Posted by Virus Bulletin on Aug 11, 2011
'Sick leave' message followed by weight loss spam.
In an apparently new way of spreading their messages, spammers are advertising their products via fake out-of-office replies.
The example VB has seen involved a legitimate email which was sent with an (unintentional) typo in the domain name of the intended recipient. What came back was an 'out-of-office' message containing spammy links.
The message started off like a normal out-of-office reply, informing the sender that the recipient was not in the office. However, it continued by saying that the recipient was actually on sick leave, and that his doctor had recommended some diet products. There then followed a number of links and images that led to a web page with affiliate links to weight loss sites:
It appears that the misspelled domain name had been registered by spammers and was then used to send these fake out-of-office replies.
In this case, the images in the email were hosted on the recipient's domain, which is also where the links led. However, spammers could easily have used a third-party domain and would thus not have needed full control of the domain in question.
While it is questionable whether many users would fall for such a scam, this example shows that spammers never tire of finding new ways to spread their messages. Moreover, many spam filters are less likely to block messages from email addresses that have previously been corresponded with, and thus messages like this are less likely to be blocked by them.
Posted on 11 August 2011 by Virus Bulletin