj.cn
xquwavuk.cn
xuyokir.cn
ycaqoped.cn
ycetuvow.cn
yfolobow.cn
ygemuhop.cn
yinicuv.cn
yipenov.cn
ylafarum.cn
yororom.cn
yujacub.cn
yvukudey.cn
yzigawim.cn
zajeqav.cn
zapoyuf.cn
zcixefat.cn
zecemiz.cn
zfumulik.cn
zicorem.cn
zkodibay.cn
zlesanus.cn
zovoliz.cn
zowimij.cn
zrugaviv.cn
zsomiyon.cn
ztokusut.cn
zuguvov.cn
zupabuv.cn

Another 84 are ".com" domains:

12n3.com
150m.com
adabisnis.com
adorewow.com
adsnote.com
aftermelody.com
angerpeople.com
awaredear.com
barracudacentral.com
betterspoke.com
boldcover.com
cefjedhoha.com
chordspend.com
clickboothlnk.com
cncd-tex.com
coatfew.com
codetwo.com
comfyrace.com
confluencehr.com
connectionends.com
couldfloor.com
creamyglass.com
createsend2.com
entervanish.com
expertreason.com
fallsautumn.com
frankoferosscom.com
gate2service.com
giftedstood.com
gisdany.com
google.com
gotmoral.com
groupfinger.com
havebasic.com
hecreamy.com
helpleave.com
hesheet.com
hoawukfue.com
ihrodinpe.com
images-amazon.com
iomega.com
kezlink.com
livejournal.com
magicrange.com
metalartmaster.com
microsoft.com
mightysing.com
miturl.com
nbcmediacenter.com
onbisnis.com
passport.com
periodtwo.com
pharmacyonlineoffernow.com
posesea.com
proudnoble.com
quietcotton.com
qupdumvov.com
razoncollins.com
renownchief.com
restcalm.com
restthere.com
shegentle.com
shrtn.com
sidecatch.com
smooththan.com
soilbear.com
sonbottom.com
spreadtwenty.com
stoodstudy.com
stringmunchy.com
suchpull.com
t35.com
talkjoyful.com
thebraintree.com
tinytwitt.com
trucktingle.com
waitname.com
webmd.com
weightboxtime.com
whiledesire.com
winsportbike.com
yahoo.com (abused in the form of newly created "yahoo groups")
zestquart.com
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in spam | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • From Russia, With Love . . . new Postcard spam spies on your PC
    Isn't it nice to have friends who send you postcards? The UAB Spam Data Mine is especially fortunate in that way. Beginning the evenin...
  • Happy New Year! Here's a Virus! (New Year's Postcard malware)
    I've been busy this week looking at the various defacements (see ComputerWorld , and ABC News ) and other cyber attacks (see yesterday...
  • ACH Spammer switches to Shortened URLs
    For many weeks now the spammers behind one particular malware family have been fighting a running battle to keep their malware-hosting domai...
  • Morocco based "Team Evil" reroutes prominent Israeli websites
    After more than 10,000 websites being defaced in protest of Israeli actions in Gaza, Morrocco-based defacement team "Team Evil" ha...
  • Tempting Photo Attachments Lead to Fake AV
    One of today's largest malicious spam campaigns continued an occasional theme we've been seeing for a few weeks. A subject line, fo...
  • Minipost: Google v. Pacific WebWorks
    I blogged recently about the "Google Jobs" scammers who were abusing Twitter, Blogspot, Google Reader, and spaces.live.com by crea...
  • Indictments reveal $77 Million in Illegal Pill Sales
    Congratulations to the Daytona Beach FBI, US Attorney Robert O'Neill, and their colleagues at IRS and FDA. The Daytona Beach News report...
  • WIRED: November Jargon Watch & Forensics?
    One of my NASA buddies (hi, Lisa!) dropped by last week for coffee and to catch up on the world of information management. When I introduce...
  • Most Dangerous Cities for Cyber Crime?
    Symantec Riskiest Cybercrime Cities Symantec released a study today in conjunction with Sperling's Best Places today. According to thei...
  • New Year's Waledac Card
    We haven't seen a new version of Waledac since Independence Day (July 4, 2009), but it looks like its back! I'm on vacation today, s...

