eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.
Spammers have their favorite words, too.
An interesting analysis by Symantec compared the language patterns of the busiest botnets on the Web. Starting with an examination of a random sample of global spam over a one-week period, Symantec found spammers often used generic words punctuated with an exclamation mark to create additional effect.
For example, among the most common words were: “shipping!”, “today!” and “here!”.
“As you can see, the popular words are fairly generic but all seem to be geared toward encouraging an immediate reaction, trying to get some sense of urgency,” blogged Mathew Nisbet, Malware Data Analyst with Symantec Hosted Services.
“Individual botnets have different profiles from general spam though, they tend to have more restricted sets of words used, as they stick to a smaller number of set topics,” he wrote. “The reason for this is the way botnets are used…With the use of the botnet effectively going to the highest bidder, that means that each botnet will only be sending a small number of topics at any given time, from a small number of spammers who are able to pay for the service.”
Four of the top five spamming botnets – Bagle, Grum, Bobax and Rustock – use a limited pool of words tied to a particular subject. For example, take a look at the Bagle Botnet. Among the most popular words: here!, rxmedications, fast, reliable. Translation – a subject line that reads: “All your favorite RxMedications are here! With Fast Reliable Shipping!”
The Cutwail botnet, however, takes a more complex approach, as its goal is to get the user to download malware, not just visit a Website. Among the popular words for that botnet – Windows, account, infection and software.
“Rather than being limited to a small number of topics, which makes certain words stand out clearly from all others, it instead has lots of different topics all used in similar volumes…with the objective being to deliver malware, it makes sense for the topic to be changed frequently, as the topic is just a means to get a users’ attention, and having lots of topics therefore increases the chances of the mail (and its attachment) being opened,” Nisbet wrote.