New types of online pharmacy spam

Just when I started to think that the new spam mails are getting increasingly fancy, I found out to be wrong: The email below has only one GIF picture attached to it and the website address is written into the picture. There is no link whatsoever, so the user has to type in the URL manually.

Another trick used is so-called ASCII art. The spammers went back to the old plain text emails and writing the text vertically instead of horizontally. Additionally, they used some techniques which were traditionally used in small gif pictures attachments, asking the user to type the address by himself. Now, in the plain text, they added extra spaces in order to confuse Antispam filters.

Interestingly, the source code of the emails looks better than the rendered text in Outlook 2010.

The mails are sent using bots and therefore are already detected by the Realtime Blacklists (RBL) most providers use.

Sorin Mustaca
Data Security Expert