A Day in the Life of Spam

Its been quite a while since I did a "Day in the Life of Spam", but with some recent ups and downs in the trends, I thought it would be worth taking a look again.

For this study, I chose one group of trap addresses for the UAB Spam Data Mine, and decided to try to categorize every email received on October 4, 2009. These particular trap accounts received 10,583 spam emails that day. So how did they break out?

5854 emails or 55.3% = Pharmaceutical products
2303 emails or 21.7% = Watches and other counterfeit goods
1044 emails or 9.8% = Malware distribution
512 emails or 4.8% = Illegal software "OEM" software downloads
397 emails or 3.8% = Fake diplomas or instant degrees
69 emails or 0.6% = Work at home scams
66 emails or 0.6% = Russian language emails
30 emails or 0.3% = Casino spam
28 emails or 0.26% = "Giveaways gotchas" (gift cards, plane tickets,
cell phones, laptops that are called "free" but aren't)
28 emails or 0.26% = Chinese/Japanese emails

200 emails or 1.9% = miscellaneous things other than categories above
insurance, credit reports, DISH Network, ink & toner,
language learning, government grants, dating services,
GI bill info, teeth whitening, government auctions,
ab circle, timeshares, florida rental properties,
colo detox, etc.

Digging in deeper, Canadian Pharmacy dominated the pharmacy category, with what
seems to be at least 19 different spam campaigns, all pushing Canadian Pharmacy
affiliated websites. Compared to other affiliate pill programs, they win hands down:

5358 emails = Canadian Pharmacy
260 emails = Maximum Gentleman penis enlargement
107 emails = Canadian Health Care
61 emails = Online Pharmacy
32 emails = My Canadian Pharmacy
16 emails = Canadian Health & Care Mall
12 emails = Canadian Family Pharmacy
8 emails = Acai Berry

The big changes that stand out especially are that the famous "Russian Brides" spam has almost vanished entirely. Gone also is the Acai Berry spam, which was at one point nearly 15% of all of our spam email messages. 419 scams are disappearing as well, with only 7 emails out of the 10,500+ examined for this "Day in the Life" peek.

When we look at the URLs advertised just in those 5,358 Canadian Pharmacy emails, we find 7,056 unique URLs hosted on 348 domains, of which 234 are ".cn" domains:

