Happiness Healthcare Canadian Pharmacy Spam
[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
VERY IMPORTANT INFORMATION, READ THIS FIRST: The example and associated information published on this page are subject to the SHPAMEE Terms Of Use. Please familiarise yourself with these terms before viewing or using any information on this page.
Header:
From - Fri Jul 04 18:12:14 2008
X-Account-Key: account2
X-UIDL: x
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Apparently-To: x via 217.146.183.107; Thu, 03 Jul 2008 05:39:42 +0000
X-YahooFilteredBulk: 190.67.230.114
X-Originating-IP: [190.67.230.114]
Authentication-Results: mta135.mail.ukl.yahoo.com from=ci.verona.wi.us; domainkeys=neutral (no sig)
Received: from 190.67.230.114 (190.67.230.114)
by mta135.mail.ukl.yahoo.com with SMTP; Thu, 03 Jul 2008 05:39:42 +0000
Message-ID: <x@desktop>
From: "Jamie Corbett" <xabourse@ci.verona.wi.us>
To: x
Subject: We offer you happiness
Date: Thu, 3 Jul 2008 00:39:33 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0013_01C8DCA5.430C4010"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2720.1106
X-Account-Key: account2
X-UIDL: x
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Apparently-To: x via 217.146.183.107; Thu, 03 Jul 2008 05:39:42 +0000
X-YahooFilteredBulk: 190.67.230.114
X-Originating-IP: [190.67.230.114]
Authentication-Results: mta135.mail.ukl.yahoo.com from=ci.verona.wi.us; domainkeys=neutral (no sig)
Received: from 190.67.230.114 (190.67.230.114)
by mta135.mail.ukl.yahoo.com with SMTP; Thu, 03 Jul 2008 05:39:42 +0000
Message-ID: <x@desktop>
From: "Jamie Corbett" <xabourse@ci.verona.wi.us>
To: x
Subject: We offer you happiness
Date: Thu, 3 Jul 2008 00:39:33 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0013_01C8DCA5.430C4010"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2720.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2720.1106
Body:
You donts seem to need blue pilules or do you?
No woman thinks [DELETED TEXT]
Here!
fbchpasswd epinasties equivaluer
errorlevel facelessly faergemand
fantasy-sf englebrick experament
epulsating exportbody fBcompound
No woman thinks [DELETED TEXT]
Here!
fbchpasswd epinasties equivaluer
errorlevel facelessly faergemand
fantasy-sf englebrick experament
epulsating exportbody fBcompound
Important-Your Health is at stake.
Luxury health products for your most loved ones.
exothermic euthyphron ex-manager
epithecium exitstatus farningham
fairytales fLendgrent erlebnisse
fair-trade fIcombined fBmemalign
epithecium exitstatus farningham
fairytales fLendgrent erlebnisse
fair-trade fIcombined fBmemalign
Comments:
Related Cyber Criminal Profiles:
No related profiles found.Similar Spam Examples:
Canadian Pharmacy Spam - Worlds best pain killers hereCanadianPharmacy Spam - The Untrustworthy Online Drugstore
Pharmacy Customer Notice Canadian Pharmacy Spam
Canadian Pharmacy Spam - Are Generics As Good?
Drugstore Pharmacy Spam - Are generics as good?
Related Malware Samples:
No related malware samples found.[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
The plain text version is never intended to be shown to the recipient of the e-mail, because it contains, well... only text. No links, no e-mail addresses, nothing. It's main purpose is to randomise the hash sum of the e-mail. In other words, the spammer (or spambot) can keep the HTML version unchanged and only needs to change the text version for each spam e-mail he (or it) sends. This produces a different hash sum each time, so the e-mail won't match the hash sum of e-mails previously marked as spam and can easily bypass a Bayesian spam filter this way. This is quite an old trick used by spammers and most spam filters are able to detect this discrepancy quite easily these days.
But this example takes hash busting a bit further, it places (visible) hash buster text at the end of the e-mail as well. All the hash busting and bypassing techniques are quite useless, because like mentioned earlier, modern day spam filters will frown upon a multipart/alternative e-mail if the content in the plain text version differs from the content in the HTML version of the e-mail. So this is either a stupid spammer or an outdated spambot that's still active on an infected machine.
You can say that again. Will you feel comfortable ordering drugs through a spam e-mail that looks like the inside of a garbage truck?
We deleted some offensive text before publishing this e-mail because we couldn't care less about what the spammer thinks.
This spammer is obviously taking way too many blue pilules.