05.20.13

Russian Girls Spam

Recently a new kind of spam emails appeared.
The email body is always short and looks like love letter:

The moment you kissed me at my doorstep, I know I am yours forever.
With loads of hugs and kisses, Akilina.

The email body text is highly variable and therefore resistant to spam filters (except of the dating site URL). There are never any attachments, font styles and colors, modified words typical for other spam – just plain text email.

The email sender name is Russian girl first name and family name, sometimes with grammar mistakes (non-existing in Russian language ones).
A domain is non-existent (spoofed) one ,like:

[email protected]

Girl’s first name is sometimes, but not always, used also in email body.

The words “you kissed me” in above example, or similar ones, are link to fake dating site http://dating???.ru , where the 3 last letters of the site name are variable:

http://datingmju.ru, http://datingbjk.ru, etc.

All the URLs are resolved to same IP. The site promises “more than 7000 Russian girls waiting” and contains some profiles, most probably 100% fake ones.
No malware found at the site. The purpose of the site is not clear yet, most probably charging money for registration.