MSN Featured Offers Spam
[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
VERY IMPORTANT INFORMATION, READ THIS FIRST: The example and associated information published on this page are subject to the SHPAMEE Terms Of Use. Please familiarise yourself with these terms before viewing or using any information on this page.
Header:
From - Fri Jul 04 18:15:11 2008
X-Account-Key: account4
X-UIDL: x
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <support@lht.com>
Delivered-To: 119-x
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
tucker.host4africa.com
X-Spam-Level: *
X-Spam-Status: No, score=1.2 required=7.0 tests=HTML_IMAGE_ONLY_20,
HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,MIME_HTML_ONLY autolearn=no
version=3.1.0
Received: (qmail 8353 invoked from network); 3 Jul 2008 16:05:30 +0200
Received: from ppp-58-8-153-193.revip2.asianet.co.th (HELO acer-js0fgsvsyc) (58.8.153.193)
by plesk.ev1servers.net with SMTP; 3 Jul 2008 16:05:29 +0200
Content-Return: allowed
X-Mailer: CME-V6.5.4.3; MSN
Return-Path: communications_msn_cs_enus@cimail15.msn.com
Message-Id: <x@acer-js0fgsvsyc>
To: x
Subject: Dear x 85% 0FF
From: Henry@Viagra.com x
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Account-Key: account4
X-UIDL: x
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
Return-Path: <support@lht.com>
Delivered-To: 119-x
X-Spam-Checker-Version: SpamAssassin 3.1.0 (2005-09-13) on
tucker.host4africa.com
X-Spam-Level: *
X-Spam-Status: No, score=1.2 required=7.0 tests=HTML_IMAGE_ONLY_20,
HTML_MESSAGE,HTML_SHORT_LINK_IMG_3,MIME_HTML_ONLY autolearn=no
version=3.1.0
Received: (qmail 8353 invoked from network); 3 Jul 2008 16:05:30 +0200
Received: from ppp-58-8-153-193.revip2.asianet.co.th (HELO acer-js0fgsvsyc) (58.8.153.193)
by plesk.ev1servers.net with SMTP; 3 Jul 2008 16:05:29 +0200
Content-Return: allowed
X-Mailer: CME-V6.5.4.3; MSN
Return-Path: communications_msn_cs_enus@cimail15.msn.com
Message-Id: <x@acer-js0fgsvsyc>
To: x
Subject: Dear x 85% 0FF
From: Henry@Viagra.com x
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Body:
|
Comments:
Related Cyber Criminal Profiles:
No related profiles found.Similar Spam Examples:
Obfuscated Image Online Pharmacy and Drugstore SpamThe Microsoft Mega Jackpot Lottery Scam
Malware Spam - Sprint: Your bill is now available online
Standard Bank Phishing Scam - Debit Order Authorization
Inheritance Fund Scam a.k.a. Next of Kin Scam - Please Contact Me
Related Malware Samples:
No related malware samples found.[Previous Example] [Share This Page] [Back To The Main SHPAMEE Index] [Next Example]
The x is actually the e-mail address of the recipient. It certainly catches your attention, but no ethical e-mail marketer will use your e-mail address in the subject line, only stupid e-mail marketers and spammers will.
How do you unsubscribe from something you never subscribed to. Don't fall for this age old trick. If you wish to receive loads of spam, go ahead, be our guest and click on the Unsubscribe links in unsolicited commercial e-mails.
Normally an unsubscribe link contains a string of random characters. The recipient's e-mail address is normally encoded into this string. If you click on the link, you will be taken to a page that connects to a database owned by the spammer. The server will look for a similar string in the database and your e-mail address will be flagged as active if a match is found.
But in this specific e-mail you will find no encoded strings at the end of the URL's, only links to top-level domains, for example: http://www.example.com/. Each link points to a different top-level domain so the spammer can easily track the effectiveness of each link in the e-mail. (But each domain can also be assigned to certain groups or individuals).
Notice the small "B" in the top-left corner of the e-mail? That is our place holder for web bugs embedded into spam e-mails. The web bug in this e-mail is a link to a remote GIF image. The file name of this web bug consists of 3 random characters followed by the .gif extension and the ?o=1 parameter:
So by simply opening this e-mail and loading the remote images, you will automatically send a confirmation to the spammer that your e-mail account is active. So the spammer does not only confirm your e-mail address, he/she can also track the performance of the spam e-mail with a web bug like this.
Interestingly enough, each link in this e-mail points to websites with the very same Canadian Pharmacy template as discussed in the The Untrustworthy Online Drugstore spam example.
Microsoft Corporation, One Microsoft Way, Redmond, WA 98052
Why use Microsoft as a smoke screen? It adds a false sense of trust to the e-mail, so people are more likely to click on the links. The spammers also knew that it will most certainly lead to anger among many recipients. Most people will instantaneously click on the Unsubscribe link and curse at Microsoft in 180 languages.
How nice from the spammers to disclaim Microsoft from any responsibilities towards angry spam victims, who might buy sub-standard and hazardous medication from these sites.