Weel in review: April 29 – May
1. Meet WebMD, Medicine Doctor
Medicine spam is once again on the rise with the advent of the new campaigns impersonating legitimate e-mails from WebMD – in fact another invasion from the infamous Canadaian Pharmacy business. Rebranded as 911 Pfizer (the original inventor of Viagra), the online medicine business also changed its looks: while the previous spam campaigns were mostly based on text messages written in a coloquial manner (as if the message were sent by a friend), this time the analyzed spam stock revealed that the spammers mostly rely on colorful images including alt attributes.
As expected, the previous spam campaigns based
on messages with confusing mail subjects (in an attempt to impersonate mssages
from friends) still unroll, although the message count is significantly lower.
2. PRIVACY URLs linking to medicine websites
Ranking second in our weekly top, the word
PRIVACY is also associated to the Canadian Pharmacy spam waves. The BitDefender
spam analysts identified the word in messages impersonating legit newsletter
with forged headers to camouflage the actual sender. All the messages in the
campaign have the sender field identical to the recipient email address.
Moreover, all the included liks lead the user to a random website looking like
****-pfizer.com, where **** may represent: original,
real, and best
3. UNSUBSCRIBE Tips & Tricks
Forged unsubscribe links are hardly news in
the spam lanscape, so we won’t insist in detail on the technique. It would
suffice to mention that most of the messages with fake unsubscribe links are
sent by Canadian Pharmacy and PowerGain+ online medicine stores.
4. Piracy is one CLICK away
Ranking fourth in our weekly top, the word
CLICK has been identified especially in spam messages promoting OEM software at
substantially reduced prices than they usually sell for on the market.
As explained in a previous issue of the Spam
Omelette, OEM software can be sold only when purchasing a new computer or a
specific piece of hardware. OEM software covers both operating systems and
various appliciations. Selling these products is illegal and may result in
licenses and / or serial numbers being blacklisted by the manufacturer.
More than that, the download & install
business model also rely on selling invalid serial numbers, cracks and patches,
which is not only illegal, but also may pose a security risk to the end user
(cracks and keygens are usually infected with malware).
PLEASE, let me take your money
While the spam messages described in this
week’s spam omelette are relatively harmless and may only waste some of your
time, this specific wave would attempt at tricking users into disclosing
sensitive e-banking credentials, thus posing a real threat to your savings.
The message impersonates a legitimate
announcement from the Abbey Bank, announcing the user that they have received a
message, and asking them to log into the system. Unwary users who respond the
request send theri login credential to a third party that would usually empty
the bank account at once.
In order to avoid such misleading messages,
you are advised to use a complete anti-malware solution with antispam,
antiphishing and antivirus modules.