The Spam Omelette #58

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:”Calibri”,”sans-serif”;
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}

Week in Review: February 17 –
24

1. The RIGHTS  to spam you

Ranking first in this week’s
issue of the Spam Omelette, the word RIGHTS is mostly found in messages
advertising Canadian Pharmacy products in a newsletter-like form. The word is
part of the footer disclaimer that also includes a random 5-digit number. Upon
clicking any of the embedded links, the user will be redirected to a clone of
the Canadian Pharmacy website.

2. READING – a dangerous hobby

The word READING is placed second
in the spam top for the last week and has been mostly detected in messages
advertising a wide range of pharmaceuticals, especially sexual enhancement
pills and prescription-based drugs. In order to conceal their identity,
spammers have modified the message headers prior to sending them.

3. VIEW your spam online

The word VIEW has been identified
by the BitDefender spam researchers in messages also advertising Canadian
Pharmacy products. The word appears as part of an alternative text to be
displayed when the spam image is blocked by filters. Upon clicking on any
hyperlink included in the message, the user will be redirected to a Canadian
Pharmacy website clone. Interesting enough, this week’s Canadian Pharmacy spam
links forward the user to Canadian Pharmacy websites hosted in Russia, rather
than China, as usually. Even more, it seems that the domain names hosting these
clones are made up of two-word combinations (such as woodyear, lengthgame etc),
rather than of random six-to-eight digit numbers.

4. The BROWSER knows its way

The word BROWSER takes the fourth
place in this week’s issue of the Spam Omelette and is also encountered in
alternate texts displayed to the user when the spam image is blocked by
filters. This specific wave of medicine spam features one centered image
depicting this week’s offering. Unlike conventional image spam, this wave
embeds images hosted on various image sharing websites.

5. You can RUN, but you can’t hide from spam

The word RUN concludes this week’s issue of the Spam
Omelette. It has been detected in spam messages advertising online casino
Jackpot games. The message simply includes a link to the online casino, which
is also the relevant part of the spam message. In order to trick Bayesian spam
filters that would actually label a one-link-only message as junk mail,
spammers have added extra text that make no sense after a variable number of
whitespace lines.