Spam Hits Its Highest Level Since 2010

Long-time Slashdot reader coondoggie quotes Network World: Spam is back in a big way -- levels that have not been seen since 2010 in fact. That's according to a blog post from Cisco Talos that stated the main culprit of the increase is largely the handiwork of the Necurs botnet... "Many of the host IPs sending Necurs' spam have been infected for more than two years.

"To help keep the full scope of the botnet hidden, Necurs will only send spam from a subset of its minions... This greatly complicates the job of security personnel who respond to spam attacks, because while they may believe the offending host was subsequently found and cleaned up, the reality is that the miscreants behind Necurs are just biding their time, and suddenly the spam starts all over again."
Before this year, the SpamCop Block List was under 200,000 IP addresses, but surged to over 450,000 addresses by the end of August. Interestingly, Proofpoint reported that between June and July, Donald Trump's name appeared in 169 times more spam emails than Hillary Clinton's.

Perhaps more likely to click

[dmewhort]

Given that it takes such a low takeup rate to make spam profitable, perhaps there is a slightly larger chance that a Trump supporter would click through and they are upping their profits that way.

Re:

[plover]

Proofpoint is studying election related phishing attacks, not generic spam. The ratio may be an indicator that the attackers expect Trump supporters to be far more gullible than Clinton supporters.

Re: Perhaps more likely to click

[Anonymous Coward]

I figured it was because few really care what Clinton has to say while many wonder who is going to be offended by something Trump said now.

Re:

[GrandCow]

Not that I am pro-Trump, but just because his name is in the email doesn't mean it's a Trump supporting email. It could just as easily be anti-Trump spam.

Trump & spam

[Zocalo]

Donald Trump's name appeared in 169 times more spam emails than Hillary Clinton's.

Can't say I'm at all surprised by that. I've been getting a steady stream of what appear to be genuine emails from the Trump campaign (all the links are to legit Trump and GOP domains, plus a few MSM ones) asking for donations for a few weeks now. There's a whole bunch of problems with that, other than it being UBE - I'm a British citizen so I don't think Trump can legally accept my donation anyway; several of the domains involved are within the .uk ccTLD; and the addresses concerned are all (and always have been) spam traps. And yes, I have been forwarding them all to the FEC [fec.gov].

Seriously, Donald, if you're going to let your campaign team buy email lists from who-knows-where and spam the shit out of them, they could at least do some basic list washing first - it's starting to look like Hillary isn't the only one with an incompetent email admin team...

Re:

[Tehrasha]

Sounds likes someone signed you up to a political list.

The amount of legitimate political email I have received this season is ZERO.

Re:

[tomhath]

The spam isn't coming from either candidate's team. They're phishing attacks.

Re:

[ShanghaiBill]

The spam isn't coming from either candidate's team. They're phishing attacks.

... and the reason they mention Trump is as a dumbness filter.

Did you know that most "Nigerian" spam doesn't actually come from Nigeria? The reason the spammers mention Nigeria is to make it so obvious that it is fraud that only the stupidest of the stupid respond. If they sucker in someone with half a brain, then it is likely that person will eventually suspect something and balk at wiring the money, thus wasting their time. So they only want people with no sense at all.

Trump supporters have already sho

Re:

[ShanghaiBill]

Did you know that most "Nigerian" spam doesn't actually come from Nigeria?

Here is an article [economist.com] that explains the strategy of making spam look like obvious spam. Not only do spammers explicitly mention Nigeria, they also intentionally use bad spelling and bizarre capitalization. All this is designed to weed out sensible people, so they can focus their efforts on only the most credulous respondents.

For spammers, "Trump" is the new Nigeria.

Re:

[Zocalo]

I'm sure there's a lot of election related phishing out there too, and I've got lots of examples of that too, but as I noted all of this is pointed entirely at genuine Trump/GOP domains with a few MSM ones thrown in for citations; it's almost certainly genuine campaign spam from Trump or one of his supporters acting (possibly independently) on his behalf - there are no dodgy domains at all (unless you want to count Fox News), including in the mail headers, which are from a legit ESP. They're also hitting s

Let's have some fun

[whoever57]

Let's have some fun with this statement:

Proofpoint reported that between June and July, Donald Trump's name appeared in 169 times more spam emails than Hillary Clinton's.

