Print

The Spam Omelette #3

Surprisingly enough, the top ranking words used in spam messages sent this week were encountered in non-English messages.

1. It's all about MARKETING

"Marketing" is our number one this week. Deeper analysis revealed that it mostly occurs in spam messages coming from Brazil. The spammer advertises an alleged business offer, and claims to provide the user with free training and a custom website. In order to be eligible for the offer, the target must be over 18 and to be located in Australia.

In fact, this type of scam tries to recruit unwary users to act as money and tech equipment mules. All they have to do is forward goods and money obtained through illegal activities (credit card fraud) to other destinations.

2. Yet another spam MESSAGE

The word "message" ranks second in our weekly top. It is mostly present in messages promoting Canadian Pharmacy products, such as Cialis, Levitra and Viagra. In order to avoid filters and to add extra legitimacy, spammers add short text disclaimers such as "You have received this message because you opted in to receive Colorgraphic-Com special offers via email. Login to your member account to edit your email subscription. Click here to unsubscribe. "

Users who would try to unsubscribe from the mailing list would actually confirm that their address is valid and could end up receiving even more spam.

3. Everything starts with an EMAIL

BitDefender identified three distinct spam campaigns containing the word "email". In order to draw the recipients' attention, spammers rely on inciting or even odd subjects.

Messages in the first spam campaign advertise sexual enhancement drugs that are part of the same Canadian Pharmacy business described above. The spammer attempts to fool the antispam filters by obfuscating the body text. Apart from substituting certain letters with numbers, the authors also use phonetic translations for some key words.

The second spam wave containing the word "email" also promotes prescription-based drugs, but it uses a catchy title to force the user open it. Spammers claim that they had allegedly received a home footage by mistake, and, by the time the users realize that they have been fooled, they already viewed the image.

The large amount of Canadian Pharmacy spam messages may be a sign of the rapid increase in computers infected by the Rustock.C rootkit, as they are responsible for sending this type of spam.

The third type of such messages allegedly contains a valid code for a software product, but it would only display the same ill-fated Canadian Pharmacy ad.

4. Spam TERMS and CONDITIONS

Despite the fact that both words appear in the same proportion, they are not part of the same spam campaign. BitDefender antispam analysts identified that the word "terms" appears in messages promoting job offers involving money laundering and fencing activities.

The word "Conditions" appears in spam messages written in French. This is a slight modification of the Canadian Pharmacy business, except for the fact that its main focus is not on sexual enhancing drugs, but rather on painkillers. As far as the French language is concerned, this approach makes perfect sense, given the fact that it is the second official language in Canada.

5. Spammers often say PLEASE

Spammers are not those ferocious creatures moms scare their children with. They are polite and persuasive, especially when politeness could cash in some real money. The word "please" has been identified in a spam wave targeting the Citizens Bank customers.

Building on the precarious state of the US economy, spammers ask recipients to take part in a quick survey that would bring them a $50 reward. However, once they take the bait, they are directed to a spoofed webpage that collects their banking credentials.

What's new in the spam landscape?

Product spam dropped significantly during the last week. However, medicine spam witnessed an enormous spike. Not only that the message count increased considerably, but spammers also rely on different social engineering techniques to attract users' attention.

Nigerian scams are on the rise again, although the soap-opera story told by the scammer has been considerably trimmed down. This week's guest stars in the Nigerian Scam Show are Mr. Abdul Song from the Hang Seng Bank and Mrs. Abdul Razak from Lybia.