The Spam Omelette #10

1. Clicks in exchange of OEM software

Ranking first in this week's spam top, the word "CLICK" has been detected by the BitDefender spam researchers in an e-mail wave promoting OEM applications. This special kind of software can only be retailed to customers who buy new computers or hardware components.  Although these pieces of software are fully-functional applications, they are dramatically discounted because of various partnerships between hardware and software vendors.

However, retailing OEM copies infringes the End-User License Agreement, so any OEM license bought illegally may not function on your computer, or may even be disabled by the vendor.

2. Back to EMAIL

The word EMAIL ranks second this week and is mostly encountered in spam messages related to the PowerGain + drug business. Such messages perfectly imitate legitimate newsletter sent by legitimate companies. Spammers even add instructions about how users can remove themselves from the mailing list, although the links are fake and won't do anything but confirm that the spam message arrived in a valid inbox.

While most of the analyzed emails in this spam wave come with explicit, sexually-related subjects, spammers also use social engineering tactics in order to convince the user open these messages.

3. The fake UNSUBSCRIBE link

Adding a forged & malicious unsubscribe link to spam messages seems to have become a fully fledged standard in the spam industry. Spammers rely on this trick not only because this means extra text to the actual image-based message (which allows spam to bypass Bayesian filters), but this approach actually helps them tell what mail addresses on their mailing lists are still in use and which ones have been abandoned.

4. More Info? What about some spam instead?

Although the word  INFORMATION is relatively smaller than the previously-mentioned top terms in spam, it has been identified in the same forged disclaimers we have been previously talking about. The inconsistency proves that  the spam organization keeps on advertising the same product, but changes the email template to mislead unwary receivers.

5. New PROMOTIONAL offers from Poker Savvy

Although the winter hollidays are long gone, Poker Savvy still keeps on sending promotional offers for its potential customers. The company has a long history in spamming users' mailboxes, but it recently increased the amount of spam they pump up daily through their email marketing agency partner, bronto.com.

What's new in the spam landscape?

PowerGain+ is currently the top spammer of the week. It uses hundreds of templates and a wide array of subject messages to lure users into opening unsulicited messages. Their advertising is as pestering as the now-dead Canadian Pharmacy business, and we expect to see even more spam  coming from them in the following weeks.

Just as the winter shopping spree came to an end, product spam collected via BitDefender's honeypot network  dropped significantly, but did not fade away completely.