SPAM REVIEW

The Spam Omelette #31

Welcome to a new issue of our Spam Omelette, the weekly review focused on the latest trends in the spam industry. Before moving forward with the material, please take a look at our testing and map generation methodology, as explained in our first issue.

1024×768

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:”Calibri”,”sans-serif”;}

Spam 31

1. CLICK
here to see what happens

Dominating this week’s
spam top, the world CLICK has been spotted in unsolicited messages sent by
Canadian Pharmacy. Just as we got used to in the past weeks, the messages come
with catchy email subjects in order to lure the user into opening the message.
Although the sender’s name appears in full in all the messages belonging to
this wave, the message headers have been spoofed to forge the sender’s address.

Click spam

2. PLEASE
open this! You’ll only get infected

Ranking second in our
weekly top, the word PLEASE has been identified in multiple spam campaigns,
including the ill-fated Canadian Pharmacy. Besides the well-known spam messages
coming from these medicine webshops, the word has also been spotted in messages
apparently coming from Hallmark. However, instead of the promised e-card, the
user gets a malicious binary that opens the doors for subsequent infections
(especially rogue antivirus software).

Please spam

3. Important
EMAIL from Canadian Pharmacy

Canadian Pharmacy is
back on track with a series of spam messages impersonating legitimate
newsletters. As usually, the spammer took a HTML template from a legit mailing
and added a relevant picture linked to a China-hosted Canadian Pharmacy clone.

Email spam

4. UNSUBSCRIBE
from spam, but only if you can!

Ranking fourth in this
week’s spam top, the word UNSUBSCRIBE has been spotted in multiple spam campaigns
also originating from Canadian Pharmacy.

 

unbscribe spam

 

The messages are
mostly imitating legitimate newsletters and feature unsubscribe links. However,
clicking these links would not unsubscribe the recipient from the mailing list,
but rather lead them to a Canadian Pharmacy clone.

5. Spam at
your SERVICES

Ranking last in this
week’s issue of the Spam Omelette, the word SERVICES has been identified by
BitDefender’s spam researchers in messages promoting  prescription-based drugs. To be more
specific, the word is not part of the content, but rather of the message disclaimer,
as the spammer uses a newsletter template.

services spam

 

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.