This week’s spam
landscape witnessed another major change, a sign that spammers keep on
innovating in order to gain users’ interest and bypass spam filters.
1. MICROSOFT gets in the spam game
It may be seem odd,
but this week’s number one spam word is Microsoft. Interesting enough, spam
messages mentioning the Redmond-based company have nothing in common with the
newly-introduced operating system, Windows 7. BitDefender spam analysts
detected the word in scam messages allegedly coming from Microsoft. The
unsolicited email announces recipients that they have qualified for a special,
yet undisclosed “award”.
The poor English
(Microsoft XP Window instead of Windows), combined with an extremely
unfortunate HTML formatting should be enough of a warning that the message is a
scam and should be discarded immediately.
Ranking second in our
weekly top, the word Privacy has been detected in quite intrusive messages
advertising cheap replica watches. The unfortunate spammers claim that the
124-bit (? -it was supposed to be 128-bit) encryption algorithms used in
e-banking can prevent friends and relatives from telling the original brand
from a knock-off.
3. Wanna UNSUBSCRIBE? Impossible!
The Unsubscribe trick
has been in use for quite some time now, but it seems to have worked for
spammers, as it is included in almost every unsolicited message received
through BitDefender’s honeypot network. The Unsubscribe link is extremely
useful not only because it adds extra text for image-based spam to bypass
Bayesian filters, but also adds extra legitimacy to an ordinary unsolicited
message. The word has been identified especially in the PowerGain+ medicine
campaign; in fact, the message mimics a legitimate message extremely well and
even includes instructions for users whose email client blocks access to
The PowerGain+ spam
campaign is extremely aggressive and outpaced the Canadian Pharmacy business in
terms of sent messages this year. Another interesting aspect of the mentioned
spam campaign is the fact that all the received messages have been forged to
look as if they had been sent from the own personal mail address. Shortly put,
the sender’s address is always identical
to the recipient’s one.
PLEASE means more spam
The word “PLEASE” has
been identified in only one spam campaign that is part of the advance-fee scam
category. The message informs its recipients that they have been chosen to
receive a large amount of money (US $700,000) collected through donations. As
the user tries to claim the money, they will be required to post a specific sum
into an anonymous account as transaction fees.
Please remember: if a
message contains information that sounds too good to be true, it probably is,
and you should discard the message immediately.
5. CANADIAN Pharmacy strikes back in new form
Once known as the
biggest spam source in the world, Canadian Pharmacy slowly shrunk to
disappearance (December 2008 and early 2009, probably affected by the
dissolution of the Storm Botnet), but it now strikes back under a new
moniker: Canadian Health & Care
Mall. The message count is still diminutive as compared to its predecessor, but
we expect it to grow larger in the following months.
What’s new in the spam landscape?
Apart from the
“regular” presences in our weekly top, BitDefender antispam analysts identified
yet another kind of spam messages that use social engineering techniques to
steal unwary users’ identities.
The message announces
the receiver about an alleged class reunion event, but as they try to squeeze
more information from the embedded link, they are presented with a fake login
page asking them to input sensitive personal data.