The Spam Omelette #61

Welcome to this week

Week in review: April 14 – 21

Spam Omelette 61

1. CLICK the link

The word CLICK has been a common presence in the spam landscape ever since the first issue of the Spam Omelette. After a long absence it now returns as number one in spam messages advertising cheap replicas of watches and other accessories. This specific spam wave relies on text and hyperlinks, and not on images, since the latter are more likely to end up snatched by spam filters.

Click Spam

2. UNITED in spam

Ranking second in this week’s issue of the Spam Omelette, the term United (as in United States) has been mostly detected in messages sent by Canadian Pharmacy. These spam mails contain a central image with the offering, followed by a large amount of “junk” text to make it look more legit. All the links embedded in the message, including the unsubscribe and privacy statements, have been forged to lead the user to a Canadian Pharmacy clone.

United in Spam

3. MESSAGE from the Russian Bride

The word MESSAGE is placed third in this week’s spam top and has been detected by the BitDefender spam researchers in unsolicited mail advertising a wide range of sexual enhancements and diet pills. The message uses social engineering tricks (an alleged message sent by a woman) in order to make the user click on a link to a blog hosted either on, or on

Message Spam

4. PRIVACY promises never kept

Ranking fourth, the word PRIVACY is mostly present in spam messages using the classical approach of impersonating newsletters. This medium-size spam wave relies on a standard HTML template with a central image, as well as a couple of hyperlinks that lead the user to a Canadian Pharmacy page. Since these clones are usually taken down for abuse, and the e-mailed links might not work anymore, cyber-criminals use the links of a couple of legitimate (yet hacked in websites) to perform the redirects as needed. As soon as all the Canadian Pharmacy links in a batch are down, they set up new domains and update the HTML redirectors on the compromised webpages.

Privacy Spam

5. MICROSOFT, top pick in cracked software

Popular trademark MICROSOFT concludes this week’s spam top, and has been identified in multiple spam waves advertising heavily discounted software titles available on miscellaneous e-stores. Although they are presented as OEM applications, they are in fact cracked copies, which makes them not only illegal, but also dangerous for the user, given the fact that most cracks and keygens are   swarming with malware.

Microsoft spam

About the author


Bogdan Botezatu is living his second childhood at Bitdefender as senior e-threat analyst. When he is not documenting sophisticated strains of malware or writing removal tools, he teaches extreme sports such as surfing the web without protection or rodeo with wild Trojan horses. He believes that most things in life can be beat with strong heuristics and that antimalware research is like working for a secret agency: you need to stay focused at all times, but you get all the glory when you catch the bad guys.