Spam and email threat roundup for May 19 - 26, 2013
May 26, 2013
This past week has seen the return of Russian fake pharmacy spam, including the long-dead "Canadian Pharmacy" name. There was a short lull in this type of spam while other categories of junk email were being deployed; mostly pump and dump stock scams.
Russian pharmacy spam (and all other types) is sent from zombie computers that have become infected and involuntarily made part of spam "botnets." The bot-masters who own these botnets rent them out to spammers who are affiliates for various underworld networks that promote all manner of counterfeit goods (watches, handbags, shoes), illicit prescription drugs, Chinese weight-loss herbs, Russian, Ukrainian and Asian "dating" networks, money mule recruitment (e.g. work at home scams), Nigerian 419 scams, pump and dump stock scams, and malware in attachments or in the destination websites of hostile hyperlinks.
The Russian pharmacies are all template websites run by affiliate spammers, hosted on Russian domains, which end in the extension .ru. There are also some Ukrainian hosted fake pharmacies and dating scam websites hosted on domains ending in .com.ua. If you are able to read the actual destination of a link before you click on it, by hovering, or in plain text, if it ends in .ru, it is hosted on a Russian server, or on an account registered to a Russian citizen. I hope that my readers will not want to subsidize Russian cybercriminals who sell counterfeit drugs or other illicit goods on Russian websites.
Also making a comeback this weekend is an emerging (returning, I believe) pump and dump stock scam revolving around a sub-penny stock with the symbol: BYSD. This stock appears to have been pump and dumped at least once before and is being pumped again, today. Beware of spam messages making outrageous claims about the Bayside Corp stock. It is going nowhere anytime soon, and the only news they have released is to announce a new CEO. Some group has bought up a huge block of their junk stock at .006, or so, and is trying to sucker unsavvy investors into buying thousands of shares at a penny, plus, driving up the price, until the scammers dump all their shares and leave the rest of the investors holding an empty bag.
Not to be left out entirely was the malware spam email messages. I intercepted several different varieties of malicious attachment or link scams. These included spoofed DHL, eFax, fake invoices, fake postal notifications and CashPro digital certificates. All of these led to, or contained the Blackhole and other exploit attack kits.
I almost forgot to mention that there have been a bunch of Nigerian 419 scams, but not as many as there used to be.
Last, but not least, I wrote about a Comcast phishing scam that came my way, which I forwarded as source code to Comcast Security Assurance.
All of the scams and spam I write about are detected and deleted by my email screening program, MailWasher Pro. The types of spam are categorized by spam filters that I personally write and publish in formats compatible with both the old and new versions of MailWasher Pro.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.