Print | Send on Yahoo! | PDF version | Feed RSS | Filed Under: SPAM REVIEW

The Spam Omelette #31

Date: 06/24/2009
Author: Bogdan Botezatu

Welcome to a new issue of our Spam Omelette, the weekly review focused on the latest trends in the spam industry. Before moving forward with the material, please take a look at our testing and map generation methodology, as explained in our first issue.

Spam 31

1. CLICK here to see what happens

Dominating this week's spam top, the world CLICK has been spotted in unsolicited messages sent by Canadian Pharmacy. Just as we got used to in the past weeks, the messages come with catchy email subjects in order to lure the user into opening the message. Although the sender's name appears in full in all the messages belonging to this wave, the message headers have been spoofed to forge the sender's address.

Click spam

2. PLEASE open this! You'll only get infected

Ranking second in our weekly top, the word PLEASE has been identified in multiple spam campaigns, including the ill-fated Canadian Pharmacy. Besides the well-known spam messages coming from these medicine webshops, the word has also been spotted in messages apparently coming from Hallmark. However, instead of the promised e-card, the user gets a malicious binary that opens the doors for subsequent infections (especially rogue antivirus software).

Please spam

3. Important EMAIL from Canadian Pharmacy

Canadian Pharmacy is back on track with a series of spam messages impersonating legitimate newsletters. As usually, the spammer took a HTML template from a legit mailing and added a relevant picture linked to a China-hosted Canadian Pharmacy clone.

Email spam

4. UNSUBSCRIBE from spam, but only if you can!

Ranking fourth in this week's spam top, the word UNSUBSCRIBE has been spotted in multiple spam campaigns also originating from Canadian Pharmacy.

 

unbscribe spam

 

The messages are mostly imitating legitimate newsletters and feature unsubscribe links. However, clicking these links would not unsubscribe the recipient from the mailing list, but rather lead them to a Canadian Pharmacy clone.

5. Spam at your SERVICES

Ranking last in this week's issue of the Spam Omelette, the word SERVICES has been identified by BitDefender's spam researchers in messages promoting  prescription-based drugs. To be more specific, the word is not part of the content, but rather of the message disclaimer, as the spammer uses a newsletter template.

services spam

 

Share our story:
DiggStumbleUpondel.icio.usYahooMyWebFurlGoogle

Comment on this:
Name:
Email:
Your email address will not be published!

Please enter the code from the image below.
The code is not case sensitive
Verification Image
Reload image
 
 
Calendar
March 2010
MoTuWeThFrSaSu
1234567
891011121314
15161718192021
22232425262728
293031    
« Feb March Apr »
Tag Claud
security spam review system canadian twitter infected rogue messages word bitdefender files malware data exploit downadup file windows antivirus software message omelette microsoft worm online conficker virus computer trojan pharmacy