This week saw a couple of notable spam making rounds in the Internet.
The first one, which actually isn’t much of a surprise, is related to the NUWAR family of worms. As we all know, NUWAR has undergone several social engineering makeovers — from doomsday messages of war to CNN top stories and more recently, e-Card greetings. The latest spam is just a variant of the latter, as seen in the following screenshot:
However, based on the analysis by our Senior Threat Analyst PB Cruz, the new twist here is that unlike its predecessor, which instantly downloads the worm after a user clicks on the link on the message, the link on the new messages points to a Web page. The said page displays an error message saying that the user needs to install Microsoft Data Access to properly view the e-Card (see image).
The second notable spam (or rather, spamming technique) comes in the form of special characters. Literally:
Notice the strikethroughts and all that extra symbols and characters. The messages all talk about — again not surprisingly — stocks, although given this heavily obfuscated tactic that’s almost suspicious, do spammers really expect to be taken seriously?
According to Lalaine Gregorio of the Content Security team, whoever created these messages are clearly just trying to avoid filtering techniques used by security applications. “Spamming is really cheap, so it doesn’t really matter if they send out nonsense mail,” Gregorio states. “Eventually someone will take the message seriously, which will then make them [the spammers] gain profit.”
Nonsense or not, spam still spells bad news.
Additional data provided by Lala Manly