SPAM REVIEW

The Spam Omelette #33

Welcome to the Spam Omelette, BitDefender

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:”Calibri”,”sans-serif”;}

Spam map 33

 

1. UNSUBSCRIBE
links stronger than ever

Ranking first in this
week’s issue of the Spam Omelette, the word UNSUBSCRIBE is mostly encountered
in unsolicited messages coming from Canadian Pharmacy. As usually, the
unsubscribe links have been redirected to a Canadian Pharmacy website clone via
Chinese domains acting as relays. Moreover, these domain names are composed of
eight random characters and keep tabs of the mail addresses whose users have
followed the embedded links.

Unsubscribe spam

2. PRIVACY
is long dead

The word PRIVACY has also been identified mostly
in medicine spam messages coming from Canadian Pharmacy. Almost as prominent as
the number one entry in this week’s spam top, the word is present in footer
links embedded inside newsletter-like spam messages.

Privacy spam

3. CLICK
anywhere – you’ll only get spam!

Ranking third in this
issue of the Spam Omelette, the word CLICK has been identified by the
BitDefender spam analysts in multiple messages advertising medicine products.
Although most of these messages send the user to a Canadian Pharmacy website
clone, the spammer is using multiple templates and relies on various intriguing
message subjects to lure unwary users into opening the mail.

Click spam

4. WebMD
spoofed newsletters back on track

The word WebMD has
been spotted in this week’s spam map, after a couple of weeks of absence. It
seems that WebMD is one of the favorite visual identities for spammers.
However, the re-emergence of WebMD in our weekly top does not only hint on the
fact that Canadian Pharmacy has re-enforced its spam business, but also that
more and more computers fall victim to Trojan.Spammer.Tedroo, the spam bot responsible for this
kind of messages.

WebMD spam

5. Fresh
out of the oven: DIPLOMA spam

Educational spam is
once again on the rise in a troubled economic environment with fewer employment
opportunities. These messages try to persuade users into buying
“fully-accredited university degrees” – actually worthless sheets of paper
issued by miscellaneous private organizations. BitDefender’s spam analysts estimate
that academic spam accounts for more than one percent of the total amount of
worldwide spam.

Diploma Spam

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.