Drive-by Download Assault Masked With Canadian Pharmacy Site

Security firm Red Condor cautions that a newly emerging malware via sophisticated means is spreading through e-mail. This e-mail, while spoofing YouTube, reportedly diverts users onto a Canadian Pharmacy online site under cyber-criminals' control to disseminate harmful PDFs using drive-by download.

In truth, the PDF is malicious software that since June 9, 2010 has been eluding detection by anti-virus engines. The security company has seized ten variants of the PDF that possibly exploit security flaws in Adobe Acrobat.

Remarking about the threat, CEO Dr. Thomas Steding of Red Condor stated that the total volume of effort used to execute e-mail scams of the said type didn't match with the characteristic spam schemes involving Canadian Pharmacy of the past. MarketWire published this on June 9, 2010.

The CEO added that owing to the nature of the current attack, his company began suspecting from long, the presence of an ulterior intention in such scams rather than them merely being any routine Canadian Pharmacy spam.

Importantly, the scam apparently is a component of an overall high-scale assault that has lately spoofed Twitter and Facebook, among other well-known websites.

And while unwitting Web-surfers look forward to finding what they think will turn out to be a Twitter friend request or YouTube, a sign-in page of Facebook, or an e-greeting card, their Web-browsers pull down and install the malware after which the Canadian Pharmacy web-page opens up.

Recently, Red Condor stopped a number of spam attacks which purported to be a service e-mail from Twitter, along with another e-mail which hit the subscribers of Gold Box Deal of Amazon.com. In the Twitter incident, the spam mail notifies recipients that they've one e-mail from Twitter that's unread. It then directs the user towards following a given web-link that's supposed to lead onto that message on Twitter site.

But, the web-link actually leads onto a hijacked Web-server that subsequently brings up the website displaying the spam mailer's malicious pharmacy web-page.

Security researchers, while remarking about the problem, stated that interestingly, the malware campaign had its distribution points such that they actively made the exploits' research difficult.

Related article: Drive Lock Sales Surge to Block USB Forts From Spreading Malware

» SPAMfighter News - 6/21/2010