/* Style Definitions */
mso-padding-alt:0in 5.4pt 0in 5.4pt;
Week in review: March 26 – April 2
are good, especially when crisis strikes
Ranking first in our weekly top we find the word INVESTMENT, an absolute
premiere to Spam Omelette. The word has been identified by the BitDefender spam
researchers in unsolicited messages coming from Canadian Pharmacy via multiple
spam relaying servers.
What’s special in this campaign is the fact that it now concentrates
around a new keyword, namely investment. Old phrases such as “love machine”,
“sex” and “Sex can be endless” have been discarded for a newer, more
down-to-earth approach: the financial crisis and its inherent consequences.
The entire message mimics a financial newsletter with legitimate text. However, spammers have
tweaked the original newsletter to display the Canadian Pharmacy logo along
with a list of products and their pricing information, as described below:
Although the message appears to be better crafted than the previous spam
campaigns and it’s more likely to pass as legitimate to the unwary user, it
still uses subjects that seem a little bit displaced (such as “You passed me
bad money!”), which is totally unrelated to the content itself.
2. Your SUBSCRIPTION to spam never expires
The word SUBSCRIPTION has been identified mostly in spam messages
advertising sexual enhancements, namely penis enlargement pills. Contrary to
the public opinion this spam campaign is not associated with either Canadian
Pharmacy or PowerGain+, but rather with Dr. Maxman’s clinic, one of the many
manufacturers of “natural” sexual enhancements that did not pass the FDA
The spam message also impersonates a legitimate newsletter allegedly
coming from beauty.com. More than that, unlike in the case of Canadian
Pharmacy, the spam campaign abandons strong mail subjects in favor of some more
The actual spam campaign is based on the image above, linked to one of
the websites selling the product.
3. Product spam is back. Just CLICK here.
We mentioned in our previous reports that spam messages have become
scarcer right after the winter shopping season ended. It seems like this type
of unsolicited mail is back: the word CLICK has been identified by the
BitDefender spam researchers in messages promoting designer bag and wrist watch
The new spam wave is part of the old Prestige campaign that stormed
users’ inboxes just before Christmas.
4. EMAIL scams, back online
Ranking fourth in our weekly spam top, the word EMAIL has been detected
in an aggressively-promoted advance-fee fraud scheme that hit users’ inboxes on
The message allegedly informs unwary users that they are now eligible to
receive 1.5 million in cash, but they would have to provide the “bank” with
their personal identification data. These messages are particularly dangerous
because the personal information users may expose will be used for identity
theft or subsequent phishing schemes.
5. HTML tags and EMPLOYEES
Although extremely visible on this week’s spam map, the word EMPLOYEES
does not physically appear in any of the analyzed messages. They mostly occur
in commented text passed along with image-only spam to trick filters.
What’s new in the spam landscape?
spam is back in business after about three months of absence. Most of the spam
messages reaching into users’ inboxes are coming from Prestige Replicas.
crisis and its effects on the economy brought crisis-specific spam, based on
words such as Employees, investments or company. However, they usually don’t
carry any financial message, but rather act as baits for showing sexual
spam significantly dropped in charts: specific words such as Sie, und, wie, or
als have now become extremely rare and barely show up on this week’s spam map.