The Spam Omelette #20
Week in review: March 26 - April 2
1. INVESTMENTS are good, especially when crisis strikes
Ranking first in our weekly top we find the word INVESTMENT, an absolute premiere to Spam Omelette. The word has been identified by the BitDefender spam researchers in unsolicited messages coming from Canadian Pharmacy via multiple spam relaying servers.
What's special in this campaign is the fact that it now concentrates around a new keyword, namely investment. Old phrases such as "love machine", "sex" and "Sex can be endless" have been discarded for a newer, more down-to-earth approach: the financial crisis and its inherent consequences.
The entire message mimics a financial newsletter with legitimate text. However, spammers have tweaked the original newsletter to display the Canadian Pharmacy logo along with a list of products and their pricing information, as described below:
Although the message appears to be better crafted than the previous spam campaigns and it's more likely to pass as legitimate to the unwary user, it still uses subjects that seem a little bit displaced (such as "You passed me bad money!"), which is totally unrelated to the content itself.
2. Your SUBSCRIPTION to spam never expires
The word SUBSCRIPTION has been identified mostly in spam messages advertising sexual enhancements, namely penis enlargement pills. Contrary to the public opinion this spam campaign is not associated with either Canadian Pharmacy or PowerGain+, but rather with Dr. Maxman's clinic, one of the many manufacturers of "natural" sexual enhancements that did not pass the FDA certification.
The spam message also impersonates a legitimate newsletter allegedly coming from beauty.com. More than that, unlike in the case of Canadian Pharmacy, the spam campaign abandons strong mail subjects in favor of some more ambiguous ones.
The actual spam campaign is based on the image above, linked to one of the websites selling the product.
3. Product spam is back. Just CLICK here.
We mentioned in our previous reports that spam messages have become scarcer right after the winter shopping season ended. It seems like this type of unsolicited mail is back: the word CLICK has been identified by the BitDefender spam researchers in messages promoting designer bag and wrist watch knockoffs.
The new spam wave is part of the old Prestige campaign that stormed users' inboxes just before Christmas.
4. EMAIL scams, back online
Ranking fourth in our weekly spam top, the word EMAIL has been detected in an aggressively-promoted advance-fee fraud scheme that hit users' inboxes on April 1st.
The message allegedly informs unwary users that they are now eligible to receive 1.5 million in cash, but they would have to provide the "bank" with their personal identification data. These messages are particularly dangerous because the personal information users may expose will be used for identity theft or subsequent phishing schemes.
5. HTML tags and EMPLOYEES
Although extremely visible on this week's spam map, the word EMPLOYEES does not physically appear in any of the analyzed messages. They mostly occur in commented text passed along with image-only spam to trick filters.
What's new in the spam landscape?
- Product spam is back in business after about three months of absence. Most of the spam messages reaching into users' inboxes are coming from Prestige Replicas.
- The global crisis and its effects on the economy brought crisis-specific spam, based on words such as Employees, investments or company. However, they usually don't carry any financial message, but rather act as baits for showing sexual enhancing drugs.
- German spam significantly dropped in charts: specific words such as Sie, und, wie, or als have now become extremely rare and barely show up on this week's spam map.
Article rating:
- |
- Send on Yahoo!
- |
- RSS
Copyright 2010. Site powered by BitDefender
shrinivas k said on Apr-2-2009 18:48