Print | Send on Yahoo! | PDF version | RSS | Filed Under: SPAM REVIEW

The Spam Omelette #21

Welcome to the Spam Omelette, BitDefender’s weekly analysis of spam trends and techniques. In order to come with accurate results for our weekly top, we analyze about 7 million spam messages. In case you missed our previous reports, please have a look on our testing methodology before proceeding with this new article.

Week in review: April 2 - 8

1. Spam disguised as NEWSLETTERS

In order to better trick the user into opening messages coming from unknown senders, most of this week's spam came disguised as legitimate newsletters. The BitDefender spam researchers identified the word in waves allegedly coming from Health.com. As soon as the user authorizes images from the sender, they would be presented with the Canadian Pharmacy offerings (sexual enhancement drugs that did not pass the FDA validation).

 

This specific spam campaign relies on multiple templates and mail subjects to lure users, although the Canadian Pharmacy images are located on a single web address.

 

2.  PLEASE, let me take all your money

Interesting enough, the word PLEASE has been once again detected in spam messages promoting advance-fee fraud schemes. This week's spam wave comes from Miss. Marcelin Patrick, which promises 20 percent of a huge amount of money in exchange of your personal data. Of course, the money would never get to the recipient, but it is for sure that the victim will suffer significant financial loss.

3. French advertising: Voulez VOUS extra spam?

Following the German examples we offered a couple of weeks ago, French spam is also escalating at alarming rates. The word VOUS (polite term for  YOU) has been spotted on this week's spam map, but was not identified in the actual message body of any mailing. Instead, it is added as HTML comments to compensate for the lack of text content in image-based spam.

4. Fake UNSUBSCRIBE links for fake newsletters

Ranking fourth in our weekly spam top, the word UNSUBSCRIBE has been identified in spam messages impersonating legitimate newsletters. However, clicking this type of links would only confirm spammers that your inbox is operated by a human, therefore you're eligible for extra unsolicited mail.

5. EMAIL contents now available online

Ranking last in this week's spam top, the word EMAIL has been identified in spam messages also coming from Canadian Pharmacy. Disguised as legitimate newsletters, these messages offer a link to an online version of the content, should spam filters block essential pictures in the mailing.

What's new in the spam landscape?

 

• French spam has gained significant ground; words such as VOUS, LES, QUE, PAS and CLICQUEZ are now visible in different proportions on the spam map. Most of the text is introduced as junk HTML comments to trick spam filters.
• Easter E-Cards carrying malware: malware authors are already taking advantage of the upcoming Easter holiday in order to spread infected binaries amongst computer users.

As the user tries to claim their unsolicited Easter cards, they are randomly infected with generic Trojan able to plant subsequent malware on the compromised systems.