The Spam Omelette #43

Welcome to the Spam Omelette, BitDefender

Week in review: September 16 – 23

Spam Omelette 43

1. WebMD
strikes back

Ranking first in this week’s issue of the Spam Omelette, the
word WebMD has been detected in
messages coming from infamous spammers advertising Canadian Pharmacy products.
WebMD has a long and unfortunate tradition in playing as a legitimate disguise
for spammers, especially when it comes to sexual enhancements and weight loss

In order to carry out their scheme, spammers have modified a
legit newsletter from health e-zine WebMD in order to display an image of their
current pill offering, as shown in the image below.

WebMD Spam

2. Keep
fit! Drop extra WEIGHT and money!

The word WEIGHT
ranks second in this week’s issue of the spam top and has been identified
mostly in messages advertising allegedly natural weight loss recipes. Called
Colo Cleanse Plus, the new miracle herb cocktail is just another rebranding of
the Acai Berry junk that has been advertised via spam messages for more than a

The spammers try to gain their victims’ confidence by
mentioning trustworthy brands and names from the US show-biz scene, such as
Oprah Winfrey and MSNBC, as well as medical trend-setters such as WebMD.

Acai Berry Scam (SPAM)

3. The
UNSUBSCRIBE trick never gets old

Ranking third in the BitDefender spam top for this week, the
term UNSUBSCRIBE has been also
identified in unsolicited messages from Canadian Pharmacy. Impersonating a
newsletter from the Mayo Foundation for Medical Education and Research, the
spam wave looks extremely legit, as compared to the older and sometimes
misspelled messages. However, the various slang terms used to describe the
effects of the advertised products should hint the user of the fact that this
is just another scam coming from world’s number one spammer.

unsubscribe link spam

4. Newsletters,
more newsletters!

Newsletters are the easiest and the most convenient method
of sending unsolicited messages and leading the victim into believing that in
fact, they asked for it. Not only that they give extra credibility to the spam
message, but they also may ensure that the spam email is not blocked by
Bayesian filters. Almost every spam newsletter includes unsubscribe and / or
subscription management links, but clicking them would only confirm that the
recipient’s email is valid and ready for more spam.

newsletter spam


The word EMAIL
that used to rank number one for some time – has dropped to a modest fifth position
in this week’s issue of the Spam Omelette. The term is mostly encountered in
unsolicited mail coming from Canadian Pharmacy through spoofed e-mail
addresses. Given the fact that most images are blocked by default in both
modern email clients and web-mail services, spammers even provide the user with
facile links to the “web-page version” of the newsletter.


About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.