Malware City/Blog/

Jul
23
Filed Under:
ALERTS

The Spam Omelette #34

23 July 2009
Welcome to a new issue of our Spam Omelette, the weekly review focused on the latest trends in the spam industry. Before moving forward with the material, please take a look at our testing and map generation methodology, as explained in our first issue.

spam

 

1.    Medicine spam signed WebMD


It seems like the Tedroo  Trojan horse is still hard at work sending millions of spam messages abusing the WebMD logo. For the second time this month, the word WebMD tops as the most used term in worldwide spam in messages advertising sexual enhancements from infamous online webshop Canadian Pharmacy.

 

web medicines

 

 

These messages impersonate a legit newsletter coming from WebMD, an online magazine focused on healthcare news. The newsletter has been partly modified to include a central picture of Canadian Pharmacy offers.


2.    Forged PRIVACY statements


Ranking second in this week’s spam top, the word PRIVACY has been detected by BitDefender’s spam researchers in messages advertising medicine products in the form of legitimate newsletters. While this technique is widely spread among spammers, this week’s spam wave abusing the word PRIVACY is using message subjects mentioning celebrity names associated with promiscuous activities. The approach is similar with the modus operandi of the Celebrity Gang, a group of cyber-criminals that use high-profile Hollywood stars to spread malware.

 

Privacy
 
 
 

 

3.    Knock, knock, it’s the eCard!

The word eCard has been detected in spam waves announcing the user that they have received a Hallmark eCard from “a friend”. Although the spam message features all the design elements of an eCard announcement from Hallmark, the embedded link leads the user to an infected executable file called eCard.exe. Once executed on the local machine, the binary file would start downloading other e-threats, including rogue AV software.
 
ecard
 
 
4.    eMail, eCard, eBay

Ranking fourth in this week’s issue of the Spam Omelette, the word eBay has been detected in phishing messages attempting to trick users into disclosing their eBay credentials.
 
 
ebay
 
5.    MESSAGE from spammers with love

The word MESSAGE concludes this week’s spam top and has been detected mostly in unsolicited mail coming from Canadian Pharmacy. Disguised as a legitimate newsletter, the link contains a centrally-aligned picture of the current Canadian Pharmacy offering. The message comes with a footer disclaimer and even includes a link to a text-only version optimized for mobile / Blackberry platforms, a clear sign that spammers are concentrating their efforts in broadening their victim base.
 
message
 


 
 
 

 


RELATED INFO:
SPAM REVIEW


By Bogdan Botezatu
Bogdan never trusts anything until it is disassembled into small pieces and carefully inspected. The passion for writing and the almost obsessive attention to details are some of his greatest qualities and, at the same time, some of his greatest flaws.

Related

21-07-2009 | Twitter Koobface infections rocket skyward

14-07-2009 | Twitter Koobface spreads unhindered

13-07-2009 | Facebook Malware Now Attacking Twitter Accounts

13-07-2009 | Bank of America sends electronic Customer Forms?

Comments:

Terry Gill said on Jul-29-2009 21:55

Most informative

Comment on this

Name:

Email:

Website:

Your email adress will not be published.