about the city contact us
search
 
 
 
 
 
 
Malware city / Blog / The Spam Omelette #20
Print | Send on Yahoo! | PDF version | Feed RSS | Filed Under: SPAM REVIEW

The Spam Omelette #20

Date: 04/02/2009
Author: Bogdan Botezatu

Welcome to this week’s issue of the Spam Omelette, BitDefender’s report on spam trends and techniques. For 20 weeks now, we have been investigating what’s new in the spam landscape, but if you missed our previous reports, please have a look on our testing methodology and spam map generation procedures before proceeding with this new article.

 Week in review: March 26 - April 2

Omelette 20

 

1. INVESTMENTS  are good, especially when crisis strikes

Ranking first in our weekly top we find the word INVESTMENT, an absolute premiere to Spam Omelette. The word has been identified by the BitDefender spam researchers in unsolicited messages coming from Canadian Pharmacy via multiple spam relaying servers.

What's special in this campaign is the fact that it now concentrates around a new keyword, namely investment. Old phrases such as "love machine", "sex" and "Sex can be endless" have been discarded for a newer, more down-to-earth approach: the financial crisis and its inherent consequences.

investment spam

 

The entire message mimics a financial newsletter with legitimate text. However, spammers have tweaked the original newsletter to display the Canadian Pharmacy logo along with a list of products and their pricing information, as described below:

investment spam 2

Although the message appears to be better crafted than the previous spam campaigns and it's more likely to pass as legitimate to the unwary user, it still uses subjects that seem a little bit displaced (such as "You passed me bad money!"), which is totally unrelated to the content itself.

 

2. Your SUBSCRIPTION to spam never expires

The word SUBSCRIPTION has been identified mostly in spam messages advertising sexual enhancements, namely penis enlargement pills. Contrary to the public opinion this spam campaign is not associated with either Canadian Pharmacy or PowerGain+, but rather with Dr. Maxman's clinic, one of the many manufacturers of "natural" sexual enhancements that did not pass the FDA certification.

Subscription spam

The spam message also impersonates a legitimate newsletter allegedly coming from beauty.com. More than that, unlike in the case of Canadian Pharmacy, the spam campaign abandons strong mail subjects in favor of some more ambiguous ones.

Subscription spam 2

The actual spam campaign is based on the image above, linked to one of the websites selling the product.

 

3. Product spam is back. Just CLICK here.

We mentioned in our previous reports that spam messages have become scarcer right after the winter shopping season ended. It seems like this type of unsolicited mail is back: the word CLICK has been identified by the BitDefender spam researchers in messages promoting designer bag and wrist watch knockoffs.

Click spam

The new spam wave is part of the old Prestige campaign that stormed users' inboxes just before Christmas.

 

4. EMAIL scams, back online

Ranking fourth in our weekly spam top, the word EMAIL has been detected in an aggressively-promoted advance-fee fraud scheme that hit users' inboxes on April 1st.

Email spam 20

The message allegedly informs unwary users that they are now eligible to receive 1.5 million in cash, but they would have to provide the "bank" with their personal identification data. These messages are particularly dangerous because the personal information users may expose will be used for identity theft or subsequent phishing schemes.

5. HTML tags and EMPLOYEES

Although extremely visible on this week's spam map, the word EMPLOYEES does not physically appear in any of the analyzed messages. They mostly occur in commented text passed along with image-only spam to trick filters.

What's new in the spam landscape?

  • Product spam is back in business after about three months of absence. Most of the spam messages reaching into users' inboxes are coming from Prestige Replicas.
  • The global crisis and its effects on the economy brought crisis-specific spam, based on words such as Employees, investments or company. However, they usually don't carry any financial message, but rather act as baits for showing sexual enhancing drugs.
  • German spam significantly dropped in charts: specific words such as Sie, und, wie, or als have now become extremely rare and barely show up on this week's spam map.
Share our story:
DiggStumbleUpondel.icio.usYahooMyWebFurlGoogle
RELATED:

user comments
Is the subject field randomly generated or a case of bad english? Most of the spam messages have subject lines which only seem to hint "SPAM"!!
Comment on this:
Name:
Email:
Your email address will not be published!

Please enter the code from the image below.
The code is not case sensitive
Verification Image
Reload image
 
 
Calendar
March 2010
MoTuWeThFrSaSu
1234567
891011121314
15161718192021
22232425262728
293031    
« Feb March Apr »
CategoriesMISCELLANEOUS
WEEKLY REVIEW
VIRUSES DESCRIPTIONS
CONTEST
MALWARE HISTORY
HOW TO....
BOTNETS
ALERTS
SPAM REVIEW
Tag Claud
security review virus infected antivirus conficker online worm exploit message bitdefender downadup rogue twitter file pharmacy word microsoft software malware computer messages trojan omelette system canadian data files windows spam
RSS Feeds
Blogs And Comments RSS News
Malware City Powered by BitDefender © 2010 |  privacy policy   |  city map