SPAM REVIEW

The Spam Omelette #53 – When Winning Actually Means Losing

Welcome to a new issue of our Spam Omelette, the weekly review focused on the latest trends in the spam industry. Before moving forward with the material, please take a look at our testing and map generation methodology, as explained in our first issue.

Week in Review: November 3 – December 2

Spam Omelette 53

1. UNSUBSCRIBE links are back in the game

During the past weeks,
newsletter-based spam has witnessed a slight decrease, along with the “main
course” it serves: medicine spam. However, the word UNSUBSCRIBE is back in top
and has been mostly identified in messages advertising sexual enhancement drugs
from Canadian Pharmacy. The message features an invalid unsubscribe link and is
sent on the behalf of Yrqnuveixu Inc
(a random 10-letter combination that is probably generated by the Pushdo
botnet).

 

Unsubscribe

 

2. EMAILs from Viagra

Ranking second in this week’s spam top, the word EMAIL has been detected
by BitDefender’s spam researchers in a medium-size wave of unsolicited mail
allegedly advertising Viagra pills. The message headers have been forged to
hide the initial originator and all links to Viagra.com have been spoofed to
send the user to http://bef.[removed]xeb.cn/
(a clone of the Canadian Pharmacy website).

 

Viagra pfizer spam

 

3. Turkish SITE offering tips &
tricks

 

The word SITE has been detected in a less-than-usual spam wave primarily
targeting Turkish web users. The e-mail is written in Turkish only and
advertises a “new method” of making money online.  In order to start their own business online,
the victim has to purchase an electronic book on how to implement and optimize
the Google’s Adsense revenue system on their websites.

 

 

 

4. More PILLS delivered directly in
your inbox

 

Initially spotted in early May, Acai berry spam makes a dramatic comeback
on the fourth place. Disguised as a testimonial from a happy customer, the
message includes a link to a website that sells the actual product.

 

Pills spam

 

5. Message from a scammer

 

Ranking last in this week’s issue of the Spam Omelette, the word MESSAGE
is mostly present in a medium-sized spam wave announcing the user that they are
about to receive $15.3 million via courier services. All the victim has to do
is reply the mail or contact the scammer by phone and provide them with their
full name and address, telephone and mobile numbers and (surprisingly) a copy
of their International Passport or Driver’s License. Please note that this is
not a joke that would eventually leave you without a certain amount of money,
but a fully-fledged identity theft scheme that would dramatically impact on
your life. Never reply this kind of message and – most important – never
provide unknown persons personal information or copies of your documents.

 

message spam

About the author

Bogdan BOTEZATU

Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.