Wednesday, April 29th, 2009 / 962 views

New spam strategy in the wild

   

Recently we noticed a big archive of spam messages related to selling various pharmacy products. But something was different from the old spam messages… no http links were present in the message.

 

The surprise was attached in .gif or .jpg or .png format:

 

Spam Images Screenshot

 

The attached image has inside all the info related to various pharmacy products and the malicious http url:

 

Spam Image Screenshot

 

Spammers are using this strategy to bypass common anti spam filters and to avoid to be placed in the “spam folder” of the email clients.

 

Other spam messages were full of links that redirected to yahoo groups with random names:

groups.yahoo.com/group/zygikyromaxit49/message/1
groups.yahoo.com/group/vigecydavypov17/message/1
groups.yahoo.com/group/gefyfewozimax24/message/1

All the above links redirected again to other suspicious domains:

proudtasty.com
advocacywife.com

Pay always attenction when opening unknown, and even known, emails.

Posted by admin on Wednesday, April 29th, 2009 at 6:46 pm and filed under Spam with tags , . You can skip to the end and leave a response. Pinging is currently not allowed.

Related Articles

2 Approved Responses so far

  1. Jiky Says:
    May 6th, 2009 at 11:25 pm

    Spammers are becoming smart uh ? I got 130 emails of the same style…

  2. Peter Louies Says:
    May 7th, 2009 at 11:32 pm

    Here at MX Lab we received the same spam campaign too. It looks like the ‘tradional’ spam based images are back. Typical is the use if GIF, JPEG or PNG files to deliver the spam content and to disturb the image with, in this case, small colored lines, between the content.

    The URL is indeed inside the image. This is clearly a trick to avoid filters that are based on intent analysis.

Leave a Reply