Those frustrated with the on-again-off-again order status conundrum surrounding the launch of the newest iPhone might be tempted to respond to a wave of spam promising free iPhones (see spam sample below).

There are multiple templates for the email but all lead to a website that seems to only need your email address.

At this point we would normally warn you about this sort of email address harvesting and remind you that Commtouch would have easily classified the email as spam.  However, we decided to follow the trail a wee bit further…

We used a site called oDigger.com that indexes affiliate programs, and did a search for “iPhone”.  See the screenshot below for the page describing this particular program.  An affiliate (in this case our spammer) will receive $1.35 every time someone follows one of the emails, arrives at the page shown above and enters their email (see the line for “Payout”).  This new customer is potentially very valuable as he/she is about to be exposed to multiple pages of additional affiliate advertising – all of them promising that the iPhone 4 is “just one more step away”.

Respondents who enter an email address and hit “continue” will be expected to fill in a detailed form in order to “claim their iPhone”.  There are then 12 (yes… 12) pages of “Step 2 – complete the survey”.  Each completion generates more affiliate revenue.  These are followed by 3 pages of “last steps” that require completion of multiple (at least 9) partner offers (more affiliate revenues).  Although we are very dedicated to probing the workings of spam and Internet marketing we decided we’d earned a coffee break – so we stopped at this point.  Guess we’ll have to wait for AT&T…

In their efforts to convince innocent recipients to part with their hard earned cash, email scammers have created seemingly endless versions of lottery, financial aid, and surprise inheritance stories.  And now these…  Looking for some new scam tales we present:

• The Harry Potter Foundation giving away GBP 250,000 (and they are based in “Potter house”)
• The Facebook Africa Jackpot Promo giving away $800,000 (to “compensate” you for their 6 years)

What will they come up with next!  (watch this space…)

Commtouch labs have received scores of emails targeting twitter users.  The emails have been neatly constructed to include the email address within the email – making them look more genuine.

Recipients are asked to open an attached html file to view their new password.  The website that loads contains a browser exploit.  Not very friendly…

On the eve of the Soccer/football World Cup 2010 in South Africa we spoke to Mr. BuyVi@ GraNow the head of the NGO “WESPAM” (Worldwide Excess Senders of Phony Applications and Mail).  WESPAM claims to represent most of the evil Internet.  Mr. GraNow said, “Events such as the World Cup represent a unique opportunity for the evil underbelly of the Internet.  The opportunities for exploiting public interest are so numerous – pharmacy spam, scams, malware email attachments, SEO poisoning, etc.  We’re dizzy with excitement!”

Mr. GraNow wrote down our email address and promised he would send us further details of the activities planned to coincide with the world’s greatest tournament.  Although he didn’t send any further details we were thrilled to receive notification of a huge World Cup Lottery victory! We have subsequently won the lottery so many times we don’t know what to do with all the money – and each time the email was thoughtfully worded slightly differently:

• ***south africa 2010 fifa world cup lottery promotion****
• ***south africa 2010 fifa world cup lottery promotions***
• ,,,sa 2010 world cup lotto drew;;;;;;;
• claim your fifa world cup football award/ticket
• congratulation! you have won us$1,220,000.00 for soccer world cup 2010 promotional draw
• congratulation!!! for 2010 world cup promotion
• fifa 2010 world cup lottery department
• fifa-mtn world cup team official prize notification
• final notification for south africa fifa 2010 world cup lottery
• south africa 2010 world cup award notification!!!
• south african 2010 fifa world cup lottery award
• south african 2010 world cup bid lottery award
• south african world cup 2010 free lottery draw
• winner – fifa world cup online draw
• world cup bid lottery award
• you have won south africa 2010 world cup lottery
• you have won south africa 2010 world cup lottery computer promotional draw
• your email just won 2010 world cup in south africa & fifa promotion

No – of course it’s not a new product from our favorite tech trend-setters – but it’s not surprising to see the Apple name being used to generate subjects for pharmacy spam messages.  It’s even less surprising to see the new iPad being used to attract curious clickers – especially as the millionth unit was sold.  The iPad spam email (see sample) includes some standard “received from Microsoft” footer text to give the appearance of legitimacy.  Nevertheless, we had to giggle at the irony of “Microsoft” “announcing” the millionth iPad sale.

A further example is this “confirmation” email supposedly received from an Apple store.  The order numbers used in all the samples we analyzed were randomized - apparently to fool content-based anti-spam solutions.  Clicking on “order information” leads you to the friendly folk of the Canadian Pharmacy.

In part 4 (or is it 5 or 6) of our coverage of Google abuse we present a phishing attack targeting adwords users.  Actually it’s just a shade over 2 years since we last discussed adwords phishing attacks.  This one almost had us convinced for about half a second with some fine phishing touches:

• It only targets users of adwords – there can’t be too many of those, right?
• The bold date from the same day
• The link is somewhat convincing: “http://adwords.google-dm.com/…..”
• The link in the fine-print section is genuine
• English is not terribly awful

Spam does not deserve its bad reputation, says a Russian “mass-email” provider.  Yeah, right. We strongly, but humbly, disagree.  However, to debunk this spurious logic, we have reprinted his letter titled “Seven Myths about Spam” with our comments in italics.  For some of the “myths” we will let the email speak for itself. (Thank you, Google Translate – although we have clarified a few words.)

