The Spam Omelette #24

Welcome to the Spam Omelette, BitDefender

Weel in review:  April 29 – May

Spam omelette 24


1. Meet WebMD, Medicine Doctor

Medicine spam is once again on the rise with the advent of the new campaigns impersonating legitimate e-mails from WebMD – in fact another invasion from the infamous Canadaian Pharmacy business. Rebranded as 911 Pfizer (the original inventor of Viagra), the online medicine business also changed its looks: while the previous spam campaigns were mostly based on text messages written in a coloquial manner (as if the message were sent by a friend), this time the analyzed spam stock revealed that the spammers mostly rely on colorful images including alt attributes.



As expected, the previous spam campaigns based
on messages with confusing mail subjects (in an attempt to impersonate mssages
from friends) still unroll, although the message count is significantly lower.



2. PRIVACY URLs linking to medicine websites

Ranking second in our weekly top, the word
PRIVACY is also associated to the Canadian Pharmacy spam waves. The BitDefender
spam analysts identified the word in messages impersonating legit newsletter
with forged headers to camouflage the actual sender. All the messages in the
campaign have the sender field identical to the recipient email address.
Moreover, all the included liks lead the user to a random website looking like
****, where **** may represent: original,
real, and best

privacy spam


3. UNSUBSCRIBE Tips & Tricks

Forged unsubscribe links are hardly news in
the spam lanscape, so we won’t insist in detail on the technique. It would
suffice to mention that most of the messages with fake unsubscribe links are
sent by Canadian Pharmacy and PowerGain+ online medicine stores.

unsubscribe spam

4. Piracy is one CLICK away

Ranking fourth in our weekly top, the word
CLICK has been identified especially in spam messages promoting OEM software at
substantially reduced prices than they usually sell for on the market.

As explained in a previous issue of the Spam
Omelette, OEM software can be sold only when purchasing a new computer or a
specific piece of hardware. OEM software covers both operating systems and
various appliciations. Selling these products is illegal and may result in
licenses and / or serial numbers being blacklisted by the manufacturer.

Click spam

More than that, the download & install
business model also rely on selling invalid serial numbers, cracks and patches,
which is not only illegal, but also may pose a security risk to the end user
(cracks and keygens are usually infected with malware).

PLEASE, let me take your money

While the spam messages described in this
week’s spam omelette are relatively harmless and may only waste some of your
time, this specific wave would attempt at tricking users into disclosing
sensitive e-banking credentials, thus posing a real threat to your savings.

The message impersonates a legitimate
announcement from the Abbey Bank, announcing the user that they have received a
message, and asking them to log into the system. Unwary users who respond the
request send theri login credential to a third party that would usually empty
the bank account at once.

Please spam

In order to avoid such misleading messages,
you are advised to use a complete anti-malware solution with antispam,
antiphishing and antivirus modules.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.