Over the past few weeks the blogosphere has been abuzz with the news that Russia has put an end to all spam.
Okay so we’re exaggerating a little.
Forgive us, we’re just trying to get into the spirit of things. Actually, the NY Times article that started it all says “the world supply of Viagra ads and other e-mail spam has dropped by an estimated one-fifth.” more »
The trend for the summer is for the major botnets to spoof a different brand-name domain every week.
This week’s victim is Newegg.com with large volumes of these bogus emails being sent by infected personal computers (zombies) acting to distribute these “Newegg.com – Payment Change” spoofs.
A typical example comes:
Subject: Newegg.com – Payment Charged
From: Newegg <info@newegg.com>
Social networking spam and virus messages are currently second only to online pharmacy spam, with the latest campaigns spoofing Linked In notification emails.
Most are Arriving with subjects of either:
Subject: LinkedIn Messages
Subject: Join my network on LinkedIn
The body of the messages themselves are fairly accurate spoofs of actual LinkedIn communications, for example:
Apparently the botnets in charge of spreading viruses have decided to go random and wild this week. In an attempt to evade filtering and confuse end user recipients, they’re spewing vast amounts of emails and using a shotgun approach of randomization.
Sending addresses are all random and spoofed and the emails themselves are short and cryptic. Subject lines tend to be short and simple and run the gamut, just a few examples (we’re seeing hundreds of variations):
Heavy volume over the last few days in spoofed Target shipping confirmation emails which arrive from completely random addresses, such as:
Subject: Your Target.com order has shipped
From: ”Earnest Dickinson” <magma@rilapublicidad.com>
The spammers in the case have paid great attention to replicating legitimate Target emails:
Watch out for well designed, but spoofed invitations from Friendster currently making the rounds through spam driven email campaigns.
The samples we’ve reviewed so far arrive as:
Subject: Welcome to Friendster
From: Friendster <join@mail.friendster.com>
We’re seeing quite the uptick in spoofed “Your Friend has invited you to open a Google mail account” emails lately.
The typical email comes with a subject line and From address such as:
Subject: Edmond Fletcher has invited you to open a Google mail account
From: ”Edmond Fletcher” <auntee8@rosesbooks.com>
The latest twist on virus/malware campaigns pretends to be an email from the Social Security Administration that supposedly contains a copy of your annual statement.
The email arrives with the headers:
Subject: Review your annual Social Security statement
From: ”Social Security Administration” <notification@ssa.gov>Due to possible calculation errors, your annual Social Security statement may contain errors.
Open attached file to review your annual Social Security statement.
This weeks most popular virus email variant attempts to use vague to it’s advantage.
Rather than trying to convince you that the emails is an official message from Ebay, Visa, Paypal, Chase or some other well known business, these messages are intentionally non-specific.
Subject lines refer only to some sort of “statement” like:
Subject: Statement of Fees
Subject: Statement of fees 2010
At least one of the larger spam botnets is hard at work these last few days spreading itself via spoofed Amazon.com emails.
For the most part, these frauds do an excellent job of mimicking legitimate Amazon emails.
The arrive with a Subject line of:
From: ”Amazon.com E-mail Subscriptions” <delivers@amazon.com>
Subject: Amazon.com: Please verify your new e-mail address
