The Spam Omelette #4

Welcome to the fourth issue of the Spam Omelette! It

Spam Omelette #4 Map


The Nigerian scammer says PLEASE

Today’s top word
in spam is PLEASE. Deeper analysis revealed that it is mostly encountered in Nigerian
scam messages. This specific e-mail follows the same pattern: a dead,
filthy-rich relative allegedly left a huge amount of money to the receiver. Unlike
other messages, the attacker reveals only a few details about the entire
operation, but instead, they ask the victim to personally contact them via
e-mail for further instructions.

Spam screenshot


2. Have some pills delivered via EMAIL

The word “EMAIL”
ranks second in our weekly top and is mostly encountered in messages
advertising products. However, as the users click the embedded link, they are
redirected to a classical Canadian Pharmacy page. Ironically enough, the
receiver is advised to forward the message to the rest of the contacts in the
receiver’s address book.

E-mail spam omelette

Although the
vast majority of spam messages come with an “unsubscribe” link to add extra
legitimacy to the message, clicking it is not recommended, as it would only
confirm the receiver’s e-mail address as active and used by a human operator.


3. You are one CLICK away from the great prize

BitDefender identified two distinct spam
campaigns containing the word “click”. The first one (and, at the same time,
the largest) advertises the services of a new online casino. In order to make
the receiver open the message, spammers use a generic subject: “You have 1
unread message”. Moreover, the message also contains extra text, in order to
trick Bayesian scanners and to avoid detection.


Click Spam Omelette


The second spam campaign promotes penis
enlargement pills. It only contains a single sentence and the word “click” that
links to a Spanish website.

Spam omelette example 2  


4.  Crooked ways to deliver your MESSAGE

Ranking fourth in our weekly spam top, the
word “message” mostly occurs in messages sent using the NDR technique. NDR
stands for Non-delivery report, a return email message to a sender indicating
failed message delivery.

In order to send this type of messages,
spammers willingly send mails to inexistent recipients, but they forge the
Return Path in such a manner, that the message would actually bounce into the
victim’s mailbox.

 Message Spam


5. Advertised as NEW, but actually old

The word “NEW” concludes our spam report
for this week. It is mostly encountered in the same type of messages we
detected two
weeks ago
(when it ranked second), namely an aggressive advertisement to
online poker games. The message body remained unchanged, but the amount of sent
messages decreased significantly.

New Spam omelette



What’s new in the spam landscape?

Medicine spam dropped significantly over the last
week, but German spam kept an ascending trend. Although the number of spam
messages written in German is relatively smaller than its English counterparts,
the presence of German words (Sich, Des, Ein, Hier, Bei, Auf, and Mit) in our
weekly top should be enough of a warning about the rise of localized spam.

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.

1 Comment

Click here to post a comment