The Spam Omelette #60 – on Cheap Replicas and OEM Software

Welcome to a new issue of our Spam Omelette, the weekly review focused on the latest trends in the spam industry. Before moving forward with the material, please take a look at our testing and map generation methodology, as explained in our first issue.

Spam Omelette 60

1. MESSAGE in a bottle

The word MESSAGE ranks first in the 60th issue of the Spam Omelette and is mostly found in unsolicited mail coming from world’s No. 1 spammer, Canadian Pharmacy. Just like in the past, these messages are disguised under the mask of legitimate health newsletters for extra credibility. The message features a centered image with the current offering. However, since most spam filters based on Bayesian block messages containing specific words if they are excessively used, spammers have added a large piece of “junk” text to trick these filters into labeling spam as legitimate.

Message Spam


2. CLICK here for more spam!

Ranking second in this week’s spam top, the word CLICK has been also identified in messages coming from Canadian Pharmacy. It is part of the alternative, text-based description of the spam image, which is displayed when the e-mail client blocks it. Interesting enough, if the user clicks on the link, they will be redirected to a clone of the Canadian Pharmacy through a series of compromised (but legitimate) websites hosting a JavaScript redirection HTML page.

Click Spam


3. PRIVACY at risk

The word PRIVACY is placed third in this week’s issue of the Spam Omelette and has been detected by BitDefender’s spam researchers in messages advertising sexual enhancements. This specific spam wave uses a MSN newsletter HTML template that has been modified to accommodate an image-based ad and a couple of links to one of the Canadian Pharmacy online stores.

Privacy Spam

4. FIRST date, second-hand watches

The word FIRST has been detected in a massive wave of product spam, advertising cheap replicas of designer watches. This specific wave relies exclusively on text and hyperlinks. As the user clicks the recommended link, he /she will be redirected to http://ou*****.ru/secure.php?cmd=home, a Russia-based online store advertising a wide range of counterfeit accessories. As a rule of thumb, you are advised to never purchase products advertised through spam using your credit card.


First Date Spam

5. Cracked MICROSOFT software packed as OEM

Brand name Microsoft concludes this week’s top of spam words. Ranking fifth, it has been mostly detected in unsolicited mail advertising “OEM software” at massively discounted prices. However, this bargain hides a means of illegally selling “cracked”software (commercial applications that have been tampered with in order to circumvent their protection scheme). 

Cracked Microsoft Spam

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.