Incidents
Massive SPAM Increase Oct 06 2006 11:02PM
Alex (incidents alex gotdns org) (2 replies)
Re: Massive SPAM Increase Oct 09 2006 05:01AM
jim barchuk (jb jbarchuk com) (1 replies)
Hi Alex!

> I don't know if I'm a target of some SPAM attack or if it is just
> business as usual.

I think it's business as usual, on new millenium designer steroids. :)

First, I must say that I *never* even glance at headers any more. I don't
have the slightest interest or care where they came from, pro, amateur,
cracked box, whatever.

Second, I don't keep any kinds of recorded stats on anything, so
everything I talk about is based on constant monitoring and memory. Not
particularly reliable for hard number documentation, but I do have a good
feel for the general ebbs and flows.

But I do study spam *content* very intently. The purpose of course is to
either steal or sell stuff. The stealers are the 419/ID thefts/other
scams, and the sellers are the mortgage/pharm/porn vendors. (There are two
other kinds, viruses/malignant email (which return no profit except to
gain new spam broadcast machines,) and 'broken spam generators' (which are
simply faulty software,) and although there are *tons* of faulty spam
neither of those two are profit -generators- for the spammer so I tend to
discount them in importance.) (And whether a particular 'sell' spam really
is a scam in sheeps clothing is a separate but moot topic because it's
undetectable at the email level.)

I do notice a couple of things over the past week or so.

One is, yes, a drastic *spike* to a new higher plateau in sheer volume did
happen. I can't recall an exact date, but it did happen very suddenly. If
I did have to pin a date on it it would be 10/2 or 10/3. Normally spammers
'go to work' on Thursday, to hit the 'weekend surfers.' (Used to be Friday
but they moved it up earlier this year.) But it ocurred to me one day that
it was waaaaaay too early in the week for the usual weekend flood. And it
wasn't just a day earlier, Wednesday, which is why I think it was Monday
or Tuesday. Tuesday sticks in my head a little stronger but not sure.

The other thing I notice is that there was little *variation* in the
*kinds* of spam I get. No unusual increases in bounces, (joesjobs,) or
sellers or stealers, just a larger volume overall.

By spike --> new plateau, I mean I went from a usual 500/day to 700/800.
50% is a *ton* more to happen so suddenly.

I *think*, (that is, an intiutive guess,) that I've seen these kinds of
increases before. (Again, I don't keep any kinds of stats on this stuff
that would help to objectively demonstrate a theory.) I think it happens
generally early in the month. I *think* this happens actually for
*business* (the business of spam) reasons. I have a feeling that the
spammers tend to operate on a monthly cycle. They gather new orders during
the month, and start firing off their product at the start of the next
month. I'm guessing that it's probably simply easier to do things this
way, different process steps in order -during- the month, rather than to
do 'everything every day.' The weekly cycles certainly do exist, so
there's no reason that there aren't month;y cycles too. All businesses
work that way. Why Sept might have been a hot 'new orders' month that
leads to hotter than average Oct volume is another story. :)

There's another possibility, that you've finally gotten into the 'millions
of email addresses' lists that the spammers use. I sure remember when
*that* happened to me many years ago, when spam suddenly shot from 'a
couple' to 'dozens --> scores --> hundreds' a day. Once you're tagged as a
'reliable addess,' eventually they put you in the From: and other header
lines so you can collect the bounces as well as the original spam. I'm
particularly tickled by all the instances I get of 'receive several
bounces *before* the original spam' because that means I have a *very*
reliable address and am -highly- -regarded- by the spam software that
generates it. LOL!

Have a :) day!

jb

--
jim barchuk
jb (at) jbarchuk (dot) com [email concealed]

------------------------------------------------------------------------
------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas.
World renowned security experts reveal tomorrow's threats today. Free of
vendor pitches, the Briefings are designed to be pragmatic regardless of your
security environment. Featuring 36 hands-on training courses and 10 conference
tracks, networking opportunities with over 2,500 delegates from 40+ nations.

http://www.blackhat.com
------------------------------------------------------------------------
------

[ reply ]
Re: Massive SPAM Increase Oct 09 2006 11:00PM
Graeme Fowler (G E Fowler lboro ac uk)
Re: Massive SPAM Increase Oct 08 2006 09:30PM
Kurt Seifried (bt seifried org) (1 replies)
Re: Massive SPAM Increase {-2.6} Oct 09 2006 01:15AM
Vini Engel (vini fugspbr org) (1 replies)
Re: Massive SPAM Increase {-2.6} Oct 09 2006 04:06AM
Kurt Seifried (bt seifried org) (1 replies)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 05:06AM
Vini Engel (vini fugspbr org) (1 replies)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 06:33PM
Paul Schmehl (pauls utdallas edu) (3 replies)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 14 2006 02:46AM
Valdis Kletnieks vt edu (1 replies)
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 14 2006 03:52AM
Paul Schmehl (pauls utdallas edu) (3 replies)
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 17 2006 01:20AM
Jamie Riden (jamesr europe com)
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 16 2006 05:04PM
benfell raven cybernude org (2 replies)
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 16 2006 05:38PM
Paul Schmehl (pauls utdallas edu) (1 replies)
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 17 2006 01:44AM
gabriel rosenkoetter (gr eclipsed net)
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 16 2006 05:29PM
Valdis Kletnieks vt edu
Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 14 2006 05:44AM
Valdis Kletnieks vt edu (1 replies)
Re: ***SPAM*** Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 14 2006 05:17PM
Paul Schmehl (pauls utdallas edu) (2 replies)
Re: ***SPAM*** Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6} Oct 17 2006 01:59AM
Dude VanWinkle (dudevanwinkle gmail com)
Re: Massive SPAM Increase Oct 16 2006 03:57PM
gabriel rosenkoetter (gr eclipsed net) (1 replies)
Re: Massive SPAM Increase Oct 17 2006 01:33AM
Jamie Riden (jamesr europe com)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 11:09PM
Graeme Fowler (G E Fowler lboro ac uk) (1 replies)
Re: Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 11:43PM
Luke Burton (luke burton echidna id au) (1 replies)
Re: Massive SPAM Increase Oct 10 2006 07:44PM
Tillmann Werner (tillmann werner gmx de)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 09:29PM
Tim (tim-forensics sentinelchicken org) (2 replies)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 10:33PM
Paul Schmehl (pauls utdallas edu) (2 replies)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 11:48PM
Tim (tim-forensics sentinelchicken org)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 10:47PM
Nathaniel Hall (nathaniel d hall gmail com)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 10:28PM
Brent Kearney (brent kearneys ca) (1 replies)
Re: Massive SPAM Increase {-2.6} {-2.6} Oct 09 2006 10:38PM
Paul Schmehl (pauls utdallas edu)


 

Privacy Statement
Copyright 2010, SecurityFocus