Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« Why "Home Business" Spam Sticks in My Craw | Main | It Must Be Phriday »

May 13, 2008

Sometimes I Simply Don't "Get" Spammers

I'm sure that big-time spammers ("mainsleaze" in the anti-spam trade) believe they are outstanding marketers. That's hard to reconcile with a piece of spam I saw this morning.

It claimed to come from Dilun. At first I thought it was a poor attempt to replicate the name Dillon, but upon further investigation, it is apparently a name found in Asian countries.

Using the Subject: line as a grabber, this spammer went for the jugular:

Subject: You have been caught spamming

This is one of those "impending doom" openers that is intended to get the recipient to open the message immediately—to really put him or her on the defensive.

The message body, however, is pure spam material:

Jessica Alba caught in embarassing situations on camera http://www.[Removed].com/

It's unclear to me how the spammer expects the recipient to react to the mind bend that occurs between seeing the Subject: line in the inbox and what appears to be a porn type of solicitation. Is the recipient supposed to be assuaged by the discovery that the spamming accusation was false? It's a real head-scratcher to me.

Okay, so let's say the recipient wasn't put off by the overt lie that tricked him into opening the message, but he's interested in seeing the purported "embarassing [sic] situations."

Whenever I see links to porn or pop culture photos, I usually suspect a malware installer at the destination. The spamvertised domain is so fresh that it doesn't even show up in whois yet, generally indicating that it's just temporarily parked, and will go away in a few days when the registrar discovers that it hasn't really been paid for.

I used one of my software tools to visit the site without a browser to see if the page's source code revealed any malware downloading going on. I'm able to make the server believe I'm doing this with Internet Explorer 6 for Windows to make sure I get the royal (as in "royally hosed") malware treatment.

It turns out that the spamvertised web site is only for an herbal penis enhancement med. That's the third time this spammer has screwed with the target's head. How receptive will someone be by the time he reaches this site?

BTW, I'm really glad I saw the page only in HTML source code form. There are apparently some testimonials on the page with Before and After photos. Excuse my clinical response: ew, Ew, EW!

Posted on May 13, 2008 at 09:04 AM