Internet Domain Registry

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Monday, 5 October 2009

A Day in the Life of Spam

Posted on 15:07 by Unknown
Its been quite a while since I did a "Day in the Life of Spam", but with some recent ups and downs in the trends, I thought it would be worth taking a look again.

For this study, I chose one group of trap addresses for the UAB Spam Data Mine, and decided to try to categorize every email received on October 4, 2009. These particular trap accounts received 10,583 spam emails that day. So how did they break out?

5854 emails or 55.3% = Pharmaceutical products
2303 emails or 21.7% = Watches and other counterfeit goods
1044 emails or 9.8% = Malware distribution
512 emails or 4.8% = Illegal software "OEM" software downloads
397 emails or 3.8% = Fake diplomas or instant degrees
69 emails or 0.6% = Work at home scams
66 emails or 0.6% = Russian language emails
30 emails or 0.3% = Casino spam
28 emails or 0.26% = "Giveaways gotchas" (gift cards, plane tickets,
cell phones, laptops that are called "free" but aren't)
28 emails or 0.26% = Chinese/Japanese emails

200 emails or 1.9% = miscellaneous things other than categories above
insurance, credit reports, DISH Network, ink & toner,
language learning, government grants, dating services,
GI bill info, teeth whitening, government auctions,
ab circle, timeshares, florida rental properties,
colo detox, etc.

Digging in deeper, Canadian Pharmacy dominated the pharmacy category, with what
seems to be at least 19 different spam campaigns, all pushing Canadian Pharmacy
affiliated websites. Compared to other affiliate pill programs, they win hands down:

5358 emails = Canadian Pharmacy
260 emails = Maximum Gentleman penis enlargement
107 emails = Canadian Health Care
61 emails = Online Pharmacy
32 emails = My Canadian Pharmacy
16 emails = Canadian Health & Care Mall
12 emails = Canadian Family Pharmacy
8 emails = Acai Berry

The big changes that stand out especially are that the famous "Russian Brides" spam has almost vanished entirely. Gone also is the Acai Berry spam, which was at one point nearly 15% of all of our spam email messages. 419 scams are disappearing as well, with only 7 emails out of the 10,500+ examined for this "Day in the Life" peek.

When we look at the URLs advertised just in those 5,358 Canadian Pharmacy emails, we find 7,056 unique URLs hosted on 348 domains, of which 234 are ".cn" domains:

