Starting on 23.03.09 we began to receive a new type of spam mails having a rather interesting format: HTML with tables having certain cells colored with a special background. The result is really nice, as you can see below:
The body contains two parts, as any decent and proper formed email: text/plain and text/html. The two parts are identical from a content point of view. So, if we would render the HTML part, we obtain exactly the plain/text part. This makes the email even more credible. Analyzing the HTML content we see that there is actually not a single ASCII character in the table where the word VIAGRA is created.
In the details of one of the rows we can see how each row is created:
There is a matrix created as a table with 31 columns and 6 rows and the words are formed using colored cells. This is not yet detected by most spam filters – a simple word filter fails.
The link “Click Here” in the spam mail points to Microsofts blogging service on spaces.live.com. Trying to report the URL to live.com was impossible – but this is yet another story.
Manager International Software Development