Threat Research & Response Blog
Periodically I'll glance into my spam folder within Outlook and see if the messages there deserve this somewhat final resting place. I spotted a number of messages that have a very similar pattern in the message body when viewed in plain-text mode - see if you can spot the pattern too... c'mon, it'll be fun:
Ok that was easy, but what I didn't mention until now is that the masked links above are for different Web sites. The subject lines vary as well and usually do not correlate to the message body so it's really a wonder who would visit the link if the message wasn't filtered into the spam folder. Examples of these spam messages when rendered in HTML view:
In Outlook, there are some recurring subject lines but mostly just a seemingly random mix:
A review of the message headers for the various messages yields that they arrive from numerous sources, single end-user IP addresses from around the globe:
The countries represented above include Portugal, Germany, Brazil and France. So what does all of this mean? Someone is going through a lot of trouble in order to drive traffic to one certain product line - online pharmaceuticals. A visit to any of the links provided in the spam messages delivers a Web page that resembles the following:
"Canadian Pharmacy" is known as a major source of spam for pharmaceutical products, some of them may be counterfeit.
Rhetorical question: what kind of a sad state of affairs is it where there are people that want to profit from fake or counterfeit products that could make you sick?