Symantec observed that dating spam messages and spam messages distributing malware were most prevalent in the recent past. These spam messages dominated the list of top 10 spam subject lines in the past 30 days.
Subject lines:
· Katya 21y.o, new message for you
· Julia 22y.o, new message for you.
· hello
· Blank subject line
· LinkedIn Messages, 9/30/2010
· LinkedIn Alert
· Re: CV
· hi!
· LinkedIn new messages
· You have got new message(dating)
The dating spam messages were comprised of subject lines such as, ‘Katya 21y.o, new message for you’, as seen in the screenshot below. In another variation of this subject line, the name and age in the subject was randomized, while the rest of the subject remained unchanged.
The body of the spam message consisted of a URL link with a .ru domain as shown below.
hxxp://xxxxxxxxxx.ru/?idAff=127
The URL link takes the user to a Russian online dating site. Although the .ru domain in the URL was randomized in the spam attack, its parameters (as seen above) remain unchanged. This spam attack constituted 33% out of the top 10 spam subject lines during the last 30 days.
In the same time period, another spam attack having the subject lines below was observed to be distributing malware.
Subject: LinkedIn Messages, 9/30/2010
Subject: LinkedIn Alert
Subject: LinkedIn new messages
These emails, purporting to be from LinkedIn, enticed users into viewing the fake invitation requests or unviewed messages in their account inbox. These messages are NOT from LinkedIn, and upon clicking the links provided in the message body, users are usually taken to a Web site that attempts to install Zeus malware. After it has been successfully installed, the malware gathers sensitive information, especially users’ Internet banking details. Symantec had earlier reported this trend, observed in late September, in the State of Spam and Phishing Report for October 2010.
This spam attack constituted 20% out of the top 10 spam subject lines during the last 30 days.
Both the above mentioned spam attacks were active until the third week of October, however, they were at their peak in the last week of September.
Earlier, spam emails (similar to the above) spoofing LinkedIn, were observed to be promoting fake pharmaceutical products. Spammers look ever engaged in spoofing social and professional networking sites as a bait to spread spam and malware. It may be difficult to ignore email communication appearing to have come from popular professional or social networking accounts such as LinkedIn or other, however, one needs to be cautious of file types, particularly executables (.exe). Any email with this type of application extension in an attachment should be considered suspicious, particularly if it's coming from an unknown sender.
Other than the dating and malware spam messages, the top spam subject lines in the past 30 days (shown below) represented job offer scams and pharmaceutical spam messages.
Subject: Re: CV
Subject: hi!
Symantec customers can be assured that Symantec’s mail security products (powered by Brightmail technology) block these and other types of spam attacks.