The Spam Omelette #13

Week in review: February 5 – 11

1. EMAIL climbs back in the top

Last week's spam top witnessed a dramatic shift, as German spam took users' inboxes by surprise. However, this time, the word EMAIL is back as the top word used in spam messages. The BitDefender spam analysts identified the word spelled both as eMail and E-MAIL in distinct campaigns.

The word EMAIL has been spotted in a classical advance-fee scam allegedly coming from Australian Lottery. Scam messages build on unwary users' confidence in order to make them advance sums of money in return of larger financial gains.

The second spam wave containing the E-MAIL keyword advertises the perfect gift for the upcoming Valentine's Day. This series of unsolicited messages also include a footer message with an alleged link to the Microsoft website.

However, as the users click the link, they are automatically redirected to a compromised website that attempts to plant malware on the respective computer (binary files infected with the Waledac bots).

2. Russian dating site says PLEASE

Ranking second in our weekly spam top, the word please has been identified by the BitDefender spam researchers in messages promoting a Russian dating website. The spam message lets the users know that they may view one of its members' profile by clicking on the embedded link. Although the website has not been labeled as malicious as of the moment of writing, the advertisement method can be safely labeled as spam.

Curiously enough, the message lacks the "standard" forged unsubscribe link, yet users willing to unsubscribe are advised to email the administrative staff, thus confirming that the message arrived in their inboxes.

3. Crisis NEWS travel fast

Building up on the precarious state of the US economy, spammers have started promoting yet another type of "friendly" loans. Despite the fact that the message advertises money loans, there's more in it than the eye meets. The embedded link directs unwary recipients to website that's already notorious for hosting malware: www.applyadobeplayer.com. The mentioned URL has already been suspended for abuse, as it has been associated with the fake Flash Player update malware scheme (Win32.Trojan.Zlob and Antivirus XP 2008 are only two of the pieces of malware served to the users).

4. NEW cars coming via spam

Ranking fourth in our weekly top, the word NEW has been identified by the BitDefender researchers in unsolicited messages advertising discounted new cars. The mail message comes with an unsubscribe link that, once clicked, adds the email address to the spammer's database, then directs the user to the website's home page.

5. CLICK to get 15 free pills

Medicine spam is on the rise again with the advent of yet another competitor on the sexual enhancements marke. Dubbed the edPill Store, the new online webshop has started an aggressive spam campaign to catch up with PowerGain+ and Canadian Pharmacy. The message is extremely short and simple; unlike previous campaigns in the drug business, it does not contain any images, just an embedded link to the online shop.

What's new in the spam landscape?

• Non-English spam is still visible on the generated map. Although dramatically lower than the last week's results, German words such as sie, die, das, auf or their Spanish equivalents los, que and las are enough of a warning that the unsolicited message count is ramping up in the mentioned territories.
• Phishing attempts are also on the rise, as proven by the words CITIBANK and ACCOUNT that have been revealed on the map.