Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« New Year, New Phish | Main | What a Haiti Earthquake Charity Scam Looks Like »

January 10, 2010

The Spamit_New_Subj Flood

If you've been scratching your head over spam whose Subject: line reads:

Spamit_New_Subj

I have some answers to the riddle.

When I saw the first instance in an inbox, I thought the message might have been relayed through a mail server that tagged the message as being spam. But the message's headers didn't reveal that to be the case. No, the message originated with that Subject: line.

The telltale marks of the underscore characters signified the likelihood that the text was a placeholder, which the bot software responsible for sending the message was supposed to replace with something else (meaningful or otherwise). Given the fact that the message bodies of all of these messages were simple text sentences relating to erectile dysfunction medz, I had my suspicions. And upon checking the HTML source code of the spamvertized web site, my suspicions were found to be accurate:

<img src="/themes/blue_light/img/logo.jpg" alt="Canadian Pharmacy" border="0">

Yes, it's our old friends, the Canadian Pharmacy morons. From additional research, Spamit appears to be a spamming affiliate business responsible for medz, warez, and Heaven knows what else over the years (although the name was new to me). Thus, we appear to have an affiliate (often also known as a wannabe spammer) who hasn't yet figured out how to work the system — or the software — to replace the Subject: line in the Spamit-supplied template.

But it's awfully nice of him to attach spam signal flares to the Subject: lines of his messages.

Posted on January 10, 2010 at 11:52 AM