The Spam Omelette #55

Week In review:  December 30 2009 – January 06 2010

Although the new year has barely begun, spammers are already
hard at work pumping junk in users mailboxes. Since the shopping season is over
and so is users’ budget, this week’s unsolicited messages are mostly focused on
selling sexual enhancements such as knock-off Viagra and Cialis.

This issue of the Spam Omelette will be a special one, since
the top five spam words for the past week are part of the same spam wave
impersonating legitimate newsletters.

This specific spam wave is notable in size and seems to
originate from computers infected with Trojan.Spammer.Tedroo, a malicious bot
that has been also used to send spam mentioning celebrity names. Spammers have
used a single e-mail template showing a centered image and labeled as
“Copyright (5 random digits) Inc. All rights reserved”. More than that, the
message headers have been tampered with in order to hide the true identity of
the sender.

The same medicine e-shop is also responsible for a second,
small-size spam wave featuring a slogan and a link to a Canadian Pharmacy
website clone. In order to avoid Bayesian spam filters, the message includes a
couple of lines of “junk” text (meaningless sentences that have no commercial
value, but add extra words to a suspiciously short message) taken from Leo
Tolstoy’s War and Peace.