aobypwto.cn
aohumwto.cn
bavulov.cn
biyahaj.cn
bjelunep.cn
bobobuk.cn
bohetoj.cn
botazux.cn
bsobidar.cn
bsozefew.cn
busegis.cn
buwaneg.cn
cabavov.cn
cedwoyep.cn
cixivic.cn
cmeqoher.cn
cnahehas.cn
cpiliguk.cn
cqolodar.cn
csimigek.cn
cucodag.cn
cujozas.cn
cuyilec.cn
czavoyig.cn
dadodeg.cn
dahonif.cn
darohus.cn
dbixumaq.cn
ddayatot.cn
dejoviw.cn
dhajeqiy.cn
dijajiv.cn
dilonef.cn
disaniv.cn
dnojisud.cn
doboget.cn
docuyiv.cn
dojiqur.cn
dtusukir.cn
dzayowis.cn
dzolufay.cn
fasosup.cn
fceqinaf.cn
fducilox.cn
fehavux.cn
fejunab.cn
fibujes.cn
ficimap.cn
finahoz.cn
fohiyub.cn
fovihag.cn
fpupewat.cn
fsoresok.cn
fxocefew.cn
gakarid.cn
gbukagef.cn
gebosor.cn
ggefalom.cn
girucav.cn
glimesaf.cn
gmogacof.cn
gmonigec.cn
gobahod.cn
gpevehig.cn
gzevohaq.cn
hakobiz.cn
havarul.cn
hbejivix.cn
hgodakej.cn
hkawutet.cn
hocacap.cn
holoyin.cn
huvayov.cn
hxeqotet.cn
hyunohep.cn
jagegop.cn
jimigok.cn
jiquwac.cn
jirohup.cn
jjunopov.cn
jjunopov.cn
jpatoxih.cn
jranoxug.cn
jvafohit.cn
jvoqidev.cn
jxubocot.cn
kepomat.cn
kkamugag.cn
kovupaj.cn
krecahol.cn
kufanuv.cn
kyejixey.cn
lamadul.cn
lbihakag.cn
lbogupey.cn
lemecij.cn
loganuw.cn
lqihedax.cn
ltexujis.cn
lufogay.cn
luladuz.cn
lwofepib.cn
lwofexiv.cn
lxolemaj.cn
lyarazok.cn
lyuvuced.cn
mahalam.cn
mbajihiz.cn
mivutim.cn
mobivis.cn
moqeqez.cn
mtejuxad.cn
muhazec.cn
myibaqum.cn
nagozuc.cn
nahojut.cn
napojox.cn
nhofewih.cn
niduqab.cn
njihivax.cn
nnifikaj.cn
nocigoj.cn
nosadoc.cn
nqewonih.cn
nropemij.cn
pajikub.cn
pawucit.cn
pazoxif.cn
pevular.cn
pirebav.cn
pkipuyom.cn
pqezosem.cn
puhoquj.cn
puwuwug.cn
qahomeh.cn
qdiwoxaq.cn
qelaquk.cn
qfudocik.cn
qivokex.cn
qiyejas.cn
qoconug.cn
qokutuq.cn
qonanih.cn
qoxifuw.cn
qqisuluw.cn
qtufetag.cn
qudehiv.cn
qzonumeg.cn
rasafas.cn
rewelay.cn
rfozinud.cn
rgekepum.cn
rgekepum.cn
rizexez.cn
rjuyunex.cn
rmenisul.cn
rqasesoy.cn
rwobucem.cn
scelamoq.cn
shetepoc.cn
sirepil.cn
sjowemor.cn
socowuv.cn
sodajud.cn
somorez.cn
soqunup.cn
sorufar.cn
sovuzoq.cn
spojoxiq.cn
tatapum.cn
tawamof.cn
tdiceruk.cn
tfenuhah.cn
thidafak.cn
thodurux.cn
tnawulod.cn
tnikixep.cn
tvufisux.cn
vapabog.cn
vibariq.cn
vivuxab.cn
viyezis.cn
vludihum.cn
vobenog.cn
vohuren.cn
vopaguz.cn
voxaziq.cn
vqamiwur.cn
vriyigip.cn
vvobipad.cn
wabifoy.cn
wbakilit.cn
wbohovuh.cn
wgesirok.cn
wicigeh.cn
wiyisuh.cn
wnexejip.cn
wonefaq.cn
worldvld.cn
wovewab.cn
wuqumud.cn
xehevug.cn
xexugan.cn
xifepuj.cn
xipames.cn
xozowoj.cn
xquwavuk.cn
xuyokir.cn
ycaqoped.cn
ycetuvow.cn
yfolobow.cn
ygemuhop.cn
yinicuv.cn
yipenov.cn
ylafarum.cn
yororom.cn
yujacub.cn
yvukudey.cn
yzigawim.cn
zajeqav.cn
zapoyuf.cn
zcixefat.cn
zecemiz.cn
zfumulik.cn
zicorem.cn
zkodibay.cn
zlesanus.cn
zovoliz.cn
zowimij.cn
zrugaviv.cn
zsomiyon.cn
ztokusut.cn
zuguvov.cn
zupabuv.cn

Another 84 are ".com" domains:

12n3.com
150m.com
adabisnis.com
adorewow.com
adsnote.com
aftermelody.com
angerpeople.com
awaredear.com
barracudacentral.com
betterspoke.com
boldcover.com
cefjedhoha.com
chordspend.com
clickboothlnk.com
cncd-tex.com
coatfew.com
codetwo.com
comfyrace.com
confluencehr.com
connectionends.com
couldfloor.com
creamyglass.com
createsend2.com
entervanish.com
expertreason.com
fallsautumn.com
frankoferosscom.com
gate2service.com
giftedstood.com
gisdany.com
google.com
gotmoral.com
groupfinger.com
havebasic.com
hecreamy.com
helpleave.com
hesheet.com
hoawukfue.com
ihrodinpe.com
images-amazon.com
iomega.com
kezlink.com
livejournal.com
magicrange.com
metalartmaster.com
microsoft.com
mightysing.com
miturl.com
nbcmediacenter.com
onbisnis.com
passport.com
periodtwo.com
pharmacyonlineoffernow.com
posesea.com
proudnoble.com
quietcotton.com
qupdumvov.com
razoncollins.com
renownchief.com
restcalm.com
restthere.com
shegentle.com
shrtn.com
sidecatch.com
smooththan.com
soilbear.com
sonbottom.com
spreadtwenty.com
stoodstudy.com
stringmunchy.com
suchpull.com
t35.com
talkjoyful.com
thebraintree.com
tinytwitt.com
trucktingle.com
waitname.com
webmd.com
weightboxtime.com
whiledesire.com
winsportbike.com
yahoo.com (abused in the form of newly created "yahoo groups")
zestquart.com
Email ThisBlogThis!Share to XShare to Facebook
Posted in spam | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • 2009 Year in Review
    As 2009 comes to a close I wanted to take a minute to thank all of the people who have been helpful to this blog this year, and to share bac...
  • Top Brands Imitated by Malicious Spam
    WebSense recently released an InfoGraphic titled "Top Five Subject Lines in Phishing Emails." for January 1, 2013 through Septemb...
  • Aggrevated Identity Theft Law in Action
    There are so many interesting angles to the story this week about a case in Tucson, Arizona. The conviction actually went down in March 200...
  • More Merger Malware Wachovia Wells Fargo
    Today I received a message from Robert K. Steel, the President and CEO of Wachovia Bank. Actually I received several hundred messages from ...
  • Italian Court declares itself Friend of Pirates (or does it?)
    I couldn't believe this one. The Associated Press reported yesterday that Italian high court says file-swapping is not illegal . In this...
  • AffPower Indictments Scare Affiliates!
    Today I heard the news that the "AffPower" drug network is being shut down, starting with 18 arrests in Texas, Florida, Colorado, ...
  • Bank of America Demo Account - DO NOT CLICK
    Beginning on November 25th, the UAB Spam Data Mine has been receiving messages claiming to be from Bank of America which will explain to us ...
  • Radical Muslim Hackers Declare CyberWar on Israel
    This weekend more than 300 Israeli websites have been defaced in a period of 48 hours. In a website "defacement" a hacker violate...
  • Securing Cyberspace in the 44th Presidency: Part Two
    Yesterday I provided some context for the Center for Strategic and International Studies report which was published yesterday: Security Cyb...
  • Dear CEO . . . You are Commanded to Go Phishing!
    This week has been busy with yet another Spear Phishing campaign being launched against the Execs of US-based companies. This is not a new ...

