We've observed some adult spam in disguise. The usual adult spam that we see is simple text with links and adult phrases that make it quite obvious what it is. The mutation that we've recently observed includes an email that has two parts -- HTML and plain text -- where the plain text portion looks completely legitimate and in fact is a portion of a legitimate newsletter of some kind. However, the headers make it apparent that it is not from the legitimate company.

Headers:

From: Sexy Girls Waiting Live Now

Subject: Tired Of The Overpriced Cam Sites

Text body:

(click for larger image)

What makes it even more obvious that this is spam is the HTML portion of the body, which when rendered shows graphic adult content. As a lot of people have their email sent to them in HTML they will only see the adult portion of this spam attack. They won't even know that the legitimate content is there. So why is it there?

HTML portion:

(click for larger image)

We believe the spammers are inserting legitimate emails into their spam to avoid spam filters. It's the oldest game in the spammers' book: "How to avoid being caught." In this particular example above, the spammer is hoping that the inclusion of legitimate company names in the mail will help the message get through antispam filters. It is always interesting to see what the spammers will try next in this game of filter evasion; however, we don't think this technique will be very fruitful.