Malware City/Blog/

Mar
18
Filed Under:
SPAM REVIEW

The Spam Omelette #18

18 March 2009
Welcome to this week’s issue of the Spam Omelette, BitDefender’s report on spam trends and techniques. Before digging deeper into the matters, please make sure that you are familiar with our testing and map generation methodologies, as presented in the first issue of the Omelette.

  Malware City Spam Omelette

 

 

1.    Crisis offers start showing up

Spammers made quite a few attempts to draw users’ attention by taking advantage of the current state of the US economy, but they have never reached this week’s performance. Ranking first in our weekly spam top, the word XRISIS has been identified by the BitDefender spam analysts in messages advertising allegedly free credit reports. Although the service is available for US residents, the messages have been sent globally, regardless of recipients’ country of origin.
 
Credit Score
 
2.    INFORMATION is key

Canadian Pharmacy strikes back after a full week of undisputed supremacy in the spam landscape. This time, the notorious organization impersonates newsletters from trustworthy organizations such as About.com. This week’s spam campaign also relies on inciting mail subjects in order to lure its recipients into opening the messages. Other main subjects in the same campaign read Sending to you, non-work email, About future weekend trip, Where are you? The studies began!.
 
 
 
Information is the key

 

3.    UNSUBSCRIBE if you can

Ranking third in our weekly spam top, the word UNSUNBSCRIBE has been identified in another spam wave sent by Canadian Pharmacy. Although the forged unsubscribe trick is widely spread among spammers, as it allows them to more reliably sort active and inactive addresses, the online medicine shop is the week’s most fervent abuser.

 

 

Unsubscribe Spam

 

Messages in this spam wave also make heavy use of catchy subjects in order to trick users into opening them.


4.    EMAIL


Ranking fourth in our weekly top, the word EMAIL has been identified in spam messages coming from the same Canadian Pharmacy business. It is mostly encountered in the template’s footer message, along with the fake unsubscribe link.

 

Spam Email

 

 

5.    PLEASE, get this malware bundle!

The word PLEASE has been identified by the BitDefender spam researchers in spam messages bundled with HTML attachments that allegedly contain further instructions about the offerings. The actual message announces miraculous methods of getting quite large amouhnts of money by simply visiting some websites. However, the attachment only contains an iframe to a malicious website that tries to plant malware on users’ computers.

 

Spam Omelette

 

 

What’s new in the spam landscape?

•    German words are still visible on the spam map. Terms such as Aud, der, die and Und are significant metrics revealing the fact that significant amounts of spam originate from German-speaking territories.

•    The financial Crisis affecting the US economy starts being exploited on large scale in spam. Although product spam is still scarce, more and more unsolicited messages advertise credits or rely on fake job offers to scam recipients.

 

 

 





By Bogdan Botezatu
Bogdan never trusts anything until it is disassembled into small pieces and carefully inspected. The passion for writing and the almost obsessive attention to details are some of his greatest qualities and, at the same time, some of his greatest flaws.

Related

12-03-2009 | The Spam Omelette #17

04-03-2009 | The Spam Omelette #16

25-02-2009 | The Spam Omelette #15

19-02-2009 | The Spam Omelette #14

Comment on this

Name:

Email:

Website:

Your email adress will not be published.