3 min read

The Spam Omelette #35

Bogdan BOTEZATU

July 29, 2009

Promo Protect all your devices, without slowing them down.
Free 30-day trial
The Spam Omelette #35

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

MicrosoftInternetExplorer4

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:”Calibri”,”sans-serif”;}

Spam omelette 35

1. Privacy beats expectations: it
completely lacks

Ranking first in this week’s
issue of the Spam Omelette, the word PRIVACY has been detected in unsolicited
mail impersonating legitimate newsletters.  Most of these messages feature a Canadian
Pharmacy advertisemen t and make use of social engineering tricks such as
catchy message subjects in order to reach out to recipients.

privacy spam

A second batch of Canadian
Pharmacy spam is using celebrity names in the mail subject, a technique
resembling the Celebrity Gang approach. This week’s celebrity name popping out
from the charts is Avril Lavigne, as shown in the screenshot below.

privacy spam 2

2. On broken UNSUBSCRIBE links

The word UNSUBSCRIBE is also
encountered in spam messages impersonating newsletters. And, since the
technique is old and not quite successful in tricking users anymore, spammers
have added an extra spark of interest by abusing Michael Jackson’s name. This
batch of newsletters claims to provide the 
proof that Michael Jackson had been killed. In order to view the proof,
the user needs to accept the embedded image, which turns to be the same
Canadian Pharmacy ad. As usually, any link embedded into the message (including
the Unsubscribe option) takes the user to a clone website of Canadian Pharmacy.

Unsubscribe spam

3. Email is back on top

Ranking third in our weekly spam top, the word EMAIL has
been detected by the BitDefender spam analysts in a wave of messages allegedly
coming from FedEX. The spam message announces the recipients that they are to
receive a package of significant value but they cannot be reached. In order to
get the parcel on time, they have to fill in a form and send it to a non-FedEX
webmail address. The disclosed information may then be used by scammers for
identity theft or other illegal and damaging activities.

email spam

4. The missing LINK

The word LINK – this week’s newcomer in the Spam Omelette
top – has been detected in a wave of unsolicited mail also advertising Canadian
Pharmacy products. The message itself contains the text Your Link and a URL leading to a compromised webpage. A closer look
on the message reveals that this Canadian Pharmacy campaign makes use of
legitimate domains (which have been broken into) in order to perform the
redirect to the Canadian Pharmacy website.

link spam

In order to bypass Bayesian spam filters, the message
contains a significant amount of text inserted as HTML comments.

5. SUBSCRIBE to spam now!

The word SUBSCRIBE concludes this week’s spam top and has
been identified in multiple waves of unsolicited mail impersonating
newsletters. Although these messages feature distinct mail subjects, they use
the same template with a central image displaying the current Canadian Pharmacy
offering. 

subscribe spam

tags


Author


Bogdan BOTEZATU

Bogdan is living his second childhood at Bitdefender as director of threat research.

View all posts

You might also like

Bookmarks


loader