Print | Send on Yahoo! | PDF version | RSS | Filed Under: SPAM REVIEW

The Spam Omelette #24 – Medicine Spam Taken to New Heights

Welcome to the Spam Omelette, BitDefender’s weekly newsletter on the latest spam trends and techniques. In order to accurately draw the spam chart, we analyze about 7 million spam messages. In case you missed our previous reports, please have a look on our testing methodology before reading any further.

Weel in review:  April 29 - May 06

 

1. Meet WebMD, Medicine Doctor

Medicine spam is once again on the rise with the advent of the new campaigns impersonating legitimate e-mails from WebMD - in fact another invasion from the infamous Canadaian Pharmacy business. Rebranded as 911 Pfizer (the original inventor of Viagra), the online medicine business also changed its looks: while the previous spam campaigns were mostly based on text messages written in a coloquial manner (as if the message were sent by a friend), this time the analyzed spam stock revealed that the spammers mostly rely on colorful images including alt attributes.

 

As expected, the previous spam campaigns based on messages with confusing mail subjects (in an attempt to impersonate mssages from friends) still unroll, although the message count is significantly lower.

 

2. PRIVACY URLs linking to medicine websites

Ranking second in our weekly top, the word PRIVACY is also associated to the Canadian Pharmacy spam waves. The BitDefender spam analysts identified the word in messages impersonating legit newsletter with forged headers to camouflage the actual sender. All the messages in the campaign have the sender field identical to the recipient email address. Moreover, all the included liks lead the user to a random website looking like ****-pfizer.com, where **** may represent: original, real, and best

 

3. UNSUBSCRIBE Tips & Tricks

Forged unsubscribe links are hardly news in the spam lanscape, so we won't insist in detail on the technique. It would suffice to mention that most of the messages with fake unsubscribe links are sent by Canadian Pharmacy and PowerGain+ online medicine stores.

4. Piracy is one CLICK away

Ranking fourth in our weekly top, the word CLICK has been identified especially in spam messages promoting OEM software at substantially reduced prices than they usually sell for on the market.

As explained in a previous issue of the Spam Omelette, OEM software can be sold only when purchasing a new computer or a specific piece of hardware. OEM software covers both operating systems and various appliciations. Selling these products is illegal and may result in licenses and / or serial numbers being blacklisted by the manufacturer.

More than that, the download & install business model also rely on selling invalid serial numbers, cracks and patches, which is not only illegal, but also may pose a security risk to the end user (cracks and keygens are usually infected with malware).

5. PLEASE, let me take your money

While the spam messages described in this week's spam omelette are relatively harmless and may only waste some of your time, this specific wave would attempt at tricking users into disclosing sensitive e-banking credentials, thus posing a real threat to your savings.

The message impersonates a legitimate announcement from the Abbey Bank, announcing the user that they have received a message, and asking them to log into the system. Unwary users who respond the request send theri login credential to a third party that would usually empty the bank account at once.

In order to avoid such misleading messages, you are advised to use a complete anti-malware solution with antispam, antiphishing and antivirus modules.