By Andrew Brandt
The spam messages usually just contain a link, and possibly a few words. Their subject matter falls into three general categories common to most contemporary spam: Pill vendors, Russian bride “vendors,” and drive-by download sites hosting Zbot password-stealer installers.
It’s not unusual for spammers to forge the return addresses, but the sheer volume of spam that has been forged so it appears to originate from MySpace, Facebook, or iTunes is notable.
A significant percentage of the spam leads link-clickers to websites which purport to hook up western bachelors with eligible “russian brides,” in what appears to be a simple data-mining scam aimed at obtaining email addresses for further exploitation. Messages that look like Facebook notification emails, such as this:
Lead to myriad duplicate sites that look just like this:
And messages like this one, that appear to come from MySpace:
Lead to either (or both) of the two most prolific spamvertised pill vendors, the so-called “Canadian Pharmacy” and “Online Pharmacy” Websites.
In addition to the social spam, another email spam campaign has been making the rounds, with messages that imply that someone has posted undesirable photos of you on a website. The links in the messages lead to a page that pushes down a Zbot installer.
The message reads, in part:
Hey, some jerk has posted your pictures (u understand what kind of pictures are there) and sent them to all ur friends. I have already replied back. Said, that he is an idiot. See the link:
It goes without saying, you should avoid clicking the links in these messages, and you shouldn’t automatically trust that mail which says it comes from Facebook, Myspace, or iTunes really originated from those companies.