Print | Send on Yahoo! | PDF version | RSS | Filed Under: SPAM REVIEW

The Spam Omelette #22

Welcome to the Spam Omelette, BitDefender’s weekly newsletter on the latest spam trends and techniques. In order to accurately deliver the results, we analyze about 7 million spam messages. In case you missed our previous reports, please have a look on our testing methodology before proceeding with this new article.

Week in review: April 9 - 15

1. EMAIL  makes a comeback in Viagra advertisements

This week, the word EMAIL managed to climb back to the top after one single week of absence. Spelled both as EMAIL and E-MAIL, the word has been identified by the BitDefender spam analysts in messages associated with medicine advertisements.

Spelled as EMAIL, the word is mostly encountered in messages emerging from WebMED, yet another online shop for counterfeit sexual enhancements such as Viagra, Cialis and Levitra.

The word E-MAIL has also been identified in online pharmacy advertisements, but this time, they are associated with the Canadian Pharmacy business.

The spam message itself is designed to impersonate a legitimate newsletter sent from Microsoft's popular service MSN. The template features the same disclaimer along with the "mandatory" unsubscribe link.

2. The French package: VOUS, POUR, SUR, LES & VOTRE

French spam is on the rise again: this week's spam map reveals higher proportions of the above-mentioned French words. They are frequently encountered in spam messages related to the Canadian Healthcare business. Given the fact that most of Canada's population is speaking both English and French, it is possible that the French version of the newsletter to be actually targeted to the respective market.

3. PLEASE Unsubscribe, only  if you can

The word PLEASE has been detected by BitDefender's spam analysts in unsolicited messages alos advertising Canadian Healthcare products (sexual enhancement pills that probably haven't passed the FDA approval). All the analyzed messages in this spam stock feature the old but efficient Unsubscribe trick, but what's particularly interesting is the fact that the spammers took the same approach the Celebrity Gang did some time ago. They make heavy use of front-page celebrities and they place them in situations highly unlikely to occur.

4. CLICK here for knock-off Viagra, Cialis and Levitra

Most of the spam received this week via BitDefender's network of honeypots seem to be closely related with miscellaneous online medicine stores, especially Canadian Pharmacy and Canadian Healthcare. The former business is also responsible for the forged health.com newsletter, a modified template with plenty of links - all of which lead to the same 6-letter domain name registered with a Chinese top-level domain name.

5. Add more COLOR to your sex-life. HEX-coded, that is.

The word COLOR made an all-time premiere in our weekly spam top. His presence is justified by a large-scale HTML coding error in the spam template. This message advertises the services of a Taiwan-based online sex-shop, but somehow the HTML code itself is not parsed, but rather displayed as plain text. Although the word COLOR is pretty prominent in our weekly map, the message count is not uncommonly large - the keyword just occurs more time in each analyzed message, as seen in the screenshot below:

What's new in the spam landscape?

 

• French spam is on the rise again, mostly because the Canadian Pharmacy / Canadian Healthcare businesses send their messages in both French and English.
• Celebrity spam is becoming more and more popular. Eminem, Britney Spears and Kelly Clarkson are used as bait for unsolicited messages advertising miscellaneous medical products.