The Spam Omelette #57

Welcome to a new issue of our Spam Omelette, the weekly review focused on the latest trends in the spam industry. Before moving forward with the material, please take a look at our testing and map generation methodology, as explained in our first issue.

Spam omelette 57

Week in Review: January 27 – February 2

Medicine spam is here to stay, or
at least that is what the findings of the second E-Threats Landscape Report for
2009 revealed. With Canadian Pharmacy and MaxGentleman as the two most
notorious contenders of the medicine spam industry, the spam landscape hasn’t
quite changed in a while.

If you have been with us since
the beginning, then you probably have noticed that the top 5 words associated
with spam have remained relatively unchanged and usually depict the footer line
of a regular newsletter (Unsubscribe, Privacy, Policy, Copyright and E-Mail).
In order to stay relevant, we will not detail upon any of these words unless
they are exploited in a new way than usually.

1. WebMD
ads leading to Canadian Pharmacy

Ranking first in this week’s
issue of the Spam Omelette, brand name WebMD is found in forged newsletters
sent by Canadian Pharmacy on the behalf of WebMD. As we mentioned before, WebMD
is a legit e-zine dealing with news from the healthcare industry, which makes
the brand more appealing to medicine spammers.

It seems that Canadian Pharmacy
is expanding its business these weeks: if during 2009 we have seen these ads
leading to a China-based web domain, the new spam wave points the unwary
visitor to a Russian webpage. All in all, the spammer still sticks to countries
where the antispam legislation is either lax or totally absent.

WebMD Spam


Bait for Haiti

Spammers and cyber-criminals are
always ready to take new opportunities around extraordinary events. This was
the case with the ill-fated Storm Worm, and now history repeats itself with the
Haiti earthquake. This specific spam wave asks people to donate a variable
amount of money to the victims of the Haiti earthquake. The message is written
in extremely poor English and is full of spelling errors, the first hint that
it is not sent by a legitimate organization. Unwary recipients that choose to
follow the request will most likely donate to a criminal organization.

E-mail Spam Haiti

3. If
you’ve got any difficulties, click here

The world DIFFICULTY ranks third in BitDefender’s spam top for the previous
week. This new addition to the Spam Omelette is mostly found in messages
containing pictures and comes as a piece of advice for people whose mail
filters managed to block the image. When clicked, the link will redirect the
user to a Canadian Pharmacy clone website.

Difficulty Spam

4.  Give
us your ADDRESS, we’ll send you money

The word ADDRESS has been
identified by the BitDefender spam researchers in a medium-sized spam wave
announcing its victims that they have won GBP500,000 at the Coca-Cola Donation
Raffle. In order to get their prize, users must first reply the message and
provide a couple of personal details, that may be used in identity theft
schemes, spear phishing attacks or even as contact information for various
types of spamming.

Address and money spam

the new cash cow in town

The word SOFTWARE concludes this
week’s issue of the Spam Omelette and has been identified in multiple spam
waves. We have already covered pirated software offerings disguised as OEM
deals in our previous spam reports. This week’s “deal” advertises a get-rich
scheme that would allegedly bring the victim about $2500 a day. Called the
Turbo Cash generator, the advertised software utility is actually a Twitter
spamming tool that posts links to a specific website on other users’accounts.
If taken, the “deal” not only that would get you banned from Twitter, but will
also bring your business enough bad reputation.

Software Spam Victim

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.