The Spam Omelette #22

Welcome to the Spam Omelette, BitDefender




/* Style Definitions */
{mso-style-name:”Table Normal”;
mso-padding-alt:0in 5.4pt 0in 5.4pt;

Week in review: April 9 – 15

Spam omelette 22 map

1. EMAIL  makes a comeback in Viagra advertisements

This week, the word
EMAIL managed to climb back to the top after one single week of absence.
Spelled both as EMAIL and E-MAIL, the word has been identified by the
BitDefender spam analysts in messages associated with medicine advertisements.

email spam

Spelled as EMAIL, the
word is mostly encountered in messages emerging from WebMED, yet another online
shop for counterfeit sexual enhancements such as Viagra, Cialis and Levitra.

The word E-MAIL has
also been identified in online pharmacy advertisements, but this time, they are
associated with the Canadian Pharmacy business.

email spam 2

The spam message
itself is designed to impersonate a legitimate newsletter sent from Microsoft’s
popular service MSN. The template features the same disclaimer along with the
“mandatory” unsubscribe link.

2. The
French package: VOUS, POUR, SUR, LES & VOTRE

French spam is on the
rise again: this week’s spam map reveals higher proportions of the
above-mentioned French words. They are frequently encountered in spam messages
related to the Canadian Healthcare business. Given the fact that most of
Canada’s population is speaking both English and French, it is possible that
the French version of the newsletter to be actually targeted to the respective

French spam

Unsubscribe, only  if you can

The word PLEASE has
been detected by BitDefender’s spam analysts in unsolicited messages alos
advertising Canadian Healthcare products (sexual enhancement pills that
probably haven’t passed the FDA approval). All the analyzed messages in this
spam stock feature the old but efficient Unsubscribe trick, but what’s
particularly interesting is the fact that the spammers took the same approach
the Celebrity Gang did some time ago. They make heavy use of front-page
celebrities and they place them in situations highly unlikely to occur.

please spam

here for knock-off Viagra, Cialis and Levitra

Most of the spam
received this week via BitDefender’s network of honeypots seem to be closely
related with miscellaneous online medicine stores, especially Canadian Pharmacy
and Canadian Healthcare. The former business is also responsible for the forged newsletter, a modified template with plenty of links – all of which
lead to the same 6-letter domain name registered with a Chinese top-level
domain name.

click me spam

5. Add more
COLOR to your sex-life. HEX-coded, that is.

The word COLOR made an
all-time premiere in our weekly spam top. His presence is justified by a
large-scale HTML coding error in the spam template. This message advertises the
services of a Taiwan-based online sex-shop, but somehow the HTML code itself is
not parsed, but rather displayed as plain text. Although the word COLOR is
pretty prominent in our weekly map, the message count is not uncommonly large –
the keyword just occurs more time in each analyzed message, as seen in the
screenshot below:

color spam

What’s new in the spam landscape?


  • French
    spam is on the rise again, mostly because the Canadian Pharmacy / Canadian
    Healthcare businesses send their messages in both French and English.
  • Celebrity
    spam is becoming more and more popular. Eminem, Britney Spears and Kelly
    Clarkson are used as bait for unsolicited messages advertising miscellaneous
    medical products.

Kelly Clarkson spam

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.