The Spam Omelette

We analyzed a significant
amount of spam messages in order to create a visual map with the most
frequently used words in spam messages. This map is intended to provide visual
cues for undesrstanding what are the new trends in spam messages, while
providing significant insight to researchers on the current spam campaigns.

Testing methodology

To create the map, we analyzed
approximately 7 million spam messages collected through BitDefender’s worldwide
network of honeypots (A honeypot is an e-mail address that is only used to
collect spam. It acts as if it was used by a human operator and is usually
publicly displayed on discussion groups and forums.). The large number of
analyzed messages and the global distribution of honeypots are guarantees of a
reliable result.

The entire spam stock has been
automatically parsed for words. Some commonly used words have been eliminated,
since they have no relevance – our goal is to get a top of the “real” words,
not to count how many times “a”, “and” or “the” occur in these messages.

Given the enormous amount of spam
messages processed, the dataset is quite
large, which somewhat hinders a deep analysis. We ran a “normalization” script
that simplifies the number of occurrences of a word. The procedure focuses
mostly on the proportion of words, rather than on the exact number of
occurrences. For instance, the word “offer” occurs in 20 percent of the
analyzed spam messages, while the word “free” only occurs in 15 percent of the
e-mails.

The spam map was created using Wordle, a public
word cloud generator developed by Jonathan Feinberg for IBM.

The resulting spam map offers visual clues about the trends in the spam
industry. The visual approach is more eloquent than simple word statistics, as
it provides significant details about spammers’ focus shift at a single glance.

The Top 5 Results

An OFFER you can not refuse

This week’s champion in spam messages is the word “offer”. Each spam
message offers something: better sexual performance through prescription drugs,
cheaper OEM software or fashionable accessories – everything at a discounted
price.

Get yourself a cheap software LICENSE

Cheap OEM software accounts for a
significant number of spam messages sent during this week. More and more users
are lured into buying keys for OEM software (programs that are eligible for
purchase only along with a new computer). This practice is extremely dangerous,
as users are highly likely to receive an activation patch or a serial number
obtained illegally, thus losing their right to support. Another common scenario
is loss of warranty, lack of support and exposure to piracy charges because the
OEM license is actually installed in an old computer.

Everything is on
discount. Enjoy the new PRICES!

One of the most
important marketing strategies is claiming new and lower prices than ever. It
does not matter whether you’re actually selling products at more expensive
prices, as few people would stop to compare your previous offers. The spam
world works by the same rules, so almost every advertised good or service is
available at a special price, only for you, and – of course – the other
millions of recipients.

HEALTH has always
been an issue

Drug spam is usually
associated with Viagra, Cialis and Levitra. However, the latest spam messages
advertise a wider range of prescription-based drugs, as part of the extremely
large Canadian Pharmacy business.
Further research inside the BitDefender labs revealed that this type of
spam is mostly sent by computers infected with the Rustock.C rootkit.

Moreover,
the Canadian Pharmacy spam message come disguised as legitimate news flashes
sent by sites such as CNN, NBC and CBS. Users are even provided with a forged
link to unsubscribe, but clicking on it would only confirm the spammer that the
address is in use and operated by a human user.