The Spam Omelette

Welcome to the first issue of the Spam Omelette, a weekly newsletter focused on spam trends.




We analyzed a significant
amount of spam messages in order to create a visual map with the most
frequently used words in spam messages. This map is intended to provide visual
cues for undesrstanding what are the new trends in spam messages, while
providing significant insight to researchers on the current spam campaigns.

Testing methodology

 To create the map, we analyzed
approximately 7 million spam messages collected through BitDefender’s worldwide
network of honeypots (A honeypot is an e-mail address that is only used to
collect spam. It acts as if it was used by a human operator and is usually
publicly displayed on discussion groups and forums.). The large number of
analyzed messages and the global distribution of honeypots are guarantees of a
reliable result.

The entire spam stock has been
automatically parsed for words. Some commonly used words have been eliminated,
since they have no relevance – our goal is to get a top of the “real” words,
not to count how many times “a”, “and” or “the” occur in these messages.

Given the enormous amount of spam
messages processed, the  dataset is quite
large, which somewhat hinders a deep analysis. We ran a “normalization” script
that simplifies the number of occurrences of a word. The procedure focuses
mostly on the proportion of words, rather than on the exact number of
occurrences. For instance, the word “offer” occurs in 20 percent of the
analyzed spam messages, while the word “free” only occurs in 15 percent of the

The spam map was created using Wordle, a public
word cloud generator developed by Jonathan Feinberg for IBM.

The resulting spam map offers visual clues about the trends in the spam
industry. The visual approach is more eloquent than simple word statistics, as
it provides significant details about spammers’ focus shift at a single glance.

The Top 5 Results


  1. An OFFER you can not refuse

This week’s champion in spam messages is the word “offer”. Each spam
message offers something: better sexual performance through prescription drugs,
cheaper OEM software or fashionable accessories – everything at a discounted

  1. Get yourself a cheap software LICENSE

Cheap OEM software accounts for a
significant number of spam messages sent during this week. More and more users
are lured into buying keys for OEM software (programs that are eligible for
purchase only along with a new computer). This practice is extremely dangerous,
as users are highly likely to receive an activation patch or a serial number
obtained illegally, thus losing their right to support. Another common scenario
is loss of warranty, lack of support and exposure to piracy charges because the
OEM license is actually installed in an old computer.

license spam


  1. Everything is on
    discount. Enjoy the new PRICES!

One of the most
important marketing strategies is claiming new and lower prices than ever. It
does not matter whether you’re actually selling products at more expensive
prices, as few people would stop to compare your previous offers. The spam
world works by the same rules, so almost every advertised good or service is
available at a special price, only for you, and – of course – the other
millions of recipients.

Good Quality Apps spam


  1. HEALTH has always
    been an issue

Drug spam is usually
associated with Viagra, Cialis and Levitra. However, the latest spam messages
advertise a wider range of prescription-based drugs, as part of the extremely
large Canadian Pharmacy business. 
Further research inside the BitDefender labs revealed that this type of
spam is mostly sent by computers infected with the Rustock.C rootkit.

Health spam

the Canadian Pharmacy spam message come disguised as legitimate news flashes
sent by sites such as CNN, NBC and CBS. Users are even provided with a forged
link to unsubscribe, but clicking on it would only confirm the spammer that the
address is in use and operated by a human user.


CBS canada Spam


  1. CHECK this out to get infected

spam messeges advise receivers to

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.