More Pharma Spam with Microsoft Content


You may recall that we wrote about spammers who used Microsoft hotmail content within the source of their messages, hidden from the reader (except for those techies who right-click & hit “view source”). Well, I spammers must have liked the results and wanted to take it a step further. The latest trick is to put the Microsoft content in the body of the message, and embed a hosted image in the message that contains the actual content of the spam. So the recipient has to allow images in order to see the message, but the spammer probably sees that as a small price to pay. Think about the alternative: embedding the image in the message will most likely get it blocked since many anti-spam engines have developed highly sensitive “image-based spam” filters.

The user initially sees what appears to be legitimate correspondence from MSN, just missing a small image:

But the user who downloads the image will see this lovely pharmaceutical spam:

What I think is super smart on the part of the spammers is that the message just appears to be a missing logo (dare I say, missing MSN logo?). So an unsuspecting end-user could easily decide to download the image in the message. Incidentally, by downloading the image, the user unwittingly confirms for the spammer that his/her email address is valid, since the image is served up from an external server, and is not embedded in the email message itself.

All this talk about the user assumes that the spam message made it past the user’s or his/her organization’s email filter. And chances are, this type of message would bypass traditional content filters, since the textual part of the message really looks legitimate.

Special thanks to Menashe for forwarding me this nice example.

Go back