Print | Send on Yahoo! | PDF version | RSS | Filed Under: SPAM REVIEW

The Spam Omelette #26 – Click Strikes Back as Top Word

Welcome to this week’s issue of the Spam Omelette, BitDefender’s report on spam trends and techniques. Before digging deeper into the matters, please make sure that you are familiar with our testing and map generation methodologies, as presented in the first issue of the Omelette.

Week in Review: May 13-20

 

1. CLICK makes a comeback in spam

The word CLICK is now back as top word in spam messages, after only one week of absence. CLICK has been identified by the BitDefender spam researchers especially in messages related to medicine spam. It seems like medicine spammers took a more discrete approach this week, advertising their products without using their favorite keywords: WebMD and Canadian Pharmacy.

A closer look on the messages reveal that this week's spam wave coming from Canadian Pharmacy uses Russian (.ru) domains in order to perform various redirects to the Canadian Pharmacy website.

As usually, the Canadian Pharmacy spammers take various approaches to make users open the messages - they add various mail subjects to make the message look as if they had been sent by friends.

2. EMAIL, the source of all evil

Ranking second in our weekly top, the word EMAIL has been identified in multiple spam campaigns advertising especially Canadian Pharmacy products and online poker casinos.

While Canadian Pharmacy and its associates are a frequent presence in our weekly spam review, PokerSavvy made a comeback with the spam wave advertising a new online gambling tour. All of Poker Savvy's spam campaigns are handled by Bronto, an allegedly respectable online marketing company.

Unlike other spam campaigns that disallow unsubscribing from the mailing list, the footer links included in the PokerSavvy spam campaigns actually seem to work.

3. It's not NEWS, it's spam

The word NEWS has been identified by the BitDefender spam researchers in messages impersonating legitimate newsletters from Health Media Ventures. However, as the user clicks on any link embedded into the message, they are redirected to one of the many Canadian Pharmacy website clones on the web.

4. PLEASE, spammers' favorite word

Ranking fourth in our weekly spam top, the word PLEASE is mostly encountered in unsolicited mail advertising Canadian Pharmacy products. These messages also come disguised as newsletters and it is really difficult to tell them from legitimate mail, except for the fact that they feature an inline image and hints at "pharmaceutical technology" (a buzzword for sexual enhancements). The mail subject seems sometimes out of place as compared to the rest of the message, but by the time the user learns it, they have already opened the message.

Just like the rest of spam related to drugs, all the links have been tampered with to lead the user on a Canadian Pharmacy page.

5. No PRIVACY for the spam victim

This week's spam top concludes with the word PRIVACY, identified by the BitDefender spam researchers in unsolicited messages impersonating legitimate newsletters from WebMD, an apporach typical to the notorious Canadian Pharmacy business. Unlike other spam templates used this week by Canadian Pharmacy, the template below has been rigged to lead users to Chinese domains.

Needless to say that the unsubscribe link is not working as it should. Instead, the user can sign up for extra newsletters coming from Canadian Pharmacy and its affiliates.