Spammers are getting really creative recently. They exploited legitimate sites to host their materials, they masked their e-mail addresses, now they’re “borrowing” images from legitimate, well-known hosts to use in their e-mails in hopes of tricking spam filters.
The most recent outbreak, as seen below, included a “News Summary” image in the header. That particular image is actually hosted on the legitimate CBS News site. The other image, of the pharmaceuticals, actually links to several different domains depending on the version. Although boasting different URLs, the sites are actually all Canadian Pharmacy pages.
In another example we observed, the Canadian Pharmacy folks exploited Pizza Hut. In the example below, the “Order Now” button and the “Click for more deals” tab are both images hosted on the Pizza Hut site to confuse traditional image scanning spam filters.
In this case, the spam provider also masked the sending address as PizzaHut@____.emailpizzahut.com to further confuse recipients and traditional spam filters.
All you REALLY wanted was a pizza… no one said anything about Viagra as a topping!