The Spam Omelette #10

The Spam Omelette #10 Welcome to the tenth issue of the Spam Omelette, our weekly review on spam and the latest industry trends! Before going any further, please make sure that you take a look at our testing and map generation methodology, as explained in our first issue.

Spam Omelette 10 Map

1. Clicks
in exchange of OEM software

Ranking first in this week’s spam top, the word “CLICK” has been
detected by the BitDefender spam researchers in an e-mail wave promoting OEM
applications. This special kind of software can only be retailed to customers
who buy new computers or hardware components. 
Although these pieces of software are fully-functional applications,
they are dramatically discounted because of various partnerships between
hardware and software vendors.

 Clicks in exchange of OEM software - Malware City

However, retailing OEM
copies infringes the End-User License Agreement, so any OEM license bought illegally
may not function on your computer, or may even be disabled by the vendor.

2. Back

The word EMAIL ranks
second this week and is mostly encountered in spam messages related to the
PowerGain + drug business. Such messages perfectly imitate legitimate
newsletter sent by legitimate companies. Spammers even add instructions about how
users can remove themselves from the mailing list, although the links are fake
and won’t do anything but confirm that the spam message arrived in a valid

Back to EMAIL - Malware City

While most of the
analyzed emails in this spam wave come with explicit, sexually-related subjects,
spammers also use social engineering tactics in order to convince the user open
these messages.

3. The

Adding a forged & malicious
unsubscribe link to spam messages seems to have become a fully fledged standard
in the spam industry. Spammers rely on this trick not only because this means
extra text to the actual image-based message (which allows spam to bypass
Bayesian filters), but this approach actually helps them tell what mail
addresses on their mailing lists are still in use and which ones have been

Unsubscribe spam - Malware City

4. More
Info? What about some spam instead?

Although the word  INFORMATION is relatively smaller than the
previously-mentioned top terms in spam, it has been identified in the same
forged disclaimers we have been previously talking about. The inconsistency
proves that  the spam organization keeps
on advertising the same product, but changes the email template to mislead
unwary receivers.

Information Spam - Malware City

5. New
PROMOTIONAL offers from Poker Savvy

Although the winter
hollidays are long gone, Poker Savvy still keeps on sending promotional offers
for its potential customers. The company has a long history in spamming users’
mailboxes, but it recently increased the amount of spam they pump up daily
through their email marketing agency partner,

Promotional Spam - Malware City

What’s new in the spam landscape?

PowerGain+ is
currently the top spammer of the week. It uses hundreds of templates and a wide
array of subject messages to lure users into opening unsulicited messages.
Their advertising is as pestering as the now-dead Canadian Pharmacy business,
and we expect to see even more spam 
coming from them in the following weeks.

Just as the winter
shopping spree came to an end, product spam collected via BitDefender’s
honeypot network  dropped significantly, but
did not fade away completely.

Replica Spam - Malware City

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.