The junk mail touts Windows Vista Ultimate for sale at a $319 discount, said Sophos, which also noted that the campaign relies on several current spammer techniques to trick defenses, including random background pixilation, hiding the bulk of the message in an image, and requiring the user to manually type in the URL rather than embed an easily-found link.
"This carries all the hallmarks of a typical image spam," said Graham Cluley, a Sophos senior technology consultant, in a statement. "Approximately 30% of all spam is now using images to try and sneak past anti-spam filters. Computer users need to ensure that they have strong defenses in place or they will continue to be bombarded by nuisances like this."
Sophos wasn't sure whether the deal was semi-legitimate—that a copy of Windows would actually be shipped to the user—or if the spammer was actually a phisher harvesting credit-card numbers. If the former, the copy would almost certainly be counterfeit, since Microsoft has yet to release Vista to anyone but volume license customers.
In fact, Microsoft last week warned users of that very thing as it updated Vista to block pirates who had cobbled together a bogus operating system from Vista previews and the final code. "Users can be confident that 100% of the copies of Windows Vista advertised for purchase or download prior to the Jan. 30, 2007 consumer general availability date are counterfeit," Microsoft said in a statement on Dec. 14.