Print | Send on Yahoo! | PDF version | RSS | Filed Under: SPAM REVIEW

The Spam Omelette #6

Welcome to the sixth issue of our Spam Omelette, the weekly review focused on the latest trends in the spam world. Before reading any further, please take a look at our testing and map generation methodology, as explained in our first issue.

This week's spam review is dedicated to the upcoming winter holidays, as Christmas offerings and malicious winter greetings already showed up across our honeypot network.

1. PLEASE, fall for this malware scheme

Just as we got used in our previous spam omelette issues, the word PLEASE is always a champion. It occurs in about 96 percent of all the spam e-mail messages received by the BitDefender labs. This time, the word is mostly present in a spam campaign directing users to a fake e-card website. Unwary users visiting the compromised website might get infected with the Srizbi bot.

2. FedEx starts shipping gifts by EMAIL

Ranking second in our weekly top, the word EMAIL is present in an advance-fee scam that uses the FedEx brand to trick users into authorizing online payments for an alleged present sent by a third party. The spam message announces the victims that they had been sent a package that is worth about $62,000, along with other substantial goods, but they have to pay in advance about $210 for processing, handling and shipping.

Just as a quick note, the FedEx brand has been subject to abuse back in August, when a group of malware authors started spreading zBot-infected attachments impersonating delivery invoices. You can read more about the August campaign here.

3. CLICK, click, you're dead

Clicking on links is extremely common among computer users - so common that, sometimes, all the spammer has to do is provide a clickable link and hope that the message will not end up in the trash can. BitDefender researchers identified that the word click is mostly present in a spam campaign advertising prescription-based sexual enhancing pills.

The message subject is extremely irrelevant for the user, as it reads "1 New message foor you". This way, the spammer gives no hint about what the message really contains, so curious users are forced to open it up anyway.

More than that, the message body contains extra sentences that bring no other details about the advertised products, but help the message trick the Bayesian spam filters.

4. NEW, as in New Year's Eve

The word NEW has been with us in our weekly top since the beginning. This time, however, it does not advertise recently-introduced products and services, but it rather refers to suitable gifts for the New Year's Eve.

This specific spam campaign advertises replica watches, cheap Rolex knockoffs that won't surely live up to the spammer's praise (that is, if they ever get to you after you authorized the online payment for the items).

5. CHRISTMAS discounts are here

Spammers are also tuning in to the spirit of Christmas and have already started spreading the word about massive discounts for "the perfect Christmas present". This time, users are promised Bvlgari watches at bargain prices, but everything they are going to get is the same cheap knock-off timepieces we talked about earlier in this week's analysis.

 

What's new in the spam landscape?

Just as we predicted in our previous issue of the Spam Omelette, product spam messages and forged, infected  e-cards are on the rise again as we are getting closer to the winter holidays. Non-English spam reduced considerably over the last two weeks, along with image-based spam (this does not apply for the Canadian Pharmacy spam, however).