The Spam Omelette #10

1. Clicks
in exchange of OEM software

Ranking first in this week’s spam top, the word “CLICK” has been
detected by the BitDefender spam researchers in an e-mail wave promoting OEM
applications. This special kind of software can only be retailed to customers
who buy new computers or hardware components. 
Although these pieces of software are fully-functional applications,
they are dramatically discounted because of various partnerships between
hardware and software vendors.

However, retailing OEM
copies infringes the End-User License Agreement, so any OEM license bought illegally
may not function on your computer, or may even be disabled by the vendor.

2. Back
to EMAIL

The word EMAIL ranks
second this week and is mostly encountered in spam messages related to the
PowerGain + drug business. Such messages perfectly imitate legitimate
newsletter sent by legitimate companies. Spammers even add instructions about how
users can remove themselves from the mailing list, although the links are fake
and won’t do anything but confirm that the spam message arrived in a valid
inbox.

While most of the
analyzed emails in this spam wave come with explicit, sexually-related subjects,
spammers also use social engineering tactics in order to convince the user open
these messages.

3. The
fake UNSUBSCRIBE link

Adding a forged & malicious
unsubscribe link to spam messages seems to have become a fully fledged standard
in the spam industry. Spammers rely on this trick not only because this means
extra text to the actual image-based message (which allows spam to bypass
Bayesian filters), but this approach actually helps them tell what mail
addresses on their mailing lists are still in use and which ones have been
abandoned.

4. More
Info? What about some spam instead?

Although the word  INFORMATION is relatively smaller than the
previously-mentioned top terms in spam, it has been identified in the same
forged disclaimers we have been previously talking about. The inconsistency
proves that  the spam organization keeps
on advertising the same product, but changes the email template to mislead
unwary receivers.

5. New
PROMOTIONAL offers from Poker Savvy

Although the winter
hollidays are long gone, Poker Savvy still keeps on sending promotional offers
for its potential customers. The company has a long history in spamming users’
mailboxes, but it recently increased the amount of spam they pump up daily
through their email marketing agency partner, bronto.com.

What’s new in the spam landscape?

PowerGain+ is
currently the top spammer of the week. It uses hundreds of templates and a wide
array of subject messages to lure users into opening unsulicited messages.
Their advertising is as pestering as the now-dead Canadian Pharmacy business,
and we expect to see even more spam 
coming from them in the following weeks.

Just as the winter
shopping spree came to an end, product spam collected via BitDefender’s
honeypot network  dropped significantly, but
did not fade away completely.