For the past few weeks, the traps at SophosLabs have seen a resurgence of the so-called "Russian Dating" spam. While these campaigns are not new, we are seeing them use new tactics. Here is a sample of four different styles of campaign that we have seen in the past week.
The first style of campaign has used the old-fashioned ASCII art messages:
These messages typically advertise a dating website, which is often also spelled out in ASCII art, to make parsing out the domain impossible.
The second style of campaign has spammed out messages linking to dating posts made on legitimate (non-dating) forums. Here is a sample message:
Since January 27, we have seen over 125,000 of these messages on our traps, with the links pointing at posts made on hundreds of forums.
The third style reverts back to a simpler time, being just a "heart-felt" message from a lonely lady, asking you to reply to her webmail address should you be interested in a serious relationship:
The text of these messages changes very frequently, as do the email addresses, which are usually Yahoo-based.
The last style of campaign also advertises dating websites, but uses the lure of messages already waiting for you to lure in traffic:
It also turns out that the ladies are also not restricting themselves to English speaking bachelors, either:
All of these campaigns are being sent through networks of infected hosts around the world. This campaign aims to target single men who may be persuaded into parting with some of their money for the chance at a relationship with an exotic stranger. However, they are all scams, and Sophos blocks all of the above campaigns.