The Spam Omelette #9

This week's spam landscape witnessed another major change, a sign that spammers keep on innovating in order to gain users' interest and bypass spam filters.

1. MICROSOFT gets in the spam game

It may be seem odd, but this week's number one spam word is Microsoft. Interesting enough, spam messages mentioning the Redmond-based company have nothing in common with the newly-introduced operating system, Windows 7. BitDefender spam analysts detected the word in scam messages allegedly coming from Microsoft. The unsolicited email announces recipients that they have qualified for a special, yet undisclosed "award".

The poor English (Microsoft XP Window instead of Windows), combined with an extremely unfortunate HTML formatting should be enough of a warning that the message is a scam and should be discarded immediately.

2. PRIVACY? Where?

Ranking second in our weekly top, the word Privacy has been detected in quite intrusive messages advertising cheap replica watches. The unfortunate spammers claim that the 124-bit (? -it was supposed to be 128-bit) encryption algorithms used in e-banking can prevent friends and relatives from telling the original brand from a knock-off.

3. Wanna UNSUBSCRIBE? Impossible!

The Unsubscribe trick has been in use for quite some time now, but it seems to have worked for spammers, as it is included in almost every unsolicited message received through BitDefender's honeypot network. The Unsubscribe link is extremely useful not only because it adds extra text for image-based spam to bypass Bayesian filters, but also adds extra legitimacy to an ordinary unsolicited message. The word has been identified especially in the PowerGain+ medicine campaign; in fact, the message mimics a legitimate message extremely well and even includes instructions for users whose email client blocks access to images.

The PowerGain+ spam campaign is extremely aggressive and outpaced the Canadian Pharmacy business in terms of sent messages this year. Another interesting aspect of the mentioned spam campaign is the fact that all the received messages have been forged to look as if they had been sent from the own personal mail address. Shortly put, the sender's address is always identical to the recipient's one.

4. When PLEASE means more spam

The word "PLEASE" has been identified in only one spam campaign that is part of the advance-fee scam category. The message informs its recipients that they have been chosen to receive a large amount of money (US $700,000) collected through donations. As the user tries to claim the money, they will be required to post a specific sum into an anonymous account as transaction fees.

Please remember: if a message contains information that sounds too good to be true, it probably is, and you should discard the message immediately.

5. CANADIAN Pharmacy strikes back in new form

Once known as the biggest spam source in the world, Canadian Pharmacy slowly shrunk to disappearance (December 2008 and early 2009, probably affected by the dissolution of the Storm Botnet), but it now strikes back under a new moniker:  Canadian Health & Care Mall. The message count is still diminutive as compared to its predecessor, but we expect it to grow larger in the following months.

What's new in the spam landscape?

Apart from the "regular" presences in our weekly top, BitDefender antispam analysts identified yet another kind of spam messages that use social engineering techniques to steal unwary users' identities.

The message announces the receiver about an alleged class reunion event, but as they try to squeeze more information from the embedded link, they are presented with a fake login page asking them to input sensitive personal data.