Spammers Associated With Canadian Pharmacy E-Mails Start Fresh Spam Attacks

Researchers at Trend Micro the security company caution that spammers associated with Canadian Pharmacy junk e-mails are back into action as they've started launching more fresh malevolent spam schemes.

State the researchers that they're observing a fresh surge of phony pharmacy related junk messages that don't straight away canvass the bogus pharmacy website's URL inside the spam mail. Rather they canvass the URLs that lead onto HTML web-pages hosted on hijacked sites.

These HTML web-pages can be found at the hijacked sites' root area, whilst the redirectors for HTML help to obfuscate the ultimate web-page to which users are diverted. In the current instance, the ultimate page is the bogus pharmacy website notoriously called 'Pharmacy Express' or 'Canadian Pharmacy.' In reality the HTML pages serve as simple redirectors.

Hitherto, according to the researchers, these HTML redirectors are either META refresh directs alternatively JavaScript redirects.

They further say that the spammers appear to load JPEG images too that canvass different drugs within the hijacked Internet sites' root directory. Besides, the spammers include such images within their spam mails as well.

State the researchers that the latest spam campaign abuses a huge 1,000 fresh hosts, everyday. Nevertheless, as the attacked websites do not seem to be utilizing an identical kind of application, it's likely that no common security flaw exists that's getting exploited.

Meanwhile, an explanation considered most probable as to why the hijackings occur is the criminals' greed for FTP credentials that are plentifully available for black. Various PC trojans are prevalent that steal sensitive information. In particular they attack FTP accounts. Trend Micro states that after such sensitive information are stolen, they're traded in mass for very low prices on illegal websites like with only $250 a bunch of 300,000 FTP logins that have been acquired via theft can be bought.

Moreover, the researchers, by studying a specimen spam mail from the current campaign substantiate that it has been sent from the well-known Rustock botnet. They therefore conclude that those responsible for this bulk website hack as also those operating the Rustock bot for spam are pretty closely associated, if not the same.

Related article: Spammers Continue their Campaigns Successfully

» SPAMfighter News - 8/7/2010