Canada Day marked with fresh detections of 'Canadian pharmacy'-related spam

News by Dan Raywood

A fresh run of spam messages relating to the notorious 'Canadian pharmacy' has been detected.

A fresh run of spam messages relating to the notorious ‘Canadian pharmacy' has been detected.

McAfee Avert Labs' Meirgen Krehs claimed that it has been some time since anything was detected with the Canadian pharmacy reference, but ‘an enormous number of spam URLs' had been found and they are all related to some well-known malicious IPs ranges.

Krehs said: “The first IP range alone could give us a repertoire of almost 200 alike-sounding URLs with words such as erect, drugs, med, pharm or pill. Although these IPs contain the ‘Canadian pharmacy' spam terminology, their top level domains are mostly from Russia and Ukraine.”

The emails detected also show a refreshed design with new people pictured smiling, but Krehs warned that despite this, they are made with the same fraud patterns and goals of all pharmacy spam.

“Keep in mind that there are hundreds (or more) of new URLs on a daily basis. So if you get to one of these sites, you should handle it with great caution. Look out for any evidence of Canadian pharmacy association in combination with a foreign country TLD on these pages,” said Krehs.

“If you find some, get away from them as fast as possible! Don't get trapped or lured into one of their offers or you may need more than pills for your headache, data theft, or potential identity theft soon enough.”

Symantec's June 2010 MessageLabs Intelligence Report revealed that pharmaceutical spam using obfuscated JavaScript in the attachment had been detected. It said that the messages often feature a World Cup-related subject that is designed to pique the recipient's curiosity driving them to open the html attachment. The obfuscated JavaScript within the attachment contains code to redirect the recipient's browser to a different and disguised location.

MessageLabs intelligence senior analyst, Paul Wood, said: “Skilled and calculating spammers have gone to great lengths to disguise what the JavaScript actually does. Deceiving recipients into opening a message that contains unrelated content is an approach commonly used with malware. We expect to see more of these attacks as the football tournament continues.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews