The Spam Omelette #35
/* Style Definitions */
mso-padding-alt:0in 5.4pt 0in 5.4pt;
1. Privacy beats expectations: it
Ranking first in this week’s
issue of the Spam Omelette, the word PRIVACY has been detected in unsolicited
mail impersonating legitimate newsletters. Most of these messages feature a Canadian
Pharmacy advertisemen t and make use of social engineering tricks such as
catchy message subjects in order to reach out to recipients.
A second batch of Canadian
Pharmacy spam is using celebrity names in the mail subject, a technique
resembling the Celebrity Gang approach. This week’s celebrity name popping out
from the charts is Avril Lavigne, as shown in the screenshot below.
2. On broken UNSUBSCRIBE links
The word UNSUBSCRIBE is also
encountered in spam messages impersonating newsletters. And, since the
technique is old and not quite successful in tricking users anymore, spammers
have added an extra spark of interest by abusing Michael Jackson’s name. This
batch of newsletters claims to provide the
proof that Michael Jackson had been killed. In order to view the proof,
the user needs to accept the embedded image, which turns to be the same
Canadian Pharmacy ad. As usually, any link embedded into the message (including
the Unsubscribe option) takes the user to a clone website of Canadian Pharmacy.
3. Email is back on top
Ranking third in our weekly spam top, the word EMAIL has
been detected by the BitDefender spam analysts in a wave of messages allegedly
coming from FedEX. The spam message announces the recipients that they are to
receive a package of significant value but they cannot be reached. In order to
get the parcel on time, they have to fill in a form and send it to a non-FedEX
webmail address. The disclosed information may then be used by scammers for
identity theft or other illegal and damaging activities.
4. The missing LINK
The word LINK – this week’s newcomer in the Spam Omelette
top – has been detected in a wave of unsolicited mail also advertising Canadian
Pharmacy products. The message itself contains the text Your Link and a URL leading to a compromised webpage. A closer look
on the message reveals that this Canadian Pharmacy campaign makes use of
legitimate domains (which have been broken into) in order to perform the
redirect to the Canadian Pharmacy website.
In order to bypass Bayesian spam filters, the message
contains a significant amount of text inserted as HTML comments.
5. SUBSCRIBE to spam now!
The word SUBSCRIBE concludes this week’s spam top and has
been identified in multiple waves of unsolicited mail impersonating
newsletters. Although these messages feature distinct mail subjects, they use
the same template with a central image displaying the current Canadian Pharmacy