Most spam has links to Russian fake pharmacies
August 9, 2012
I decided to compile some statistics tonight to see where most spam links are leading at this point in time. It is no surprise that of 126 spam messages deleted over the last 7 days, 89 had links to Russian domains (.RU websites). This equals 70.6% of all spam I received.
So, what is being spamvertised by those 89 spam messages? Fake pharmacies! Every single email spam message in my deleted items (MailWasher Pro Recycle Bin) that contains a link to a Russian domain is promoting counterfeit prescription drugs, sold without a prescription. Some claim to be "From" Canadian Pharmacy. Others claim to be "From" Viagra or Cialis. That's funny; I didn't know that little blue pills could use computers, type and send email messages!
In case anybody reading this isn't already clued in, these pharmacies being spammed are totally bogus. The domains (website names) are all registered in Russian, by Russian citizens, or persons living and doing business in Russia, who can show a valid Russian ID. (That is a legal requirement to obtain a .RU domain name). Russian criminals run affiliate programs for fake pharmacies, that are open to spammers from various countries.
If you receive an email that touts Viagra, Cialis, male enhancement or weight loss drugs, containing a link to a .ru domain, it is a scam. The drugs are counterfeit and made in Asia. The factories producing them are not monitored for quality control and correct dosages. These drugs can harm or kill you, or do nothing at all.
Of the remaining 37 spam emails, 18 had links leading to the BlackHole malware exploit kit. 14 were promoting work at home and money mule scams, 1 was a fake casino and 4 were for fake diplomas. The BlackHole kit exploits vulnerable, unpatched plug-ins for your browser, such as Java, Flash, Adobe Reader and some recently patched Microsoft components. The fake diplomas may not help you get hired, but will certainly get you fired, once it is discovered that you submitted a forged document.
As for the fake casino; a fool and his money soon will part!
Finally, the money mule and work at home scams are as nasty as the BlackHole, in that they steal from you. Work at home scams get you to pay up front for worthless information that brings you nothing but a charge on your credit or debit card. The money Mule scams recruit hapless people into money laundering and stolen goods schemes that can land them in jail.
My statistics were obtained from MailWasher Pro, which is a spam filtering email program that sits between your email servers and your desktop email client (a fancy word for a stand-alone email program). I write custom spam filters that can be imported directly into MailWasher Pro. The combination of my filters and the ones built into the program usually auto-delete 95% of incoming spam, or more. I have to look through the program's Recycle Bin to see what has been deleted and see the links, come-ons and source codes used in the various scams employed by professional and novice spammers.
If you aren't using MailWasher Pro, or some other spam filter, just hover your pointer over links, or look at what they say, before clicking on them. If a link goes to a .RU domain and the Subject, or From, or Body text promotes any kind of drugs, enhancers, or weight loss, the message is junk-mail and should be deleted without further ado. If you hover over a link that claims to go to an invoice or transaction report from some named company, or government agency, hovering over the links should reveal the actual destination in a status bar on the bottom of the browser or email client.
BlackHole exploit links always go to a domain totally unassociated with the one being spoofed in the message body. Some exploit links go to numeric domains, rather than ones having names. No matter which, don't click if the plain text domain link doesn't match the actual destination revealed when you hover! Any brand name can be spoofed by email scammers looking to deploy more spam-bots and banking Trojans.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.