Security Blog

 

October 30, 2009
Threat Lab Q3 Report: Pharma spam masquerading as Facebook message

Spammers are continually looking for ways to hide their true identity to bypass content filters, and ways to employ social engineering to bypass human filters (i.e., judgment) that can often distinguish if something is spam just by looking at it. The message pictured here was circulated in the third quarter.

Q3-2009-Internet-Threats-Trend-Report.png This message, with its familiar blue header, was designed to fool people and spam filters that may not properly identify image-based spam, since all the actual content was in an image. The image itself is typically blocked by email clients like Microsoft Outlook, until the user downloads the image. However since the email appears to be legitimate, the user may download the image, revealing that it is actually pharmaceutical spam. The only content that text-based filters can identify in such a message is the traditional Facebook text, such as..."if you do not wish to receive this type of Facebook mail in the future" making it appear legitimate.

The message was not actually sent from Facebook - if it had been, the return address would have been Facebook, and not "Tammi Manley". Also, all the links within the message, such as "Unsubscribe" and "More info", lead to the pharmaceuticals site pictured in the advertisement.

Source: Commtouch Labs

Posted by: Netgear Threat Lab at 2:48 PM
Categories: Netgear Threat Lab , Phishing

No TrackBacks

TrackBack URL: http://prosecure.netgear.com/cgi-bin/mt/mt-tb.cgi/52

Comments

Back to Top

Partner Login

The PowerShift Program puts a world of resources at your fingertips.

Login Page:
http://www.netgear.com/Partners/
Powershift.aspx

Apply to be a Partner:
http://info.netgear.com/forms/powershift

Forget Password:
http://www.netgear.com/Extranet/
ForgotPassword.aspx

In This Section

Lijit Search