Phishy Spam

Published: 2011-06-27. Last Updated: 2011-06-27 04:19:02 UTC
by Kevin Shortt (Version: 1)
6 comment(s)

Lately there has been an increased surge in spam.  This past week I've received four messages that impersonate a message from Facebook.   The messages are actually a Phishing attempt to sell you some drugs.  They are very "facebook" like and to an unsuspecting email recipient they would likely capture a click thru.  I followed through the links to find  dead pharmacy links.  It appears there is spam campaign to sell med's through phishing emails.

A snapshot of one of the emails is below and all of the emails had a consistent link inside the email.  The links were as follows.  The ultimate destinations never loaded and appear to be removed as of this writing. The pharm url's were all on the same IP block.  So someone has caught up to this batch.  Be vigilant and on the look out for more.

hxxp://hajayanee.com/directories.html                      -> hxxp://controlpills.net
hxxp://carrosserieaerni.ch/ascension.html               -> hxxp://medicarerxdrugstore.com
hxxp://mallorcaso.com/postprocessor.html              -> hxxp://pillpillspharmacy.net
hxxp://firstclassmotorsports.com/screeching.html   -> <no response received>

Phishy Spam

Feel free to tell us about any of your phishing spam email.

--
Kevin Shortt
ISC Handler on Duty

Keywords: facebook phish Spam
6 comment(s)

Comments

I've been getting these for a few weeks already.. either a fake wall-post notification or friend request or whatever. Most of the links redirected to Rx sites, but there are also a few oddities among them, like a sportswear retailer and pet food.

Visi

Jun 27th 2011
1 decade ago

Is there some kind of e-mail sinkhole project out there? I mean, we know much about malware domains, and doing DNS sinkholing, but why not e-mail? Obviously it would be a big task, but I shouldn't think it would be as difficult as keeping tabs on DNS sinkhole domains.

We could add emails as we see them, and use the same principals to block them...

/shrug

Jeff H.

Jun 27th 2011
1 decade ago

Seen an abrupt upswing on Nigerian scam phishing emails on a throwaway yahoo account that normally saw 1 per month and is now at a dozen a day. Someone must have sold a list....

/lurk

lurk

Jun 27th 2011
1 decade ago

You can easily forward spam&phish messages to spamcop.net using the Spamsource add-on in Outlook.
Source and target will be added to a blocklist.
Easy and you help others this way.

Jack

Jun 27th 2011
1 decade ago

Spamcop's stats do show a decided upswing in volume since mid-May. The same stats show a significant decrease in the past 12 months, though. My first guess would be that that's related at least in part to the botnets that have taken down in the past year.

http://www.spamcop.net/spamgraph.shtml?spammonth

Ken

Jun 27th 2011
1 decade ago

Bah! Hate replying to myself. The URL that shows most clearly what I said above is http://www.spamcop.net/spamgraph.shtml?spamyear -- I'm sure you're smart enough to click on that Statistics link and explore. I second Jack's suggestion that those who can use Spamcop's services to report spam.

Ken

Jun 27th 2011
1 decade ago

Login here to join the discussion.


Top of page
Diary Archives