The Spam Omelette #6

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:”Calibri”,”sans-serif”;}

This week’s spam review is
dedicated to the upcoming winter holidays, as Christmas offerings and malicious
winter greetings already showed up across our honeypot network.

1. PLEASE, fall for this malware scheme

Just as we got used in our
previous spam omelette issues, the word PLEASE is always a champion. It occurs
in about 96 percent of all the spam e-mail messages received by the BitDefender
labs. This time, the word is mostly present in a spam campaign directing users
to a fake e-card website. Unwary users visiting the compromised website might
get infected with the Srizbi bot.

2. FedEx starts shipping gifts by EMAIL

Ranking second in our weekly top,
the word EMAIL is present in an advance-fee scam that uses the FedEx brand to
trick users into authorizing online payments for an alleged present sent by a
third party. The spam message announces the victims that they had been sent a
package that is worth about $62,000, along with other substantial goods, but
they have to pay in advance about $210 for processing, handling and shipping.

Just as a quick note, the FedEx
brand has been subject to abuse back in August, when a group of malware authors
started spreading zBot-infected attachments impersonating delivery invoices.
You can read more about the August campaign here.

3. CLICK,
click, you’re dead

Clicking on links is extremely
common among computer users – so common that, sometimes, all the spammer has to
do is provide a clickable link and hope that the message will not end up in the
trash can. BitDefender researchers identified that the word click is mostly
present in a spam campaign advertising prescription-based sexual enhancing
pills.

The message subject is extremely
irrelevant for the user, as it reads “1 New message foor you”. This way, the
spammer gives no hint about what the message really contains, so curious users
are forced to open it up anyway.

More than that, the message body
contains extra sentences that bring no other details about the advertised
products, but help the message trick the Bayesian spam filters.

4. NEW,
as in New Year’s Eve

The word NEW has been with us in our weekly top since the
beginning. This time, however, it does not advertise recently-introduced
products and services, but it rather refers to suitable gifts for the New
Year’s Eve.

This specific spam campaign advertises replica watches,
cheap Rolex knockoffs that won’t surely live up to the spammer’s praise (that
is, if they ever get to you after you authorized the online payment for the
items).

5.
CHRISTMAS
discounts are here

Spammers are also tuning in to the spirit of Christmas and
have already started spreading the word about massive discounts for “the
perfect Christmas present”. This time, users are promised Bvlgari watches at
bargain prices, but everything they are going to get is the same cheap
knock-off timepieces we talked about earlier in this week’s analysis.

 

What’s new in the spam landscape?

Just as we predicted in our previous issue of the Spam
Omelette, product spam messages and forged, infected  e-cards are on the rise again as we are
getting closer to the winter holidays. Non-English spam reduced considerably
over the last two weeks, along with image-based spam (this does not apply for
the Canadian Pharmacy spam, however).