Possible causes:

Spammers think Trump supporters more likely to fall for scam?

Trump actually spamming?

Clinton spamming and using Trump name in spam to alienate possible voters?

Re:

[Tehrasha]

Clickbait. I have seen several spams with a subject line similar to 'Did Donald Trump just win the election?' with a payload that contains absolutely zero content associated with the subject.

Could this be FUD?

[swell]

I don't believe there's an increase. My ten plus mailboxes get a total of 10 spams per week. Same or less than they got in the last century. Of the 10 spams, roughly 2 are from an annoying friend, 2 are from Trump affiliates, 2 have Chinese looking script, 3 are from small businesses. Most are the result of legitimate attempts to communicate but a typo in the address got me involved.

If I owned an internet security business, I suppose I'd want people panicking about spam or viruses. Could this be FUD?

Re:

[jtownatpunk.net]

You don't see it because the spam gets filtered, not because the spam doesn't exist. And most of it doesn't even make it to your spam folder these days. It gets filtered at the edge before it even comes into you mail system. But I shouldn't have to explain that to someone with a ID lower than mine. Come on.

Re:

[tijgertje]

Even with spam filtering off on your account
If the host does SPF-checks (https://en.wikipedia.org/wiki/Sender_Policy_Framework) (most likely) they will filter out 80% of all spam before it even sees a spamfilter.

Re:

[Zocalo]

Most people don't get an unfiltered email feed any more; your ISP or webmail provider will be rejecting or dumping a lot of the more obvious junk long before it even comes close your spam folder, let alone your inbox, so unless you are running your own mail server and can see all the inbound email unfiltered and are monitoring SMTP rejects it's much harder to tell. Cisco Talos is essentially going to be using the SpamCop feed and traps to make their assessments, so they have access to a *lot* of "raw" SMTP

Re:

[lawaetf1]

Could you share some of your MTA rules? I run just vanilla spamassassin (latest version) and I am finding it has become borderline useless.

Re:

[g2255691]

No its not. This is very true and happening a LOT. I run Sendmail ( a mail server, also known as MTA) on a fairly busy mail service and have ended up using Barracuda Spam Control - https://login.barracudanetwork... [barracudanetworks.com] to manage the insane amount of spam and virus attacks (PDF files) that I recieved just in the last few years. We had upwards of 400,000 emails an hour full of PDF laden viruses just last week...

This is a real time graphs of attacks and mails to our Barracuda Gateway to give you an idea:

** Y

Is it really spam? Or viruses?

[ShaunC]

The graph of subject lines caught my eye while looking at the Talos report. In my own experience, the recent floods of mail with subjects like "Budget report," "Tax invoice," "Scanned document," etc. all arrive with some Windows ransomware variant attached. Not sure I'd really call these spam in the traditional sense. They're unsolicited, of course, but they aren't commercial in nature.

That aside, I do see an upward trend in UCE. The biggest offenders for me lately are of the boner pill variety, PurpleRhino

It's not my email that's getting spam-bombed

[Applehu Akbar]

Spam filtering on my email is working normally and I'm getting the normal amount of both false-negative (spam that gets through) and false-positive filtering (travel confirmations and bank notices that fall into my spam folder). Now it's the landline that has been spammed out to the extent that we leave it unplugged most of the time. And yes, this year most of it is political.

Nomorobo.com can save your landline, but it only works for certain carriers.

not surprised

[TFlan91]

and over that same amount of time we've seen the same increase in VPS's, VM's and personal desktops, thus more targets for bot nets.

not surprised...

SPAM was solved right?

[zbaron]

Spam Will Be 'Solved' In 2 Years [informationweek.com] -- Bill Gates, 2004

If only he'd put a number on a maximum number of emails sent per spammer. 640,000 SPAMs should be enough for anyone!

