Spam in mail traffic averaged 90.7% in March 2008. A low of 83.5% was recorded on 27 March, while a high of 97.8% occurred on 1 March.
Spam with graphical attachments made up almost one third of March’s total. In January the corresponding share was only 14% of spam messages, while the figure for February was 20%. An abrupt rise to 28% in March broke all records for this type of spam.
The leading spam categories in March 2008:
The Medications, health-related goods and services category shows no sign of moving from its leading position. The continuous flow of English-language messages promoting Viagra has been joined by Russian-language versions advertising other similar drugs for men. The main difference is that Russian language messages tend to emphasize the Tibetan or Chinese origins of the alleged medicines.
The Education category’s share has risen as the end of the school year approaches. Offers of extra tuition and preparation for school leaving exams have augmented the numerous spam messages for higher education degree certificates. Also, spammers have not forgotten about post-exam graduation parties for all those school leavers and students. Spam which previously targeted corporate event and party organizers is now aimed at final year students, which, combined with an emphasis on the upcoming May holidays, has placed Travel and Tourism firmly in the top five.
A new category was introduced in March following a recent surge in the number of Russian-language spam messages offering fake designer goods, and in particular, cheap replicas of Swiss watches. Besides replica watches, copies of designer mobile phones were also on offer, with spammers insisting that these inexpensive designer goods were perfect presents which will enhance the lucky owner's image and prestige.
In March, spammers regularly included links to Google search results in their messages. This search engine makes it possible to get a link for a specific URL – however, the link is in fact a redirect. When users click on the link they are directed to a site containing spam advertising, even though from a spam filter’s point of view, the link is legitimate. This method is prevalent in both Russian- and English-language spam.
In an effort to bypass filtration systems, spammers have modified one of the methods used to create background “noise” in messages. They've started putting random selections of letters in the text of a link in off-white. White text on a white background has already been used by spammers, but spam filters have been developed which will detect this trick. Now, the color shade of the selected letters (mostly Latin letters) used to add “noise” to messages is very similar to the color of the background (very light yellows and blues). At the same time the larger advertising texts are in bold colors so the message recipients can easily read it.
Obfuscating the link in a message is another method used to bypass spam filters. For example, spammers may replace the dots in a site address with the word “dot”. This method is not very effective, however: a spam filter may not detect such a message as spam, but the link will no longer be clickable, and will additionally be difficult to read.
The tricks described above prove that spammers are ready to sacrifice the readability and appearance of a spam message to make sure it reaches the recipient successfully. Such messages are unlikely to be widely read, except by recipients who have an interest in solving puzzles.
Messages containing malicious attachments or links to infected sites continue to be sent to users’ email accounts. In March, for instance, spammers used messages that imitated personal correspondence to spread malicious programs. Interestingly, these messages were mailed simultaneously in both Russian and English. The messages were designed to make the recipient open attachments, which of course contained a malicious file. To make the messages more realistic, they usually mentioned a visit by a friend, a chance meeting in the street or referred to sending some file or other as had previously been agreed. However, any recipient should be put on guard by messages – even those allegedly from a friend - which are sent from an unknown address.
In March, spammers not only engaged in self-promotion by describing the benefits of spam mailings but also sent messages advertising spamming systems.
In addition to spamming software, there were also offers to teach people how to configure Trojan programs and how to conduct mass mailings.
The advent of spring marked a wave of mass mailings targeting the reputation of well-known companies and sites. The Kommersant publishing house became the first victim of negative (or "black") PR. The spammers then turned their attention to advertising popular social networking sites in Ukraine. These spam messages used the suggestion of adult content on the sites to tempt users.
Avtogarant insurance company also fell victim to the spammers. The spammers didn’t even bother to alter the text of the mass mailing (http://www.spamtest.ru/news?id=207509084) which had been sent out at the beginning of the year. Recipients of such messages in March were offered insurance with January discounts. This clearly indicates that the spammers were attempting to damage the reputation of the company. It should be noted that although the spammers did not change the text of the messages, they did apply a new method of bypassing spam filters – “noise” was added to the message by means of random off-white text (in the example below it is green, but in the original it was a very pale turquoise).
In March, one well-known spamming company seems to have decided to improve its image. It started offering help in finding missing relatives or friends by using mass mailings. According to the message, the service is absolutely free.
Screenshot caption: A missing person message providing information about a young lorry driver from St. Petersburg who hasn’t been seen since mid-September 2004. The message gives a contact telephone number for any information concerning the person. At the bottom of the message the company responsible states that millions of users receive their messages and anyone who is searching for a missing relative or friend can make use of their missing person search service for free.