Security Blog

October 30, 2009
Threat Lab Q3 Report: Pharma spam masquerading as Facebook message

Spammers are continually looking for ways to hide their true identity to bypass content filters, and ways to employ social engineering to bypass human filters (i.e., judgment) that can often distinguish if something is spam just by looking at it. The message pictured here was circulated in the third quarter.

This message, with its familiar blue header, was designed to fool people and spam filters that may not properly identify image-based spam, since all the actual content was in an image. The image itself is typically blocked by email clients like Microsoft Outlook, until the user downloads the image. However since the email appears to be legitimate, the user may download the image, revealing that it is actually pharmaceutical spam. The only content that text-based filters can identify in such a message is the traditional Facebook text, such as..."if you do not wish to receive this type of Facebook mail in the future" making it appear legitimate.

The message was not actually sent from Facebook - if it had been, the return address would have been Facebook, and not "Tammi Manley". Also, all the links within the message, such as "Unsubscribe" and "More info", lead to the pharmaceuticals site pictured in the advertisement.

Source: Commtouch Labs

Posted by: Netgear Threat Lab at 2:48 PM
Categories: Netgear Threat Lab , Phishing

• Share
  • del.icio.us
  • StumbleUpon
  • Digg
  • Technorati
  • Facebook
• Permalink
• Comments ()
• TrackBacks (0)
• Discuss This Topic in Our Forum

No TrackBacks

Comments

Threat Lab Q3 Report: Pharma spam masquerading as Facebook message

Spammers are continually looking for ways to hide their true identity to bypass content filters, and ways to employ social engineering to bypass human filters (i.e., judgment) that can often distinguish if something is spam just by looking at it. The message pictured here was circulated in the third quarter.

This message, with its familiar blue header, was designed to fool people and spam filters that may not properly identify image-based spam, since all the actual content was in an image. The image itself is typically blocked by email clients like Microsoft Outlook, until the user downloads the image. However since the email appears to be legitimate, the user may download the image, revealing that it is actually pharmaceutical spam. The only content that text-based filters can identify in such a message is the traditional Facebook text, such as..."if you do not wish to receive this type of Facebook mail in the future" making it appear legitimate.

The message was not actually sent from Facebook - if it had been, the return address would have been Facebook, and not "Tammi Manley". Also, all the links within the message, such as "Unsubscribe" and "More info", lead to the pharmaceuticals site pictured in the advertisement.

Source: Commtouch Labs

Back to Top

Partner Login

• Overview
• Security Blog
• Forum