Week in review:  April 22 – 29

 

1. French
spam tops expectations

This week’s spam
landscape witnessed an unexpected surge in French messages. This week’s
undisputed champion in spam mail is the French word VOUS (the polite form for
YOU). BitDefender spam researchers identified the word in unsolicited mail
advertising an alleged raffle. Users who participate are allegedly eligible to
win a complete world tour. Other spam words of French origins are VOTRE (your),
LES (the), and POUR (for), all encountered in the same spam campaign.

 

2. EMAIL
ranking second to the spam party

The word EMAIL is
undoubtedly a common presence in our spam top. This week, the word has been
identified in multiple spam campaigns including email harvesting, medicine
advertisements and Nigerian scam messages.

The first spam wave
tries to harvest as many valid email addresses as possible via a simple, yet
interesting social engineering trick: friendship  / love relationship proposals. The message
allegedly comes from Eva, a teenage girl from the Soviet block. All the user
has to do is reply to a specific address and then wait to be contacted back.

This strategy pays off
extremely well: not only that most of the average, less security-focused
computer user would reply and help the spammer gather valid messages, but also
help them create a male-only spam database for targeted spam (such as sexual
enhancement ads). This way, the spammer is able to send their advertisements to
people likely to be interested in this type of products, thus keeping the
bandwidth costs to a minimum.

The second spam wave
abusing the word EMAIL is an advertisement coming from the CANADIAN PHARMACY
business. The message headers have been forged to look as if the mail had been
sent from the own email address.

 

 

 

3. UNSUBSCRIBE
from Celebrity News

Ranking third in our
weekly top, the word UNSUBSCRIBE has
been detected by the BitDefender spam analysts in messages impersonating
newsletters. Spam disguised as newsletters was mostly specific to the Canadian
Pharmacy business, but this week PowerGain+ seems to have borrowed the approach
from its older sibling. In order to make messages even more appealing, spammers
have blended the newsletter strategy with mail subjects containing celebrity
names, just like the Celebrity gang did some time ago.

 

4. MESSAGES
from ladies

The word MESSAGE has
been identified in multiple spam messages announcing the user that they may
meet Russian ladies by accessing an online dating site. However, the included
URL would take the unwary recipient to yet another cloned webpage of the
Canadian Pharmacy business. So long with romance!

5. CLICK
here, if you dare!

Ranking last in this
week’s spam top, the word click has been detected in multiple spam campaigns
advertising sexual enhancements. In order to deceive recipients, spammers use
multiple email subjects, ranging from celebrity news to business proposals. All
these messages include a link to a random six-letter domain name apparently
hosted in China.

 

What’s new in the spam landscape?

 

• French
  spam is on the rise again. Words such as VOTRE (your), LES (the), and POUR
  (for) are not only visible on the spam map, but they are also this week’s top
  words used in spam.
• Spammers
  have also taken advantage of the news related to the Swine Flu in order to
  promote their messages. For the moment, the Swine Flu spam campaigns only
  contain medicine spam, but messages bundled with attached malware are also
  expected to appear.