Print | Send on Yahoo! | PDF version | RSS | Filed Under: SPAM REVIEW

The Spam Omelette #23 - French Spam on the Rise

Welcome to this week’s issue of the Spam Omelette, BitDefender’s report on spam trends and techniques. For 20 weeks now, we have been investigating what’s new in the spam landscape, but if you missed our previous reports, please have a look on our testing methodology and spam map generation procedures before proceeding with this new article.

Week in review:  April 22 - 29

 

1. French spam tops expectations

This week's spam landscape witnessed an unexpected surge in French messages. This week's undisputed champion in spam mail is the French word VOUS (the polite form for YOU). BitDefender spam researchers identified the word in unsolicited mail advertising an alleged raffle. Users who participate are allegedly eligible to win a complete world tour. Other spam words of French origins are VOTRE (your), LES (the), and POUR (for), all encountered in the same spam campaign.

 

2. EMAIL ranking second to the spam party

The word EMAIL is undoubtedly a common presence in our spam top. This week, the word has been identified in multiple spam campaigns including email harvesting, medicine advertisements and Nigerian scam messages.

The first spam wave tries to harvest as many valid email addresses as possible via a simple, yet interesting social engineering trick: friendship  / love relationship proposals. The message allegedly comes from Eva, a teenage girl from the Soviet block. All the user has to do is reply to a specific address and then wait to be contacted back.

This strategy pays off extremely well: not only that most of the average, less security-focused computer user would reply and help the spammer gather valid messages, but also help them create a male-only spam database for targeted spam (such as sexual enhancement ads). This way, the spammer is able to send their advertisements to people likely to be interested in this type of products, thus keeping the bandwidth costs to a minimum.

The second spam wave abusing the word EMAIL is an advertisement coming from the CANADIAN PHARMACY business. The message headers have been forged to look as if the mail had been sent from the own email address.

 

 

 

3. UNSUBSCRIBE from Celebrity News

Ranking third in our weekly top, the word UNSUBSCRIBE has been detected by the BitDefender spam analysts in messages impersonating newsletters. Spam disguised as newsletters was mostly specific to the Canadian Pharmacy business, but this week PowerGain+ seems to have borrowed the approach from its older sibling. In order to make messages even more appealing, spammers have blended the newsletter strategy with mail subjects containing celebrity names, just like the Celebrity gang did some time ago.

 

4. MESSAGES from ladies

The word MESSAGE has been identified in multiple spam messages announcing the user that they may meet Russian ladies by accessing an online dating site. However, the included URL would take the unwary recipient to yet another cloned webpage of the Canadian Pharmacy business. So long with romance!

5. CLICK here, if you dare!

Ranking last in this week's spam top, the word click has been detected in multiple spam campaigns advertising sexual enhancements. In order to deceive recipients, spammers use multiple email subjects, ranging from celebrity news to business proposals. All these messages include a link to a random six-letter domain name apparently hosted in China.

 

What's new in the spam landscape?

 

• French spam is on the rise again. Words such as VOTRE (your), LES (the), and POUR (for) are not only visible on the spam map, but they are also this week's top words used in spam.
• Spammers have also taken advantage of the news related to the Swine Flu in order to promote their messages. For the moment, the Swine Flu spam campaigns only contain medicine spam, but messages bundled with attached malware are also expected to appear.