The Spam Omelette #20

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:”Calibri”,”sans-serif”;}

 Week in review: March 26 – April 2

 

1. INVESTMENTS
 are good, especially when crisis strikes

Ranking first in our weekly top we find the word INVESTMENT, an absolute
premiere to Spam Omelette. The word has been identified by the BitDefender spam
researchers in unsolicited messages coming from Canadian Pharmacy via multiple
spam relaying servers.

What’s special in this campaign is the fact that it now concentrates
around a new keyword, namely investment. Old phrases such as “love machine”,
“sex” and “Sex can be endless” have been discarded for a newer, more
down-to-earth approach: the financial crisis and its inherent consequences.

 

The entire message mimics a financial newsletter with legitimate text. However, spammers have
tweaked the original newsletter to display the Canadian Pharmacy logo along
with a list of products and their pricing information, as described below:

Although the message appears to be better crafted than the previous spam
campaigns and it’s more likely to pass as legitimate to the unwary user, it
still uses subjects that seem a little bit displaced (such as “You passed me
bad money!”), which is totally unrelated to the content itself.

 

2. Your SUBSCRIPTION to spam never expires

The word SUBSCRIPTION has been identified mostly in spam messages
advertising sexual enhancements, namely penis enlargement pills. Contrary to
the public opinion this spam campaign is not associated with either Canadian
Pharmacy or PowerGain+, but rather with Dr. Maxman’s clinic, one of the many
manufacturers of “natural” sexual enhancements that did not pass the FDA
certification.

The spam message also impersonates a legitimate newsletter allegedly
coming from beauty.com. More than that, unlike in the case of Canadian
Pharmacy, the spam campaign abandons strong mail subjects in favor of some more
ambiguous ones.

The actual spam campaign is based on the image above, linked to one of
the websites selling the product.

 

3. Product spam is back. Just CLICK here.

We mentioned in our previous reports that spam messages have become
scarcer right after the winter shopping season ended. It seems like this type
of unsolicited mail is back: the word CLICK has been identified by the
BitDefender spam researchers in messages promoting designer bag and wrist watch
knockoffs.

The new spam wave is part of the old Prestige campaign that stormed
users’ inboxes just before Christmas.

 

4. EMAIL scams, back online

Ranking fourth in our weekly spam top, the word EMAIL has been detected
in an aggressively-promoted advance-fee fraud scheme that hit users’ inboxes on
April 1^st.

The message allegedly informs unwary users that they are now eligible to
receive 1.5 million in cash, but they would have to provide the “bank” with
their personal identification data. These messages are particularly dangerous
because the personal information users may expose will be used for identity
theft or subsequent phishing schemes.

5. HTML tags and EMPLOYEES

Although extremely visible on this week’s spam map, the word EMPLOYEES
does not physically appear in any of the analyzed messages. They mostly occur
in commented text passed along with image-only spam to trick filters.

What’s new in the spam landscape?

• Product
  spam is back in business after about three months of absence. Most of the spam
  messages reaching into users’ inboxes are coming from Prestige Replicas.
• The global
  crisis and its effects on the economy brought crisis-specific spam, based on
  words such as Employees, investments or company. However, they usually don’t
  carry any financial message, but rather act as baits for showing sexual
  enhancing drugs.
• German
  spam significantly dropped in charts: specific words such as Sie, und, wie, or
  als have now become extremely rare and barely show up on this week’s spam map.