Jump to content
Sign in to follow this  
Lking

Drop in reporting

Recommended Posts

Who'dda thought spam would spawn a legit industry - spam poetry :lol:
I'm reasonably certain spammers themselves would be recyclable, the only real question to my mind being the amount of processing required. Composting would be the most energy-efficient but the little devils keep climbing out of the bin. {sigh} Plan B ... shredding first, check the decibel levels, etc., etc.

Sure enough, I too seem to be back to 'normal' spam levels. The Chinese-registered, botnet-hosted redirectors are resolving just fine now though.

Share this post


Link to post
Share on other sites
The zombies are coming back!

The SpamCop monthly graph seems to bear this out -- week 47 rate has gone up by about 50% over the very quiet week 46.

I couldn't say what the impact is in my own case, I let my ISP filter most of mine out before it goes to SpamCop or my computer.

-- rick

Share this post


Link to post
Share on other sites

I must be on some weird lists. My overnight spam load has doubled 100-200 vs 50-100 for the last two weeks, with about 1/2 the increase in cyrillic.

The lull lasted longer than I would have guessed.

Edited by Lking

Share this post


Link to post
Share on other sites

Yup! I had an increase yesterday and today a HUGE jump in spam.

You'd think ICANN would not allow automated, bulk domain registrations for just for this reason.

Share this post


Link to post
Share on other sites
...You'd think ICANN would not allow automated, bulk domain registrations for just for this reason.
Definitely reason to feel more sanguinary than sanguine about the whole thing. But then M$'s live.com is being used for the same purposes (redirection) as the botnetted Chinese 'alphabet soup' domains and in considerable volume from what I can see, even more cause to be aggrieved about that. Apparently microsoft.com made it to #5 in the SpamHaus top 10 list of dreadful ISPs yesterday-day before but by the time I looked they weren't even in the top ten anymore. All a dreadful mistake or some re-arrangement of deckchairs? The internet continues to founder in the same old sea of spam.

But yeah, it was nice while the botnets were down. Just hope the goodguys learned more about beating them than the bothearders learned about recovery (for next time).

Share this post


Link to post
Share on other sites
I must be on some weird lists. My overnight spam load has doubled 100-200 vs 50-100 for the last two weeks, with about 1/2 the increase in cyrillic.

The lull lasted longer than I would have guessed.

Same but different here with the lull starting 8 November with a drop from 180/d to 130/d and cyrillic spam way down and remaining that way.

From 18 November and currently 120/d.

Share this post


Link to post
Share on other sites

The drop has been consistent a few weeks now, I will keep my fingers crossed. Seems for the most part I am pestered by a Russian spammer who is pretty bullet proof. I also saw an increase in spam rallied via Turkey server at the expense of south American and Korean spam. The Japanese spam has dropped to near 0. Hard to tell who the real spammers are without doing further research but the trends I see are consistent and considerable.

Share this post


Link to post
Share on other sites

The stats are showing things are returning to 'spam normal' with the Srizbi botnet's reactivation. The sophistication of that operation's built-in contingency planning is breathtaking (noted various places, including):

Srizbi Botnet: Life after McColo (thanks for the link vark).

In any even, the botnet's operations are not exactly as they were - yesterday was far lower than usual for me, after days of having bounced back to pre-shutdown levels. ISP filtering comes into the equation, making it hard to guess all that is happening.

Share this post


Link to post
Share on other sites

That "story" (blog post) is pretty weak and misleading....read the first comment below it....the author thinks that Windows runs on mainframes. :blink:

I googled some of the IPs and didn't come up with posts...just a lot of stat logs.

DT

Share this post


Link to post
Share on other sites

Hi,

The IP was from my IP panel at the time. WHOIS pointed it to MSN bot and I popped it into Google and found over 600 results, including the honeypot project, stopforumspam and the first two hits were that article.

Cheers!

Share this post


Link to post
Share on other sites
The most significant spam-related event in the first quarter of 2009 occurred when spam volume returned to pre-McColo takedown levels. By the second half of March, seven-day average spam volume was at the same volume we saw prior to the blocking of the McColo ISP in November 2008.
http://googleenterprise.blogspot.com/2009/...ds-q1-2009.html (thanks to Rooster for the link). So, in the Postini world it's official, back to taws - but with some interesting 'adaptations'. And noting the world awaits Cornficker/Downloadup to 'drop the other shoe'. The anticipated April Fools' day activation of same seems to have been a non-event (though my local network users reckon there was a huge upsurge in port scanning, possibly related - they are a 'sometimes excitable' bunch but reliable enough about such observations).

Share this post


Link to post
Share on other sites

I'm really getting a lot more spam now than I was before the big drop. I guess the spammers have found new ways to get their spam through and they're making up for lost time. :(

Share this post


Link to post
Share on other sites
I'm really getting a lot more spam now than I was before the big drop. I guess the spammers have found new ways to get their spam through and they're making up for lost time. :(
Thanks kae, useful observation - the tendency over time is certainly for continual increase, somewhat masked by silent ISP filtering of an increasing proportion of total messages and the growth of greylisting. As some have long said, the key to retained sanity is sanitation - keep the stuff out of your intray.

Share this post


Link to post
Share on other sites
Thanks kae, useful observation - the tendency over time is certainly for continual increase, somewhat masked by silent ISP filtering of an increasing proportion of total messages and the growth of greylisting. As some have long said, the key to retained sanity is sanitation - keep the stuff out of your intray.

Yes indeed that is so true.

I am thankful that the growth that I've seen has all been in the "Held Mail" folder. It would be such a pain to have all that spam in my Inbox. Spamcop does a fine job of filtering spam out of my Inbox. :)

Share this post


Link to post
Share on other sites

I was just chatting with my webhost in the UK and it appears there has been a stupid-massive increase since the botnets cameback, so it's not just a local phenomenon to me.

My email was sporadic last month and I sent a trouble ticket. The response was there was such a flood beginning in April (that hasn't stopped), it collapsed their email servers. They tripled the capacity in the meantime and it's *just* keeping up. So they had to write their own algorithm to drop any with a deformed header (idicitive of relays) to keep it from coming down again.

So I hopped on the phone to my ISP in Vancouver again with that info to find it confirmed, but my ISP had already taken preventative action.

In all cases, unlike the pre-McColo takedown, they can't pin down one, or even a regional source - it's distrubuted and it's "vengeful", as the term was mentioned :(

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×