Malware City/Blog/

Apr
12
Filed Under:
SPAM REVIEW

The Spam Omelette #60 - on Cheap Replicas and OEM Software

12 April 2010
Welcome to a new issue of our Spam Omelette, the weekly review focused on the latest trends in the spam industry. Before moving forward with the material, please take a look at our testing and map generation methodology, as explained in our first issue.

Spam Omelette 60

1. MESSAGE in a bottle

The word MESSAGE ranks first in the 60th issue of the Spam Omelette and is mostly found in unsolicited mail coming from world’s No. 1 spammer, Canadian Pharmacy. Just like in the past, these messages are disguised under the mask of legitimate health newsletters for extra credibility. The message features a centered image with the current offering. However, since most spam filters based on Bayesian block messages containing specific words if they are excessively used, spammers have added a large piece of “junk” text to trick these filters into labeling spam as legitimate.

Message Spam

 

2. CLICK here for more spam!

Ranking second in this week’s spam top, the word CLICK has been also identified in messages coming from Canadian Pharmacy. It is part of the alternative, text-based description of the spam image, which is displayed when the e-mail client blocks it. Interesting enough, if the user clicks on the link, they will be redirected to a clone of the Canadian Pharmacy through a series of compromised (but legitimate) websites hosting a JavaScript redirection HTML page.

Click Spam

 

3. PRIVACY at risk

The word PRIVACY is placed third in this week’s issue of the Spam Omelette and has been detected by BitDefender’s spam researchers in messages advertising sexual enhancements. This specific spam wave uses a MSN newsletter HTML template that has been modified to accommodate an image-based ad and a couple of links to one of the Canadian Pharmacy online stores.

Privacy Spam

4. FIRST date, second-hand watches

The word FIRST has been detected in a massive wave of product spam, advertising cheap replicas of designer watches. This specific wave relies exclusively on text and hyperlinks. As the user clicks the recommended link, he /she will be redirected to http://ou*****.ru/secure.php?cmd=home, a Russia-based online store advertising a wide range of counterfeit accessories. As a rule of thumb, you are advised to never purchase products advertised through spam using your credit card.

 

First Date Spam

5. Cracked MICROSOFT software packed as OEM

Brand name Microsoft concludes this week’s top of spam words. Ranking fifth, it has been mostly detected in unsolicited mail advertising “OEM software” at massively discounted prices. However, this bargain hides a means of illegally selling “cracked”software (commercial applications that have been tampered with in order to circumvent their protection scheme). 

Cracked Microsoft Spam





By Bogdan Botezatu
Bogdan never trusts anything until it is disassembled into small pieces and carefully inspected. The passion for writing and the almost obsessive attention to details are some of his greatest qualities and, at the same time, some of his greatest flaws.

Related

04-03-2010 | The Spam Omelette #59 – on Fake Rolex and Diplomas

26-02-2010 | The Spam Omelette #58 – On Medicine and Online Gambling

02-02-2010 | The Spam Omelette #57 – On Twitter Spamming Tools and Russian Pharmacy

20-01-2010 | The Spam Omelette #56 – On Discounted Windows 7

Comments:

lussia said on Sep-14-2011 04:51

Really good post, very useful!

Comment on this

Name:

Email:

Website:

Your email adress will not be published.