SPAM REVIEW

The Spam Omelette #3

Welcome to the third issue of Spam Omelette, our weekly report on spam trends. If you missed our previous reports, please check out our first material in the series to get acquainted with the analysis methodology and visual map generation.

Spam Map 3

Surprisingly enough, the top ranking
words used in spam messages sent this week were encountered in non-English
messages.

  1. It’s all about MARKETING

“Marketing” is our number one this
week. Deeper analysis revealed that it mostly occurs in spam messages coming
from Brazil. The spammer advertises an alleged business offer, and claims to
provide the user with free training and a custom website. In order to be
eligible for the offer, the target must be over 18 and to be located in
Australia.

In fact, this type of scam tries to
recruit unwary users to act as money and tech equipment mules. All they have to
do is forward goods and money obtained through illegal activities (credit card
fraud) to other destinations.

Marketing Spam

  1. Yet another spam MESSAGE

The word “message” ranks second in
our weekly top. It is mostly present in messages promoting Canadian Pharmacy
products, such as Cialis, Levitra and Viagra. In order to avoid filters and to
add extra legitimacy, spammers add short text disclaimers such as “You have received this message because you opted in to receive
Colorgraphic-Com special offers via email. Login to your member account to edit
your email subscription. Click here to unsubscribe. “

Users who would try to unsubscribe
from the mailing list would actually confirm that their address is valid and could
end up receiving even more spam.

 

  1. Everything starts with an EMAIL

BitDefender identified three
distinct spam campaigns containing the word “email”. In order to draw the
recipients’ attention, spammers rely on inciting or even odd subjects.

Messages in the first spam campaign
advertise sexual enhancement drugs that are part of the same Canadian Pharmacy
business described above. The spammer attempts to fool the antispam filters by
obfuscating the body text. Apart from substituting certain letters with
numbers, the authors also use phonetic translations for some key words.

email spam

The second spam wave containing the
word “email” also promotes prescription-based drugs, but it uses a catchy title
to force the user open it. Spammers claim that they had allegedly received a
home footage by mistake, and, by the time the users realize that they have been
fooled, they already viewed the image.

spam 2

The large amount of Canadian
Pharmacy spam messages may be a sign of the rapid increase in computers
infected by the Rustock.C rootkit, as they are responsible for sending this
type of spam.

The third type of such messages
allegedly contains a valid code for a software product, but it would only
display the same ill-fated Canadian Pharmacy ad.

email spam 3

  1. Spam TERMS and CONDITIONS

Despite the fact that both words
appear in the same proportion, they are not part of the same spam campaign.
BitDefender antispam analysts identified that the word “terms” appears in
messages promoting job offers involving money laundering and fencing activities.

terms

The word “Conditions” appears in
spam messages written in French. This is a slight modification of the Canadian
Pharmacy business, except for the fact that its main focus is not on sexual
enhancing drugs, but rather on painkillers. As far as the French language is
concerned, this approach makes perfect sense, given the fact that it is the
second official language in Canada.

conditions

  1. Spammers often say PLEASE

Spammers are not those ferocious
creatures moms scare their children with. They are polite and persuasive,
especially when politeness could cash in some real money. The word “please” has
been identified in a spam wave targeting the Citizens Bank customers.

Building on the precarious state of the US economy, spammers ask
recipients to take part in a quick survey that would bring them a $50 reward.
However, once they take the bait, they are directed to a spoofed webpage that
collects their banking credentials.

please

What’s new in the spam landscape?

 

Product spam dropped significantly
during the last week. However, medicine spam witnessed an enormous spike. Not
only that the message count increased considerably, but spammers also rely on
different social engineering techniques to attract users’ attention.

Nigerian scams are on the rise
again, although the soap-opera story told by the scammer has been considerably
trimmed down. This week’s guest stars in the Nigerian Scam Show are Mr. Abdul
Song from the Hang Seng Bank and Mrs. Abdul Razak from Lybia.

nigerian

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.