Malware City/Blog/

Feb
26
Filed Under:
SPAM REVIEW

The Spam Omelette #58 – On Medicine and Online Gambling

26 February 2010
Welcome to this week’s issue of the Spam Omelette, BitDefender’s report on spam trends and techniques. If you happen to have joined later our newsletter, please do have a look on our testing methodology and spam map generation procedures before reading any further.

Week in Review: February 17 - 24

Spam Omelette 58 - Spam Review

1. The RIGHTS  to spam you

Ranking first in this week's issue of the Spam Omelette, the word RIGHTS is mostly found in messages advertising Canadian Pharmacy products in a newsletter-like form. The word is part of the footer disclaimer that also includes a random 5-digit number. Upon clicking any of the embedded links, the user will be redirected to a clone of the Canadian Pharmacy website.

The Rights to Spam


2. READING - a dangerous hobby

The word READING is placed second in the spam top for the last week and has been mostly detected in messages advertising a wide range of pharmaceuticals, especially sexual enhancement pills and prescription-based drugs. In order to conceal their identity, spammers have modified the message headers prior to sending them.

Reading is a dangerous Hobby

3. VIEW your spam online

The word VIEW has been identified by the BitDefender spam researchers in messages also advertising Canadian Pharmacy products. The word appears as part of an alternative text to be displayed when the spam image is blocked by filters. Upon clicking on any hyperlink included in the message, the user will be redirected to a Canadian Pharmacy website clone. Interesting enough, this week's Canadian Pharmacy spam links forward the user to Canadian Pharmacy websites hosted in Russia, rather than China, as usually. Even more, it seems that the domain names hosting these clones are made up of two-word combinations (such as woodyear, lengthgame etc), rather than of random six-to-eight digit numbers.

VIEW your spam online


4. The BROWSER knows its way

The word BROWSER takes the fourth place in this week's issue of the Spam Omelette and is also encountered in alternate texts displayed to the user when the spam image is blocked by filters. This specific wave of medicine spam features one centered image depicting this week's offering. Unlike conventional image spam, this wave embeds images hosted on various image sharing websites.

The BROWSER knows its way

5. You can RUN, but you can't hide from spam

The word RUN concludes this week's issue of the Spam Omelette. It has been detected in spam messages advertising online casino Jackpot games. The message simply includes a link to the online casino, which is also the relevant part of the spam message. In order to trick Bayesian spam filters that would actually label a one-link-only message as junk mail, spammers have added extra text that make no sense after a variable number of whitespace lines.

You can RUN, but you can't hide from spam



By Bogdan Botezatu
Bogdan never trusts anything until it is disassembled into small pieces and carefully inspected. The passion for writing and the almost obsessive attention to details are some of his greatest qualities and, at the same time, some of his greatest flaws.

Related

02-02-2010 | The Spam Omelette #57 – On Twitter Spamming Tools and Russian Pharmacy

20-01-2010 | The Spam Omelette #56 – On Discounted Windows 7

07-01-2010 | The Spam Omelette #55 – Canadian Pharmacy Takes it All

14-12-2009 | The Spam Omelette #54 - On Canadian Pharmacy and Christmas Discounts

Comment on this

Name:

Email:

Website:

Your email adress will not be published.