The Spam Omelette #44
in review: September 23 – 30
don’t go to college!
Ranking first in this week’s issue of the Spam Omelette, the
word PLEASE has been detected in
multiple spam waves advertising miscellaneous products – from the “regular”
Canadian Pharmacy pills to quick and dirty get-rich schemes or even academic
Although Canadian Pharmacy spam messages abusing the word PLEASE are still flowing, we’ll focus
on a different type of unsolicited mail, namely the diploma spam samples
collected by BitDefender via its network of honeypots.
Diploma spam is hardly new around the block: The user is basically asked to pay
a fee in exchange of a sheet of paper stating that the victim has graduated an
obscure (and most of the times unrecognized) learning institution. However,
this specific spam wave is highly targeted – it includes the recipient’s first
name, which means that spammers behind this business have access to a database
of persons and their associated e-mail addresses (probably purchased on the
black market or even compiled to include users subscribed to miscellaneous
services). Once again, pay extra attention when you are required to sign up for
using a free service!
Pharmacy disguised as WebMD
Ranking second in this week’s spam top, the word WebMD
has been detected in messages advertising sexual enhancements from
infamous online webshop Canadian Pharmacy. These messages impersonate a legit
newsletter allegedly signed by WebMD, the online resource on healthcare news.
The newsletter has been partly modified to include a central picture of
Canadian Pharmacy offers. This type of messages are mostly sent by the Tedroo Trojan horse, a spam-sending bot.
here. We’ll take care of the rest!
The word CLICK has been detected in multiple spam waves
related to world’s top spammer, the Canadian Pharmacy. Disguised as a sales
confirmation from Walmart, the message features a central image with the
Canadian Pharmacy offering. The spam message also contains a link to
unsubscribe, but clicking it would only take the victim to the webpage-version
of the newsletter.
scams lurking in the dark
The 15th of September is usually the day when
United States citizens file the tax return papers for the previous year. Just
like any important event, the tax return day did not go unnoticed for spammers,
who started a malware attack using links to ZBOT infected binary files.
The message allegedly sent by the Internal Revenue Service
asks the victim to review their tax statement by following an embedded link.
However, when clicking the link, the user would actually start downloading an
executable file infected with Zbot, an extremely dangerous piece of malware
with rootkit capabilities. For more information about IRS-related scams, please
me from spam newsletters
Ranking last in this week’s
issue of the Spam Omelette, the word UNSUBSCRIBE has been detected in
unsolicited mail also coming from Canadian Pharmacy. The message allegedly
allows the user to unsubscribe from the mailing list, but clicking any of the
unsubscribe links would only take the user to a Chinese web domain advertising
sexual enhancements from Canadian Pharmacy.