Endpoint Protection

 View Only

Not Enough Magic by Spammers Using the Potter Tale 

Jul 27, 2009 04:13 PM

As excited as I was prior to the release of the sixth film of the Harry Potter series, it proved to be fairly disappointing in terms of the number of spam messages spawned using the book/film title. The latest film, “Harry Potter and the Half-Blood Prince,” was released worldwide on July 15.

We monitored the probe network traffic over the past couple of weeks to track the prevalence and volume of Harry Potter related spam. However, it seems that spammers are less passionate about the idea of using the magic of this tale for their spam campaigns. The recent Harry Potter-related spam that we did see arrived as either Nigerian scams or health-type spam.

One scam message is disguised as an online lottery winning notification. In this fake and non-existent lottery, the name “Potter” is misspelled as “Porter.” Interestingly, the scammer used J. K. Rowling as the name for the online lottery—Rowling is the author of Harry Potter fantasy novel series.

Below is an example of the scam email along with the headers:

imagebrowser image

In the health spam examples, the various subject lines use phrases such as “Harry Potter ebook.” The email body is in the form of a legitimate newsletter, but all of the URLs provided lead users to an online pharmacy website.

Various subject titles used in these samples are as follows:

Subject: Full ebook Harry Potter
Subject: Harry Potter interactive ebook

imagebrowser image

In another health spam sample, news involving Harry Potter is used to obfuscate the message. These meaningless sentences are inserted at the bottom of the email.

Below is an example of such obfuscated email:

imagebrowser image

A few more obfuscation samples used in the health spam are as follows:

imagebrowser image

0 Favorited
0 Files

Tags and Keywords

Related Entries and Links

No Related Resource entered.