Categories

  • china
  • computer security careers
  • conficker
  • cyberwar
  • digital certificates
  • facebook
  • fake av
  • gumblar
  • koobface
  • law enforcement
  • malware
  • pharmaceuticals
  • phishing
  • public policy
  • spam
  • twitter
  • twitter malware
  • waledac
  • zbot

Blog Archive

  • ►  2013 (21)
    • ►  December (4)
    • ►  November (1)
    • ►  October (1)
    • ►  September (1)
    • ►  August (3)
    • ►  July (1)
    • ►  June (1)
    • ►  May (5)
    • ►  April (3)
    • ►  March (1)
  • ►  2012 (18)
    • ►  August (1)
    • ►  June (1)
    • ►  May (7)
    • ►  April (2)
    • ►  March (7)
  • ►  2011 (28)
    • ►  November (3)
    • ►  October (1)
    • ►  August (4)
    • ►  July (6)
    • ►  June (1)
    • ►  May (2)
    • ►  April (2)
    • ►  March (6)
    • ►  February (1)
    • ►  January (2)
  • ►  2010 (80)
    • ►  December (6)
    • ►  November (10)
    • ►  October (6)
    • ►  September (12)
    • ►  August (5)
    • ►  July (4)
    • ►  June (11)
    • ►  April (7)
    • ►  March (8)
    • ►  February (4)
    • ►  January (7)
  • ▼  2009 (92)
    • ►  December (12)
    • ►  November (11)
    • ▼  October (16)
      • Facebook Safety & Million Member Facebook Groups
      • FACEBOOK PHISH! Users Beware!
      • Fake FDIC spam campaign spreads Zeus malware
      • FBI and SOCA make a media splash at RSA Europe
      • Phishing For Love: Banking Insiders
      • TowerNet CapitalOne: Avalanche returns after 15 mo...
      • Zipped Malware Attachments in Spam: Here comes Con...
      • Hacked Newspaper loads Google News with malware sites
      • Targeted URLs in spam . . .OWA Settings update
      • IRS Zeus via Geocities
      • A weekend of Old News
      • The FBI's Biggest Domestic Phishing Bust Ever
      • Microsoft "Your e-mail will be blocked" phish
      • A Day in the Life of Spam
      • Cyber Security Awareness Month: Day Two
      • Cyber Security Awareness Month: Day One
    • ►  September (7)
    • ►  July (5)
    • ►  June (10)
    • ►  May (2)
    • ►  April (6)
    • ►  March (7)
    • ►  February (6)
    • ►  January (10)
  • ►  2008 (101)
    • ►  December (7)
    • ►  November (17)
    • ►  October (11)
    • ►  September (10)
    • ►  August (22)
    • ►  July (12)
    • ►  June (3)
    • ►  May (7)
    • ►  April (5)
    • ►  March (2)
    • ►  February (1)
    • ►  January (4)
  • ►  2007 (31)
    • ►  December (3)
    • ►  November (9)
    • ►  October (3)
    • ►  September (2)
    • ►  August (5)
    • ►  July (5)
    • ►  January (4)
  • ►  2006 (5)
    • ►  December (2)
    • ►  October (3)
Powered by Blogger.

About Me

Unknown
View my complete profile