With just over two months to go before the wedding of Prince William and Kate Middleton, it’s no surprise to find this significant event is being used to promote products. E-mails advertising a replica of Princess Diana’s engagement ring were observed in the past few days by Symantec’s Amanda Grady, sent by well-established spammers.
Although infected botnet machines are responsible for the vast majority of spam sent globally (77% at the end of 2010), Amanda says these attacks do not fall in that category, and in fact the IP which is sending the spam is the same as the one hosting the domain which is linked to in the e-mail.
This domain has also been used in other spam campaigns, such as the long running Who’s Who social networking spam messages. It was registered on February 9, 2011, using Moniker Privacy Services for anonymity, and since then has been used in at least half a million spam emails. This spammer has registered many different domains across a range of IPs in a technique that is sometimes known as “snowshoe spamming”.
Amanda says if the user clicks on the link in the e-mail, it firstly redirects to the ‘lynxtrack.com’ domain, which checks that the user’s IP is based in the US, before redirecting to the final destination product site. The product site was registered much earlier, on December 21, 2010, using a different registration service, indicating that the people behind the site might be purchasing spam services rather than sending it themselves.
As the British Royal wedding gets closer though, expect to see it featured in other spam campaigns to attract users’ attention; at the very least in scraped news headlines.