Print | Send on Yahoo! | PDF version | RSS | Filed Under: SPAM REVIEW

The Spam Omelette #2

Welcome to the second issue of our Spam Omelette, a weekly report on the latest trends in spam. If you missed our previous’ week report, you may want to check it out now to get acquainted with our testing methodology and visual spam map generation.

    1.   LIVE from the spam scene

The analyzed spam stock revealed that the most frequently used word in the last week's campaigns is the word "live". It occurs in messages belonging to two distinct spam campaigns, advertising different products.

The first spam campaign tries to sell prescription drugs and sexual enhancement pills via blogs set up on Microsoft's LIVE Spaces platform. This word is closely related to this week's second favorite: "Spaces". The latter spam campaign directs users to an infected webpage which purportedly hosts a video player but actually infects the user's computer by triggering the download of a malicious application posing as a codec. The BitDefender analysts identified this file as infected with Trojan.HTML.ZLOB and Trojan.Agent.AGGZ, two pieces of malware that are able to drop other malicious files on the host system.

Moreover, users are also presented a fake unsubscription link. However, clicking on it would only alert the spammer that the respective address is being used by a human.

2. NEW opportunities lurking in the spam box

Psychology teaches that human subjects respond better to new things, and spammers are known as masters of deceit. No wonder that spammers frequently abuse the word in order to sell regular products and services. This week, BitDefender spotted two types of messages centered on the word „new".

The first spam wave advertises an online betting web-service called Poker Savy. The company behind this service is already notorious for its illegal advertising, but this time it seems that it contracted the services of an e-mail marketing company called Bronto.

The other spam wave contains messages related to job offers. The scenario is extremely simple: users receive a part-time job offer that promises huge income for only a couple of hours' work.  Users who sign up for the offer are asked to forward packages or cash money orders.

 It is an easy job that could be done by the employers themselves, unless it was illegal. Packages and money usually come from credit card fraud. If police manages to track down the address, unwary users would go to jail, while the bad guys would never be found.

An even likelier scenario is that would-be „mules" are asked to co-fund the endeavor in a fashion or other - turning this into a nigerian scam with a nice twist.

3. Eliminate your DEBTS

Debt spam may not be the latest trend in the industry, but it reached worrying proportions because of the dire state of the U.S. econony. BitDefender Antispam Labs identified more than 37 variations of such messages. Although most of the advertised websites have already been taken down, new spam messages keep presenting their URLs.

4. PRODUCT spam

Product spam accounts for an insignificant amount of messages. However, the previous week's messages revealed that weight-loss pills are now marketed , rather than Canadian Pharmacy offers.

5. Canadian Pharmacy presents VIAGRA

Previously known as the spam king, Viagra dropped in our weekly top to a "shameful" fifth place. However, the Canadian business is still alive and kicking, except for the fact that the spammers widened their scope. Erectile dysfunction pills are now referred to as penis enlargement products, health medicine or even "the pill". Medicine spam is usually associated with computers infected by the Rustock.C rootkit.

What's new in the spam landscape?

A closer look into the previous' week spam messages revealed the re-emergence of educational spam. This category of unsolicited messages advertises for tertiary qualifications such as University diplomas and degrees, among others.

 

Advertising for tertiary qualifications like University diplomas and degrees. Also covers other training courses, like learning to become a real estate agent.

No matter how great it looks, earning a college degree in only 30 days won't bring anything but a great-looking decoration for your office wall. The scheme is extremely simple: users have to provide their name and authorize a fund transfer to a specified bank account. 30 days later, they would receive a "fully- accredited" diploma - a worthless sheet of paper issued by a bogus accreditation body.