How Exploit Kits Have Changed Spammers' M.O.

An anonymous reader writes "Spammers used to depend on email recipients to tie the noose around their own necks by inputing their personal and financial information in credible spoofs of legitimate websites, but with the advent of exploit kits, that technique is slowly getting sidelined. Prompted by the rise in numbers of spam runs leading to pages hosting exploit kits, Trend Micro researchers have recently been investigating a number of high-volume spam runs using the Blackhole exploit kit. According to them, the phishing messages of today have far less urgency and the message is implicit: 'Your statement is available online'; or 'Incoming payment received'; or 'Password reset notification.'" One thing that's long worried me is that the bulk of spammers and malware writers may hire copywriters with a better grasp of English than most of the ones I see now. "I send you this file in order to have your advice" was funny, because it stuck out.

Ahh ... the humorously bad english.

[oneiros27]

Here's yesterday's gem. Mind you, it was sent to an mailing list '-owner' account, too:

Date: Tue, 10 Jul 2012 05:19:24 -0300
From: MyUps <ups-shipping-agency@ups.com>
To: [listname]-owner@[domain]
Subject: You have urgent work

Hi, [listname]-owner

We got today a letter from tax depratment they writing that we have not paid all needed taxes. You must urgent clear this shit other way they are freeze our bank acocunts.

I have scanned the letter for you, you will find it in attach. Clear this situtaion and write me back.