Seven Myths about Spam

It is rumored that spam is bad and bad services of spammers. We will disprove them in this letter!

Myth 1: SPAM GIVES SMALL RESULT

Mass mailing made by millions of users providing dozens of calls, on the theory of probability one hundred thousand people interested in the proposal

(Commtouch says: surprisingly this is true – research has shown that enough people will respond if many millions are spammed – it’s a statistical thing).

MYTH 2: SPAM OUTSIDE THE LAW

The law has no clear definition of spam, so each day comes different advertising messages. If this law will act, hundreds of thousands of businesses will suffer bankruptcy!

(Commtouch says: Several countries have already outlawed clearly defined spam by mandating an opt-in or opt-out system. The predicted demise of hundreds of thousands of legitimate businesses has yet to occur).

MYTH 3: SPAM ORDER HOPELESS

Small firms, the services of mass mailing lists used by banks, major trading companies, Internet Service Providers and just individuals who want to quickly sell your house or car, apart from the companies that conduct seminars!

4 MYTH: SPAM IS BAD

Mass mailing is to help any growing company in search clients. Newsletter is as usual ads that you see on sites on TV in the street, in magazines, etc.

(Commtouch says: If spam is not bad then can you please explain the collective resources of Commtouch, our partners, our competitors, and much of the Internet devoted to getting rid of spam?)

MYTH 5: A LOT OF SPAM NEGATIVE

If you purchase advertising on major television channel, then you reach many people and will definitely find 2-4 people who do not like your commercials and express their views in a variety of reasons. Also in mass mailing, there will always be people who do not like your advertising.

MYTH 6: SPAMMERS SPOOF

Everything in life is relative, there are good companies that have quality services and products. Who to contact is your choice. Always hard to recognize!

MYTH 7: SPAM IS NOT ETHICAL

Paste ads near their homes, to send commercial proposals mail or make mass e-mail – this OK! Any business needs customers, but not everyone afford to order advertising on radio or television.

If we have succeeded dispel your doubts about this kind of advertising, contact us! We are responsible for efficient mailing!

(Commtouch says: No… you didn’t dispel our doubts about “this kind of advertising”).

Yesterday we announced our collaboration with RSA, The Security Division of EMC, in which we now provide real-time phishing data to the RSA® FraudAction^SM Anti-Phishing Service to further help prevent online fraud and identity theft.  The phishing data includes URLs that we detect in real time following analysis of billions of Internet transactions.

Aside from the traditional “dedicated” phishing sites, we also detect sites that have been hidden within legitimate sites.  In our Q1 2010 trend report we provided statistics for these in the section entitled “Compromised websites – Categories infected with phishing.”  As described in the trend report, these legitimate sites infected with phishing are generally not changed in any obvious way. The phishing page is added by a hacker – unbeknownst to the site owner – and the link to the page is then inserted into phishing emails.  The screenshots below show a recentexample identified by the Commtouch team of a legitimate site that is unknowingly hiding a Bank of America phishing page.

Phishers gain several advantages from this ploy:

• The legitimate site name lends legitimacy to the link
• The phishing page is hosted for free
• It usually takes several days or more to detect and remove the page

Spammers are just like you and me – they love Mom.  So when Mother’s day rolls around they spare no effort in letting Mom know that she’s the best.  They will help you buy flowers – just look for emails that start with a random name prefix followed by some flower offer such as these:

• alan$20 off mother’s day flowers – today only!
• albert$20 off mother’s day flowers – today only!
• alex$20 off mother’s day flowers – today only!
• [prefix] mother’s day exclusive – roses starting at only $19.99
• [prefix] mother’s day exclusive! flowers from $19.99
• [prefix] mother’s day exclusive! roses from $19.99
• [prefix] mother’s day flowers starting at $19.99
• mother’s day flowers from $19.99

Astonishingly, clicking on the links leads to website offering a free TV.  Wow – much more impressive than flowers!  Now all you have to do is fill in endless online forms for endless unrelated offers as well as handing over your credit card details to the Internet underworld.  Not sure you’ll actually get a TV, …or flowers.

Our recommendation:  take Mom out for breakfast.

Part 3 in a series of examples where the legitimacy and trust conferred by the Google name has been misused

3) Google birthday scam

The email features standard scam elements but what caught our collective eye is that the huge “winnings” are distributed by Google themselves in honor of their 12^th anniversary.

According to our calculations the 12^th anniversary will actually be in September this year.  Google typically celebrates anniversaries by changing the search logo on the day – see 11^th birthday logo below.  We will be watching for Google birthday spam closer to the time.