Print | Send on Yahoo! | PDF version | RSS | Filed Under: SPAM REVIEW

The Spam Omelette #31

Welcome to a new issue of our Spam Omelette, the weekly review focused on the latest trends in the spam industry. Before moving forward with the material, please take a look at our testing and map generation methodology, as explained in our first issue.

1. CLICK here to see what happens

Dominating this week's spam top, the world CLICK has been spotted in unsolicited messages sent by Canadian Pharmacy. Just as we got used to in the past weeks, the messages come with catchy email subjects in order to lure the user into opening the message. Although the sender's name appears in full in all the messages belonging to this wave, the message headers have been spoofed to forge the sender's address.

2. PLEASE open this! You'll only get infected

Ranking second in our weekly top, the word PLEASE has been identified in multiple spam campaigns, including the ill-fated Canadian Pharmacy. Besides the well-known spam messages coming from these medicine webshops, the word has also been spotted in messages apparently coming from Hallmark. However, instead of the promised e-card, the user gets a malicious binary that opens the doors for subsequent infections (especially rogue antivirus software).

3. Important EMAIL from Canadian Pharmacy

Canadian Pharmacy is back on track with a series of spam messages impersonating legitimate newsletters. As usually, the spammer took a HTML template from a legit mailing and added a relevant picture linked to a China-hosted Canadian Pharmacy clone.

4. UNSUBSCRIBE from spam, but only if you can!

Ranking fourth in this week's spam top, the word UNSUBSCRIBE has been spotted in multiple spam campaigns also originating from Canadian Pharmacy.

 

 

The messages are mostly imitating legitimate newsletters and feature unsubscribe links. However, clicking these links would not unsubscribe the recipient from the mailing list, but rather lead them to a Canadian Pharmacy clone.

5. Spam at your SERVICES

Ranking last in this week's issue of the Spam Omelette, the word SERVICES has been identified by BitDefender's spam researchers in messages promoting  prescription-based drugs. To be more specific, the word is not part of the content, but rather of the message disclaimer, as the spammer uses a newsletter template.