The Spam Omelette #61

Week in review: April 14 – 21

1. CLICK the link

The word CLICK has been a common presence in the spam landscape ever since the first issue of the Spam Omelette. After a long absence it now returns as number one in spam messages advertising cheap replicas of watches and other accessories. This specific spam wave relies on text and hyperlinks, and not on images, since the latter are more likely to end up snatched by spam filters.

2. UNITED in spam

Ranking second in this week’s issue of the Spam Omelette, the term United (as in United States) has been mostly detected in messages sent by Canadian Pharmacy. These spam mails contain a central image with the offering, followed by a large amount of “junk” text to make it look more legit. All the links embedded in the message, including the unsubscribe and privacy statements, have been forged to lead the user to a Canadian Pharmacy clone.

3. MESSAGE from the Russian Bride

The word MESSAGE is placed third in this week’s spam top and has been detected by the BitDefender spam researchers in unsolicited mail advertising a wide range of sexual enhancements and diet pills. The message uses social engineering tricks (an alleged message sent by a woman) in order to make the user click on a link to a blog hosted either on live.com, or on livejournal.com.

4. PRIVACY promises never kept

Ranking fourth, the word PRIVACY is mostly present in spam messages using the classical approach of impersonating newsletters. This medium-size spam wave relies on a standard HTML template with a central image, as well as a couple of hyperlinks that lead the user to a Canadian Pharmacy page. Since these clones are usually taken down for abuse, and the e-mailed links might not work anymore, cyber-criminals use the links of a couple of legitimate (yet hacked in websites) to perform the redirects as needed. As soon as all the Canadian Pharmacy links in a batch are down, they set up new domains and update the HTML redirectors on the compromised webpages.

5. MICROSOFT, top pick in cracked software

Popular trademark MICROSOFT concludes this week’s spam top, and has been identified in multiple spam waves advertising heavily discounted software titles available on miscellaneous e-stores. Although they are presented as OEM applications, they are in fact cracked copies, which makes them not only illegal, but also dangerous for the user, given the fact that most cracks and keygens are   swarming with malware.