Spam continues to evolve in interesting directions. Here's a quick roundup of some recent developments.

Stock spam, which seems to have fallen off a bit recently, is not quite on its last legs. The ever-inventive stock spammers have now switched to using PDFs in their messages instead of the more usual JPEG or GIF images. The tactic was first tested in a reportedly massive spam run for Talktech Telemedia. Oddly, we only received 'conventional' JPEG spam for this stock, but in compensation we have registered large amounts of PDF spam pushing Score One, Inc (alongside more traditional plaintext spam).

The pharmacy spammers behind MyCanadianPharmacy have begun sending large numbers of messages claiming to be from the United States National Medical Association and warning recipients in serious tones about the dangers of buying pharmaceuticals online. The messages contain a list of what they consider to be the perils of buying medications from untrusted sources:

delivery of low quality or fraud products.
an enormous delay (up to 2-3 months) in delivery of products.
shops obtain all the credit cards numbers and other credit information and then simply send nothing.
shops sell unlicensed products they know nothing or very little about.
shops themselves don't have a license to sell the pharmaceuticals.

I could hardly have put it better myself (give or take the odd grammatical error). The senders urge you to protect yourself by consulting their 'blacklist' before buying online. Unsurprisingly, clicking the links in the message doesn't take you to a blacklist, but sends you directly to a website owned by the notorious MyCanadianPharmacy. The very detailed report on MyCanadianPharmacy from the excellent spamtrackers.eu observes:

Nobody has ever noted receiving a single shipment of any product ordered on a MyCanadianPharmacy website

so having MyCanadianPharmacy lecture you on the dangers of buying drugs on the Internet is rather like having a rapist offer to walk you home 'for your protection'.

Meanwhile, new variants of Zhelatin (Storm Worm) are generating lots of mail, sending out messages claiming that an unspecified family member has sent you a postcard. The first batch of messages all had subjects that read:

Agatha sent you a fvvan.hk! Greeting

(or variants on that theme, with different female names and '.hk' domains substituted in at random). Apparently people weren't falling for this rather obvious ploy, so they refined their game a little. The new variants have subjects similar to:

You've received a postcard from a family member!

and claim to be sent from domains such as hallmark.com or any of a number of other possible 'ecard' sites (I've always said those things were a menace). The actual messages contain links to what are presumably infected PCs, which simply display a message reading:

We are currently testing a new browser feature. If you are not able to view this ecard, please click here to view in its original format.

Should you be unwise enough to click the link, it downloads an executable which, given the chance, will install itself on your computer and start doing the bidding of its shadowy Russian masters. It's very much the same-old, same-old, but judging by the number of messages we're seeing, it seems to be having some success. A quick and unscientific inspection of 50 sample messages reveals that around 60% of the infected machines are located in the US, so clearly the message isn't getting through. I'd rather hoped that, seven years into the 21st century, we might have learned not to open the goddamned attachments, thank you very much, but clearly we have a way to go yet.

What else is noteworthy? An outfit calling itself Maxibigz is spamming up a storm currently, sending out messages promoting an ever-changing list of domain names (at one point they were using the domain maxibilk.com, a touch of probably unintentional irony). The sites are botnet-hosted and display a shopping page that offers all kinds of mouth-watering electronic goodies at competitive prices. Fake storefronts for stealing credit cards aren't anything new, but it seems to be an unusually high-volume operation.

Sending fewer spams but using almost as many domain names is the money transfer scammer currently calling itself Sydney Car Centre. There's some reason to suspect that they're the same scammers who previously called themselves Aegis Capital Group or Lux Capital. Their sites are near-clones of one belonging to an apparently legitimate business called the Stratford Car Centre.

Plus ça change, plus c'est la même spam.