Jump to content

Drop in reporting


Lking

Recommended Posts

Who'dda thought spam would spawn a legit industry - spam poetry :lol:
I'm reasonably certain spammers themselves would be recyclable, the only real question to my mind being the amount of processing required. Composting would be the most energy-efficient but the little devils keep climbing out of the bin. {sigh} Plan B ... shredding first, check the decibel levels, etc., etc.

Sure enough, I too seem to be back to 'normal' spam levels. The Chinese-registered, botnet-hosted redirectors are resolving just fine now though.

Link to comment
Share on other sites

I must be on some weird lists. My overnight spam load has doubled 100-200 vs 50-100 for the last two weeks, with about 1/2 the increase in cyrillic.

The lull lasted longer than I would have guessed.

Link to comment
Share on other sites

...You'd think ICANN would not allow automated, bulk domain registrations for just for this reason.
Definitely reason to feel more sanguinary than sanguine about the whole thing. But then M$'s live.com is being used for the same purposes (redirection) as the botnetted Chinese 'alphabet soup' domains and in considerable volume from what I can see, even more cause to be aggrieved about that. Apparently microsoft.com made it to #5 in the SpamHaus top 10 list of dreadful ISPs yesterday-day before but by the time I looked they weren't even in the top ten anymore. All a dreadful mistake or some re-arrangement of deckchairs? The internet continues to founder in the same old sea of spam.

But yeah, it was nice while the botnets were down. Just hope the goodguys learned more about beating them than the bothearders learned about recovery (for next time).

Link to comment
Share on other sites

I must be on some weird lists. My overnight spam load has doubled 100-200 vs 50-100 for the last two weeks, with about 1/2 the increase in cyrillic.

The lull lasted longer than I would have guessed.

Same but different here with the lull starting 8 November with a drop from 180/d to 130/d and cyrillic spam way down and remaining that way.

From 18 November and currently 120/d.

Link to comment
Share on other sites

The drop has been consistent a few weeks now, I will keep my fingers crossed. Seems for the most part I am pestered by a Russian spammer who is pretty bullet proof. I also saw an increase in spam rallied via Turkey server at the expense of south American and Korean spam. The Japanese spam has dropped to near 0. Hard to tell who the real spammers are without doing further research but the trends I see are consistent and considerable.

Link to comment
Share on other sites

The stats are showing things are returning to 'spam normal' with the Srizbi botnet's reactivation. The sophistication of that operation's built-in contingency planning is breathtaking (noted various places, including):

Srizbi Botnet: Life after McColo (thanks for the link vark).

In any even, the botnet's operations are not exactly as they were - yesterday was far lower than usual for me, after days of having bounced back to pre-shutdown levels. ISP filtering comes into the equation, making it hard to guess all that is happening.

Link to comment
Share on other sites

Hi,

The IP was from my IP panel at the time. WHOIS pointed it to MSN bot and I popped it into Google and found over 600 results, including the honeypot project, stopforumspam and the first two hits were that article.

Cheers!

Link to comment
Share on other sites

  • 1 month later...
  • 2 months later...
The most significant spam-related event in the first quarter of 2009 occurred when spam volume returned to pre-McColo takedown levels. By the second half of March, seven-day average spam volume was at the same volume we saw prior to the blocking of the McColo ISP in November 2008.
http://googleenterprise.blogspot.com/2009/...ds-q1-2009.html (thanks to Rooster for the link). So, in the Postini world it's official, back to taws - but with some interesting 'adaptations'. And noting the world awaits Cornficker/Downloadup to 'drop the other shoe'. The anticipated April Fools' day activation of same seems to have been a non-event (though my local network users reckon there was a huge upsurge in port scanning, possibly related - they are a 'sometimes excitable' bunch but reliable enough about such observations).
Link to comment
Share on other sites

  • 3 weeks later...
I'm really getting a lot more spam now than I was before the big drop. I guess the spammers have found new ways to get their spam through and they're making up for lost time. :(
Thanks kae, useful observation - the tendency over time is certainly for continual increase, somewhat masked by silent ISP filtering of an increasing proportion of total messages and the growth of greylisting. As some have long said, the key to retained sanity is sanitation - keep the stuff out of your intray.
Link to comment
Share on other sites

Thanks kae, useful observation - the tendency over time is certainly for continual increase, somewhat masked by silent ISP filtering of an increasing proportion of total messages and the growth of greylisting. As some have long said, the key to retained sanity is sanitation - keep the stuff out of your intray.

Yes indeed that is so true.

I am thankful that the growth that I've seen has all been in the "Held Mail" folder. It would be such a pain to have all that spam in my Inbox. Spamcop does a fine job of filtering spam out of my Inbox. :)

Link to comment
Share on other sites

  • 3 weeks later...

I was just chatting with my webhost in the UK and it appears there has been a stupid-massive increase since the botnets cameback, so it's not just a local phenomenon to me.

My email was sporadic last month and I sent a trouble ticket. The response was there was such a flood beginning in April (that hasn't stopped), it collapsed their email servers. They tripled the capacity in the meantime and it's *just* keeping up. So they had to write their own algorithm to drop any with a deformed header (idicitive of relays) to keep it from coming down again.

So I hopped on the phone to my ISP in Vancouver again with that info to find it confirmed, but my ISP had already taken preventative action.

In all cases, unlike the pre-McColo takedown, they can't pin down one, or even a regional source - it's distrubuted and it's "vengeful", as the term was mentioned :(

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...