We've observed some adult spam in disguise.The usual adult spam that we see is simple text with links and adultphrases that make it quite obvious what it is. The mutation that we'verecently observed includes an email that has two parts—HTML and plaintext—where the plain text portion looks completely legitimate and infact is a portion of a legitimate newsletter of some kind. However, theheaders make it apparent that it is not from the legitimate company.
Headers:
From: Sexy Girls Waiting Live Now
Subject: Tired Of The Overpriced Cam Sites
Text body:
(click for larger image)
What makes it even more obvious that this is spam is the HTMLportion of the body, which when rendered shows graphic adult content.As a lot of people have their email sent to them in HTML they will onlysee the adult portion of this spam attack. They won't even know thatthe legitimate content is there. So why is it there?
HTML portion:
We believe the spammers are inserting legitimate emails into theirspam to avoid spam filters. It's the oldest game in the spammers' book:"How to avoid being caught." In this particular example above, thespammer is hoping that the inclusion of legitimate company names in themail will help the message get through antispam filters. It is alwaysinteresting to see what the spammers will try next in this game offilter evasion; however, we don't think this technique will be veryfruitful.