aobypwto.cn
aohumwto.cn
bavulov.cn
biyahaj.cn
bjelunep.cn
bobobuk.cn
bohetoj.cn
botazux.cn
bsobidar.cn
bsozefew.cn
busegis.cn
buwaneg.cn
cabavov.cn
cedwoyep.cn
cixivic.cn
cmeqoher.cn
cnahehas.cn
cpiliguk.cn
cqolodar.cn
csimigek.cn
cucodag.cn
cujozas.cn
cuyilec.cn
czavoyig.cn
dadodeg.cn
dahonif.cn
darohus.cn
dbixumaq.cn
ddayatot.cn
dejoviw.cn
dhajeqiy.cn
dijajiv.cn
dilonef.cn
disaniv.cn
dnojisud.cn
doboget.cn
docuyiv.cn
dojiqur.cn
dtusukir.cn
dzayowis.cn
dzolufay.cn
fasosup.cn
fceqinaf.cn
fducilox.cn
fehavux.cn
fejunab.cn
fibujes.cn
ficimap.cn
finahoz.cn
fohiyub.cn
fovihag.cn
fpupewat.cn
fsoresok.cn
fxocefew.cn
gakarid.cn
gbukagef.cn
gebosor.cn
ggefalom.cn
girucav.cn
glimesaf.cn
gmogacof.cn
gmonigec.cn
gobahod.cn
gpevehig.cn
gzevohaq.cn
hakobiz.cn
havarul.cn
hbejivix.cn
hgodakej.cn
hkawutet.cn
hocacap.cn
holoyin.cn
huvayov.cn
hxeqotet.cn
hyunohep.cn
jagegop.cn
jimigok.cn
jiquwac.cn
jirohup.cn
jjunopov.cn
jjunopov.cn
jpatoxih.cn
jranoxug.cn
jvafohit.cn
jvoqidev.cn
jxubocot.cn
kepomat.cn
kkamugag.cn
kovupaj.cn
krecahol.cn
kufanuv.cn
kyejixey.cn
lamadul.cn
lbihakag.cn
lbogupey.cn
lemecij.cn
loganuw.cn
lqihedax.cn
ltexujis.cn
lufogay.cn
luladuz.cn
lwofepib.cn
lwofexiv.cn
lxolemaj.cn
lyarazok.cn
lyuvuced.cn
mahalam.cn
mbajihiz.cn
mivutim.cn
mobivis.cn
moqeqez.cn
mtejuxad.cn
muhazec.cn
myibaqum.cn
nagozuc.cn
nahojut.cn
napojox.cn
nhofewih.cn
niduqab.cn
njihivax.cn
nnifikaj.cn
nocigoj.cn
nosadoc.cn
nqewonih.cn
nropemij.cn
pajikub.cn
pawucit.cn
pazoxif.cn
pevular.cn
pirebav.cn
pkipuyom.cn
pqezosem.cn
puhoquj.cn
puwuwug.cn
qahomeh.cn
qdiwoxaq.cn
qelaquk.cn
qfudocik.cn
qivokex.cn
qiyejas.cn
qoconug.cn
qokutuq.cn
qonanih.cn
qoxifuw.cn
qqisuluw.cn
qtufetag.cn
qudehiv.cn
qzonumeg.cn
rasafas.cn
rewelay.cn
rfozinud.cn
rgekepum.cn
rgekepum.cn
rizexez.cn
rjuyunex.cn
rmenisul.cn
rqasesoy.cn
rwobucem.cn
scelamoq.cn
shetepoc.cn
sirepil.cn
sjowemor.cn
socowuv.cn
sodajud.cn
somorez.cn
soqunup.cn
sorufar.cn
sovuzoq.cn
spojoxiq.cn
tatapum.cn
tawamof.cn
tdiceruk.cn
tfenuhah.cn
thidafak.cn
thodurux.cn
tnawulod.cn
tnikixep.cn
tvufisux.cn
vapabog.cn
vibariq.cn
vivuxab.cn
viyezis.cn
vludihum.cn
vobenog.cn
vohuren.cn
vopaguz.cn
voxaziq.cn
vqamiwur.cn
vriyigip.cn
vvobipad.cn
wabifoy.cn
wbakilit.cn
wbohovuh.cn
wgesirok.cn
wicigeh.cn
wiyisuh.cn
wnexejip.cn
wonefaq.cn
worldvld.cn
wovewab.cn
wuqumud.cn
xehevug.cn
xexugan.cn
xifepuj.cn
xipames.cn
xozowoj.cn
xquwavuk.cn
xuyokir.cn
ycaqoped.cn
ycetuvow.cn
yfolobow.cn
ygemuhop.cn
yinicuv.cn
yipenov.cn
ylafarum.cn
yororom.cn
yujacub.cn
yvukudey.cn
yzigawim.cn
zajeqav.cn
zapoyuf.cn
zcixefat.cn
zecemiz.cn
zfumulik.cn
zicorem.cn
zkodibay.cn
zlesanus.cn
zovoliz.cn
zowimij.cn
zrugaviv.cn
zsomiyon.cn
ztokusut.cn
zuguvov.cn
zupabuv.cn

Another 84 are ".com" domains:

12n3.com
150m.com
adabisnis.com
adorewow.com
adsnote.com
aftermelody.com
angerpeople.com
awaredear.com
barracudacentral.com
betterspoke.com
boldcover.com
cefjedhoha.com
chordspend.com
clickboothlnk.com
cncd-tex.com
coatfew.com
codetwo.com
comfyrace.com
confluencehr.com
connectionends.com
couldfloor.com
creamyglass.com
createsend2.com
entervanish.com
expertreason.com
fallsautumn.com
frankoferosscom.com
gate2service.com
giftedstood.com
gisdany.com
google.com
gotmoral.com
groupfinger.com
havebasic.com
hecreamy.com
helpleave.com
hesheet.com
hoawukfue.com
ihrodinpe.com
images-amazon.com
iomega.com
kezlink.com
livejournal.com
magicrange.com
metalartmaster.com
microsoft.com
mightysing.com
miturl.com
nbcmediacenter.com
onbisnis.com
passport.com
periodtwo.com
pharmacyonlineoffernow.com
posesea.com
proudnoble.com
quietcotton.com
qupdumvov.com
razoncollins.com
renownchief.com
restcalm.com
restthere.com
shegentle.com
shrtn.com
sidecatch.com
smooththan.com
soilbear.com
sonbottom.com
spreadtwenty.com
stoodstudy.com
stringmunchy.com
suchpull.com
t35.com
talkjoyful.com
thebraintree.com
tinytwitt.com
trucktingle.com
waitname.com
webmd.com
weightboxtime.com
whiledesire.com
winsportbike.com
yahoo.com (abused in the form of newly created "yahoo groups")
zestquart.com