3 min read

The Spam Omelette #9

Bogdan BOTEZATU

January 15, 2009

Promo Protect all your devices, without slowing them down.
Free 30-day trial
The Spam Omelette #9

Spam omelette 9 Map

This week’s spam
landscape witnessed another major change, a sign that spammers keep on
innovating in order to gain users’ interest and bypass spam filters.

1. MICROSOFT gets in the spam game

It may be seem odd,
but this week’s number one spam word is Microsoft. Interesting enough, spam
messages mentioning the Redmond-based company have nothing in common with the
newly-introduced operating system, Windows 7. BitDefender spam analysts
detected the word in scam messages allegedly coming from Microsoft. The
unsolicited email announces recipients that they have qualified for a special,
yet undisclosed “award”.

Microsoft Spam Image

The poor English
(Microsoft XP Window instead of Windows), combined with an extremely
unfortunate HTML formatting should be enough of a warning that the message is a
scam and should be discarded immediately.

2. PRIVACY?
Where?

Ranking second in our
weekly top, the word Privacy has been detected in quite intrusive messages
advertising cheap replica watches. The unfortunate spammers claim that the
124-bit (? -it was supposed to be 128-bit) encryption algorithms used in
e-banking can prevent friends and relatives from telling the original brand
from a knock-off.

Privacy Spam Image

 

3. Wanna UNSUBSCRIBE? Impossible!

The Unsubscribe trick
has been in use for quite some time now, but it seems to have worked for
spammers, as it is included in almost every unsolicited message received
through BitDefender’s honeypot network. The Unsubscribe link is extremely
useful not only because it adds extra text for image-based spam to bypass
Bayesian filters, but also adds extra legitimacy to an ordinary unsolicited
message. The word has been identified especially in the PowerGain+ medicine
campaign; in fact, the message mimics a legitimate message extremely well and
even includes instructions for users whose email client blocks access to
images.

Unsubscribe Spam Image

The PowerGain+ spam
campaign is extremely aggressive and outpaced the Canadian Pharmacy business in
terms of sent messages this year. Another interesting aspect of the mentioned
spam campaign is the fact that all the received messages have been forged to
look as if they had been sent from the own personal mail address. Shortly put,
the sender’s address is always identical
to the recipient’s one.

4. When
PLEASE
means more spam

The word “PLEASE” has
been identified in only one spam campaign that is part of the advance-fee scam
category. The message informs its recipients that they have been chosen to
receive a large amount of money (US $700,000) collected through donations. As
the user tries to claim the money, they will be required to post a specific sum
into an anonymous account as transaction fees.

Messagio! Spam Image

Please remember: if a
message contains information that sounds too good to be true, it probably is,
and you should discard the message immediately.

5. CANADIAN Pharmacy strikes back in new form

Once known as the
biggest spam source in the world, Canadian Pharmacy slowly shrunk to
disappearance (December 2008 and early 2009, probably affected by the
dissolution of the Storm Botnet), but it now strikes back under a new
moniker:  Canadian Health & Care
Mall. The message count is still diminutive as compared to its predecessor, but
we expect it to grow larger in the following months.

Canadian Spam Image

What’s new in the spam landscape?

Apart from the
“regular” presences in our weekly top, BitDefender antispam analysts identified
yet another kind of spam messages that use social engineering techniques to
steal unwary users’ identities.

Reunion Spam Image

The message announces
the receiver about an alleged class reunion event, but as they try to squeeze
more information from the embedded link, they are presented with a fake login
page asking them to input sensitive personal data.

 

tags


Author


Bogdan BOTEZATU

Bogdan is living his second childhood at Bitdefender as director of threat research.

View all posts

You might also like

Bookmarks


loader