Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Incidents
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Massive SPAM Increase

from [jim barchuk] Network Security [Permanent Link]
Subject: Re: Massive SPAM Increase
Date: Mon, 9 Oct 2006 01:01:08 -0400 (EDT) 
Hi Alex!

I don't know if I'm a target of some SPAM attack or if it is just business as usual. 

I think it's business as usual, on new millenium designer steroids. :)

First, I must say that I *never* even glance at headers any more. I don't have the slightest interest or care where they came from, pro, amateur, cracked box, whatever.

Second, I don't keep any kinds of recorded stats on anything, so everything I talk about is based on constant monitoring and memory. Not particularly reliable for hard number documentation, but I do have a good feel for the general ebbs and flows.

But I do study spam *content* very intently. The purpose of course is to either steal or sell stuff. The stealers are the 419/ID thefts/other scams, and the sellers are the mortgage/pharm/porn vendors. (There are two other kinds, viruses/malignant email (which return no profit except to gain new spam broadcast machines,) and 'broken spam generators' (which are simply faulty software,) and although there are *tons* of faulty spam neither of those two are profit -generators- for the spammer so I tend to discount them in importance.) (And whether a particular 'sell' spam really is a scam in sheeps clothing is a separate but moot topic because it's undetectable at the email level.)

I do notice a couple of things over the past week or so.

One is, yes, a drastic *spike* to a new higher plateau in sheer volume did happen. I can't recall an exact date, but it did happen very suddenly. If I did have to pin a date on it it would be 10/2 or 10/3. Normally spammers 'go to work' on Thursday, to hit the 'weekend surfers.' (Used to be Friday but they moved it up earlier this year.) But it ocurred to me one day that it was waaaaaay too early in the week for the usual weekend flood. And it wasn't just a day earlier, Wednesday, which is why I think it was Monday or Tuesday. Tuesday sticks in my head a little stronger but not sure.

The other thing I notice is that there was little *variation* in the *kinds* of spam I get. No unusual increases in bounces, (joesjobs,) or sellers or stealers, just a larger volume overall.

By spike --> new plateau, I mean I went from a usual 500/day to 700/800. 50% is a *ton* more to happen so suddenly.

I *think*, (that is, an intiutive guess,) that I've seen these kinds of increases before. (Again, I don't keep any kinds of stats on this stuff that would help to objectively demonstrate a theory.) I think it happens generally early in the month. I *think* this happens actually for *business* (the business of spam) reasons. I have a feeling that the spammers tend to operate on a monthly cycle. They gather new orders during the month, and start firing off their product at the start of the next month. I'm guessing that it's probably simply easier to do things this way, different process steps in order -during- the month, rather than to do 'everything every day.' The weekly cycles certainly do exist, so there's no reason that there aren't month;y cycles too. All businesses work that way. Why Sept might have been a hot 'new orders' month that leads to hotter than average Oct volume is another story. :)

There's another possibility, that you've finally gotten into the 'millions of email addresses' lists that the spammers use. I sure remember when *that* happened to me many years ago, when spam suddenly shot from 'a couple' to 'dozens --> scores --> hundreds' a day. Once you're tagged as a 'reliable addess,' eventually they put you in the From: and other header lines so you can collect the bounces as well as the original spam. I'm particularly tickled by all the instances I get of 'receive several bounces *before* the original spam' because that means I have a *very* reliable address and am -highly- -regarded- by the spam software that generates it. LOL!

Have a :) day!

jb

--
jim barchuk
jb@jbarchuk.com

------------------------------------------------------------------------------
This List Sponsored by: Black Hat

Attend the Black Hat Briefings & Training USA, July 29-August 3 in Las Vegas. World renowned security experts reveal tomorrow's threats today. Free of vendor pitches, the Briefings are designed to be pragmatic regardless of your security environment. Featuring 36 hands-on training courses and 10 conference tracks, networking opportunities with over 2,500 delegates from 40+ nations. 

http://www.blackhat.com
------------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Massive SPAM Increase {-2.6}, Kurt Seifried
Next by Date:  Re: Massive SPAM Increase {-2.6} {-2.6}, Vini Engel
Previous by Thread:  Re: ***SPAM*** Re: Massive SPAM Increase {-2.6} {-2.6}, Jamie Riden
Next by Thread:  Re: Massive SPAM Increase, Graeme Fowler
Indexes:  [Date] [Thread] [Top] [All Lists]