Re:

[nukenerd]

Funny that on the page you linked there is a pop-up asking for my email address, for no stated reason.

Re:

[Not-a-Neg]

People weren't willing to pay a penny to send e-mail: https://www.cnet.com/forums/di... [cnet.com]

And much of it can be easily blocked by the MTA

[Megane]

Apparently due to the need for cheap domain names, spammers are running their outbound mail configured with cheap TLDs. I suppose they are doing this so that they can have an actual domain name that resolves properly because it's too easy to block an invalid domain name?

Whatever the reason, if you run your own inbound MTA, a lot of spam can be blocked by simply setting it to discard any mail from these sleazy TLDs, before even reaching the point of doing blackhole list lookup. The worst ones these days are

Political spam != spam

[BringsApples]

It's not spam if it's political, it's just politics. Politics is in itself, pure bullshit, concealed with ...whatever it takes. In this case, emails.

Live and let spam is EVIL

[shanen]

Do we need to rehash the reasons why? You might not have any sympathy for the suckers, or you might not care about attacks on corporate reputations and customers. You might not have any children for the spammers to target, but in that case I think I should extend my sympathies. You don't care about false positives that lose your actual email and you think your time spent with false negatives is too small to matter (and don't care about the multiplication of that time by the millions). You're still getting victimized by the general inefficiency the spammers impose on everyone. Or perhaps worst of all, the basic spammers create noise that helps mask the serious threats of the serious scammers, such as spear-phishermen and identity thieves.

It seems like all of the big email providers have adopted the motto of "Live and Let Spam." Obviously didn't work for Yahoo, did it? Whatever Microsoft paid for the Hotmail brand must have been written off for similar reasons. The google is the saddest case of all, but perhaps that was just the generalized result of dropping "Don't be evil" in favor of "All your attention are belong to us." Anyway, at this point I monitor all three and Gmail clearly has the worst filters, both for false positives and false negatives and for feebleness of their countermeasures. Proof? In the preferences of the spammers themselves, blessing Gmail with the most spam of all.

Doesn't have to be that way. The rational spammers do have economic models that could be attacked. Dropboxes can be nuked and external email services that provide the dropboxes can be pressured. Link shorteners can be subverted against the spammers. Lots of other countermeasures are possible, but the google don't care (and Yahoo can't afford to care and who cares about Outlook).

*sigh* Just venting again, but I really wish someone provided a really good email system, one with tools that would let me help fight the spammers. Why not convert some of the universal hatred of spammers into positive sentiments towards an email system that scares the spammers?

Seen it First Hand

[rsmith-mac]

It's a shame the Cisco blog is linked second, because it's a great (yet short) read.

Since the end of last month one of my very low volume email accounts has been on the receiving end of a new spam campaign trying to give me malware. The emails I've received exactly match the emails in Cisco's graph [blogspot.com] So it's neat to see what's behind it - in this case the Necurs botnet running at full tilt.

Considering this account was receiving virtually zero spam before, it's definitely a major uptick in spam.

SpamCop.net is not Dead

[Khopesh]

SpamCop [spamcop.net] is not dead. It is still up and running and the free blocklist is a great part of your anti-spam arsenal. Compare RCVD_IN_BL_SPAMCOP_NET to the other free options using SpamAssassin rule vetting stats [spamassassin.org] and you'll see it's among the top performers. ("S/O" is a measure of relative precision [wikipedia.org], "SPAM%" is recall [wikipedia.org].)

Unlike the other DNSBLs [wikipedia.org], SpamCop also reports spam back to the networks that sent it (with filters to deal with spammer-friendly and negligent network operators, either of which might ignore

Brian Krebs!

[Kludge]

I was just about to post that we need Brian Krebs back, and I saw that Krebs' website is back!
For those of you who do not remember, Brian's journalism was responsible for nuking more than half the spam on the internet in 2008.
http://www.washingtonpost.com/... [washingtonpost.com]