Phishy Spam

Published: 2011-06-27
Last Updated: 2011-06-27 04:19:02 UTC
by Kevin Shortt (Version: 1)
6 comment(s)

Lately there has been an increased surge in spam.  This past week I've received four messages that impersonate a message from Facebook.   The messages are actually a Phishing attempt to sell you some drugs.  They are very "facebook" like and to an unsuspecting email recipient they would likely capture a click thru.  I followed through the links to find  dead pharmacy links.  It appears there is spam campaign to sell med's through phishing emails.

A snapshot of one of the emails is below and all of the emails had a consistent link inside the email.  The links were as follows.  The ultimate destinations never loaded and appear to be removed as of this writing. The pharm url's were all on the same IP block.  So someone has caught up to this batch.  Be vigilant and on the look out for more.

hxxp://                      -> hxxp://
hxxp://               -> hxxp://
hxxp://              -> hxxp://
hxxp://   -> <no response received>

Phishy Spam

Feel free to tell us about any of your phishing spam email.

Kevin Shortt
ISC Handler on Duty

Keywords: facebook phish Spam
6 comment(s)


I've been getting these for a few weeks already.. either a fake wall-post notification or friend request or whatever. Most of the links redirected to Rx sites, but there are also a few oddities among them, like a sportswear retailer and pet food.
Is there some kind of e-mail sinkhole project out there? I mean, we know much about malware domains, and doing DNS sinkholing, but why not e-mail? Obviously it would be a big task, but I shouldn't think it would be as difficult as keeping tabs on DNS sinkhole domains.

We could add emails as we see them, and use the same principals to block them...

Seen an abrupt upswing on Nigerian scam phishing emails on a throwaway yahoo account that normally saw 1 per month and is now at a dozen a day. Someone must have sold a list....

You can easily forward spam&phish messages to using the Spamsource add-on in Outlook.
Source and target will be added to a blocklist.
Easy and you help others this way.
Spamcop's stats do show a decided upswing in volume since mid-May. The same stats show a significant decrease in the past 12 months, though. My first guess would be that that's related at least in part to the botnets that have taken down in the past year.
Bah! Hate replying to myself. The URL that shows most clearly what I said above is -- I'm sure you're smart enough to click on that Statistics link and explore. I second Jack's suggestion that those who can use Spamcop's services to report spam.

Diary Archives