The Spam Omelette #29

1024×768

Normal
0

false
false
false

EN-US
X-NONE
X-NONE

/* Style Definitions */
table.MsoNormalTable
{mso-style-name:”Table Normal”;
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:””;
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin:0in;
mso-para-margin-bottom:.0001pt;
mso-pagination:widow-orphan;
font-size:10.0pt;
font-family:”Calibri”,”sans-serif”;}

Week in review: June 3 – 10

Deeper analysys of this week’s spam stock
reveals that this week’s top five words used in unsolicited messages is
relatively similar to the one we reviewed in the May 27 – June 3 timeframe.
Give the fact that we already described spammers’ techniques, we won’t insist
on that, but rather describe some really interesting additions to the spam
landscape.

 

1. Canadian Pharmacy under disguise

One of the most important and persistant
spammers out there, Canadian Pharmay has taken yet another approach at
delivering their messages straight into users’ inboxes. Already notorious for
impersonating legitimate newsletters such as those coming from WebMD, the new
Canadian Pharmacy templates offer little details on what actually the mail is.
However, as the user clicks on the unsubscribe link or tries to find out more
about the sender, they are presented another clone of the Canadian Pharmacy
website.

 

2.
Portugese Curriculum Vitae received by mistake

 Although this is not qute the newest approach
in spam, the following wave surely is interesting. The message is written in
Portugese and allegedly contains an attached curriculum vitae of a person named
Michele Gomes.

 At a
glance, the recipient is manipulated into believing that the sender misspelled
the e-mail address of the sender. However, the message does not contain any
attachments, but rather a URL to an infected binary. The curriculum.doc keyword
links actually to curricullum.scr, an executable file detected by BitDefender
as Trojan.Heur.A090F1E4B4.

 Once the file is execute, it would connect
remotely to an Internet resource, then try to download and install a
spam-sending bot, among others.

 

 

 

3. Product spam back on track

Mostly active during the holliday shoppinbg
season, product spam has been flying under the radar dropped during the first
half of this year. This week’s surprise comes from Diamond Replicas a
China-based online retailer of knockoff watches. The message’s headers have
been forged to look as if the originating account is the recipient account
itself.

 

What’s new in the spam landscape?

• German words are back in the spam
  map, thus indicating that spam targeting German-speaking countries is on the
  rise again.
• Social engineering used as means
  of infection: the curriculum-vitae trick described above relies on users’
  curiosity to trick them into opening the .scr file. More than that, because of
  the fact that the attachment poses as a .doc file, few users would actually
  suspect that it is a malicious executable file.