Categories

  • Blogs
  • Calendar
  • china
  • Communities
  • computer security careers
  • conficker
  • cyberwar
  • digital certificates
  • Drivers
  • email
  • Excel 2007
  • facebook
  • fake av
  • Features
  • Firewall
  • Gadgets
  • gumblar
  • Hardware
  • Hotmail
  • IE7
  • Internet Explorer 7
  • koobface
  • law enforcement
  • malware
  • Microsoft
  • Outlook
  • pharmaceuticals
  • phishing
  • PowerPoint 2007
  • public policy
  • Ready Boost
  • ReadyBoost
  • Security
  • Sidebar
  • Software
  • spam
  • Tutorials
  • twitter
  • twitter malware
  • USB
  • Virtual PC
  • Vista
  • waledac
  • Wallpaper
  • Websites
  • Windows
  • Windows Live
  • Windows Vista
  • Word 2007
  • zbot

Blog Archive

  • ►  2013 (17)
    • ►  November (1)
    • ►  October (1)
    • ►  September (1)
    • ►  August (3)
    • ►  July (1)
    • ►  June (1)
    • ►  May (5)
    • ►  April (3)
    • ►  March (1)
  • ►  2012 (18)
    • ►  August (1)
    • ►  June (1)
    • ►  May (7)
    • ►  April (2)
    • ►  March (7)
  • ►  2011 (28)
    • ►  November (3)
    • ►  October (1)
    • ►  August (4)
    • ►  July (6)
    • ►  June (1)
    • ►  May (2)
    • ►  April (2)
    • ►  March (6)
    • ►  February (1)
    • ►  January (2)
  • ►  2010 (80)
    • ►  December (6)
    • ►  November (10)
    • ►  October (6)
    • ►  September (12)
    • ►  August (5)
    • ►  July (4)
    • ►  June (11)
    • ►  April (7)
    • ►  March (8)
    • ►  February (4)
    • ►  January (7)
  • ▼  2009 (93)
    • ►  December (12)
    • ►  November (11)
    • ▼  October (16)
      • Facebook Safety & Million Member Facebook Groups
      • FACEBOOK PHISH! Users Beware!
      • Fake FDIC spam campaign spreads Zeus malware
      • FBI and SOCA make a media splash at RSA Europe
      • Phishing For Love: Banking Insiders
      • TowerNet CapitalOne: Avalanche returns after 15 mo...
      • Zipped Malware Attachments in Spam: Here comes Con...
      • Hacked Newspaper loads Google News with malware sites
      • Targeted URLs in spam . . .OWA Settings update
      • IRS Zeus via Geocities
      • A weekend of Old News
      • The FBI's Biggest Domestic Phishing Bust Ever
      • Microsoft "Your e-mail will be blocked" phish
      • A Day in the Life of Spam
      • Cyber Security Awareness Month: Day Two
      • Cyber Security Awareness Month: Day One
    • ►  September (7)
    • ►  July (5)
    • ►  June (10)
    • ►  May (2)
    • ►  April (7)
    • ►  March (7)
    • ►  February (6)
    • ►  January (10)
  • ►  2008 (109)
    • ►  December (7)
    • ►  November (17)
    • ►  October (12)
    • ►  September (10)
    • ►  August (23)
    • ►  July (14)
    • ►  June (3)
    • ►  May (8)
    • ►  April (6)
    • ►  March (2)
    • ►  February (3)
    • ►  January (4)
  • ►  2007 (37)
    • ►  December (3)
    • ►  November (9)
    • ►  October (3)
    • ►  September (2)
    • ►  August (5)
    • ►  July (5)
    • ►  April (2)
    • ►  March (2)
    • ►  February (2)
    • ►  January (4)
  • ►  2006 (5)
    • ►  December (2)
    • ►  October (3)
Powered by Blogger.

About Me

Unknown
View my complete profile