Print | Send on Yahoo! | PDF version | RSS | Filed Under: SPAM REVIEW

The Spam Omelette #25 – Medicine Spam Still Powering Up

Welcome to the Spam Omelette, BitDefender’s weekly newsletter on the latest spam trends and techniques. In order to accurately deliver the results, we analyze about 7 million spam messages. In case you missed our previous reports, please have a look on our testing methodology before proceeding with this new article.

Week in review: May 6 - 13

 

1. WebMD: two-week run as top word in spam

Ranking first in our spam top for two weeks in a row, the word WebMD has been identified by the BitDefender spam researchers in unsolicited advertisements coming from the Canadian Pharmacy business. Unlike the previous week spam waves that directed users to URLs built around the "Pfizer" brand, the fresh message batch sends those who click on the embedded links to domains composed of the words "new", "pharmacy"and "nine".

This type of spam uses only two distinct mail subjects with multiple variations in the discount percentage, as seen in the image below:

As usually, all the hyperlinks included in the mail's body have been tampered with in order to take the user to the Canadian Pharmacy website.

 

2. Canadian Pharmacy hates PRIVACY

Ranking second in our weekly spam top, the word PRIVACY has mostly been detected in messages also coming from the Canadian Privacy business. Impersonating a legitimate newsletter sent by the Health Central service, the actual message has been tampered with and all embedded links have been redirected to Canadian Pharmacy website clones.

 

3. Awaiting important MESSAGES? How about some spam instead?

The word MESSAGES has been identified by the BitDefender researchers in multiple spam waves, this week's largest wave of unsolicited mail abusing it is a classical Nigerian / identity theft scam. Just as usually, the recipient is presented a long and complex message aimed at gaining their confidence. In order to complete the picture, the scammer throws in a large amount of money that would be to the user's disposal as soon as he / she sends in some ID card / driver's license copies to a specific fax number.

Once replied, these scams can have devastating effects on the conned user, including identity theft, prejudices to the banking balance and even incidents with the international law enforcement organizations.

 

4. UNSUBSCRIBE tips and tricks

As we discussed in our previous issues of the Spam Omelette, unsubscribe links are often tampered with to take the user right on the advertised web page, or worse, to an unsubscribe form where personal data is collected and abusively logged in a spam / identity theft database.

Online medicine retailers such as Canadian Pharmacy and PowerGain+ are two of the most important spammers out there that heavily rely on unsubscribe links in order to deceive their recipients

 

5. Contact spammers back via MSN

The word MSN ranks last in this week's issue of the Spam Omelette, and is frequently used in a less usual spam campaign. The Japanese spammer advertises the services of an electronics online store, especially heavily discounted iPhone devices. Orders are taken via two disposable e-mail addresses  registered with Yahoo and MSN, respectively.