The Spam Omelette #11

Welcome to the eleventh issue of our Spam Omelette, the weekly review focused on the latest trends in the spam world. Before reading any further, please take a look at our testing and map generation methodology, as explained in our first issue.

Spam omelette 11 map


strikes back

The word CLICK manages
once again to rank first in our weekly spam top. BitDefender Antispam
researchers identified the word in multiple types of unsolicited emails,
ranging from weight loss pills to product advertisement and prescription-based
sexual enhancements.

Click spam

The product spam stock
comes up with yet another method to reach its potential customers. Since more
and more users are reluctant to just opening up suspicious messages, spammers
now include parts of their message straight into the Subject field. This way,
the end-user will still be presented at least one tiny bit of the offering,
regardless of whether they open the message or not.

Click spam image

The second significant
spam wave abusing the word is the Canadian Pharmacy commercial offering. Even
if the amount of Canadian Pharmacy spam is still way below what we received in
the last two months of 2008, this type of messages is making an aggressive

Click spam 3

spells trouble for your inbox

Fake unsubscribe links
are not news anymore, given the fact that we spotted the trend a couple months
ago. However, this week’s spam wave including this kind of links comes with
attachments. The HTML-encoded file delivered with the message also contains a
piece of code that triggers an iframe and may download malicious binaries or
abuse your IP in complex AdSense schemes.

unsubscribe spam

has also been identified in a spam wave advertising sexual enhancements and
other “natural” pills. Paired with a footnote referencing a trustworthy
company, the Unsubscribe link gives extra legitimacy to the spam message and
encourages spammers, as the victims confirm the validity of their mail address.


unsubscribe spam 2 image



Ranking third in our
weekly top, the word NEWSLETTER has been identified in spam messages
advertising adult content. Adult-related spam messages are quite widespread,
but what’s particularly important in this spam wave is the fact that the
message is written in German.

Adult newsletter spam

A closer look over
this week’s spam map also reveals the fact that German spam is on the rise
(words such as von, die, mit and und are rarely
visible in our top).


follow the links

Although the winter
shopping spree has ended, product spam keeps pumping in users’ inboxes. The
word PLEASE has been identified mostly in unsolicited mail advertising knockoff
watches, especially cheap Longines replicas with immediate delivery.

Please Spam image


5. New
Dish NETWORK on the menu

Ranking last in our
weekly top, the word NETWORK has been identified by the BitDefender antispam
researchers in a less-usual spam wave advertising cheap DISH network services.

Network spam

The offering is only
available for selected customers in the United States, although the advertisement
is sent to users in any location. The message might look legit, but it is sent
from different mail addresses and takes multiple forms in order to trick
signature-based spam filters.


What’s new in the spam landscape?

German spam has once
again reached noticeable proportions, especially messages advertising adult
materials. This type of spam is particularly dangerous, because the advertised
services usually require the use of a credit card and unwary users might turn
into credit card fraud victims.

The Canadian Pharmacy
is back in business: although the amount of spam served via their channels is
still low, it might be ramping up in the following weeks.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.