SPAM REVIEW

The Spam Omelette #21

Welcome to the Spam Omelette, BitDefender

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:”Calibri”,”sans-serif”;}

Week in review: April 2 – 8

Spam Map

1. Spam disguised as NEWSLETTERS

In order to better trick the user into opening
messages coming from unknown senders, most of this week’s spam came disguised
as legitimate newsletters. The BitDefender spam researchers identified the word
in waves allegedly coming from Health.com. As soon as the user authorizes
images from the sender, they would be presented with the Canadian Pharmacy
offerings (sexual enhancement drugs that did not pass the FDA validation).

 

spam

This specific spam campaign relies on multiple
templates and mail subjects to lure users, although the Canadian Pharmacy
images are located on a single web address.

newsletter spam

 

2. 
PLEASE, let me take all your money

Interesting enough, the word PLEASE has been
once again detected in spam messages promoting advance-fee fraud schemes. This
week’s spam wave comes from Miss. Marcelin Patrick, which promises 20 percent
of a huge amount of money in exchange of your personal data. Of course, the
money would never get to the recipient, but it is for sure that the victim will
suffer significant financial loss.

Please spam

3.
French advertising: Voulez VOUS extra spam?

Following the German examples we offered a
couple of weeks ago, French spam is also escalating at alarming rates. The word
VOUS (polite term for  YOU) has been spotted on this week’s
spam map, but was not identified in the actual message body of any mailing.
Instead, it is added as HTML comments to compensate for the lack of text
content in image-based spam.

4.
Fake UNSUBSCRIBE links for fake newsletters

Ranking fourth in our weekly spam top, the
word UNSUBSCRIBE has been identified in spam messages impersonating legitimate
newsletters. However, clicking this type of links would only confirm spammers
that your inbox is operated by a human, therefore you’re eligible for extra
unsolicited mail.

unsubscribe spam

5.
EMAIL contents now available online

Ranking last in this week’s spam top, the word
EMAIL has been identified in spam messages also coming from Canadian Pharmacy.
Disguised as legitimate newsletters, these messages offer a link to an online
version of the content, should spam filters block essential pictures in the
mailing.

email spam

What’s new in the spam landscape?

 

  • French spam has gained significant
    ground; words such as VOUS, LES, QUE, PAS and CLICQUEZ are now visible in
    different proportions on the spam map. Most of the text is introduced as junk
    HTML comments to trick spam filters.
  • Easter E-Cards carrying malware: malware
    authors are already taking advantage of the upcoming Easter holiday in order to
    spread infected binaries amongst computer users.

easter spam

As the user tries to claim their unsolicited
Easter cards, they are randomly infected with generic Trojan able to plant
subsequent malware on the compromised systems.

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.