The Spam Omelette #21
Normal
0
false
false
false
EN-US
X-NONE
X-NONE
MicrosoftInternetExplorer4
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:”";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:”Calibri”,”sans-serif”;}
Week in review: April 2 – 8
1. Spam disguised as NEWSLETTERS
In order to better trick the user into opening
messages coming from unknown senders, most of this week’s spam came disguised
as legitimate newsletters. The BitDefender spam researchers identified the word
in waves allegedly coming from Health.com. As soon as the user authorizes
images from the sender, they would be presented with the Canadian Pharmacy
offerings (sexual enhancement drugs that did not pass the FDA validation).
This specific spam campaign relies on multiple
templates and mail subjects to lure users, although the Canadian Pharmacy
images are located on a single web address.
2.
PLEASE, let me take all your money
Interesting enough, the word PLEASE has been
once again detected in spam messages promoting advance-fee fraud schemes. This
week’s spam wave comes from Miss. Marcelin Patrick, which promises 20 percent
of a huge amount of money in exchange of your personal data. Of course, the
money would never get to the recipient, but it is for sure that the victim will
suffer significant financial loss.
3.
French advertising: Voulez VOUS extra spam?
Following the German examples we offered a
couple of weeks ago, French spam is also escalating at alarming rates. The word
VOUS (polite term for YOU) has been spotted on this week’s
spam map, but was not identified in the actual message body of any mailing.
Instead, it is added as HTML comments to compensate for the lack of text
content in image-based spam.
4.
Fake UNSUBSCRIBE links for fake newsletters
Ranking fourth in our weekly spam top, the
word UNSUBSCRIBE has been identified in spam messages impersonating legitimate
newsletters. However, clicking this type of links would only confirm spammers
that your inbox is operated by a human, therefore you’re eligible for extra
unsolicited mail.
5.
EMAIL contents now available online
Ranking last in this week’s spam top, the word
EMAIL has been identified in spam messages also coming from Canadian Pharmacy.
Disguised as legitimate newsletters, these messages offer a link to an online
version of the content, should spam filters block essential pictures in the
mailing.
What’s new in the spam landscape?
-
French spam has gained significant
ground; words such as VOUS, LES, QUE, PAS and CLICQUEZ are now visible in
different proportions on the spam map. Most of the text is introduced as junk
HTML comments to trick spam filters. -
Easter E-Cards carrying malware: malware
authors are already taking advantage of the upcoming Easter holiday in order to
spread infected binaries amongst computer users.
As the user tries to claim their unsolicited
Easter cards, they are randomly infected with generic Trojan able to plant
subsequent malware on the compromised systems.
About The Author
