Symantec researchers have come across an interesting spam campaign that’s designed to lure users to rogue pharmacy websites.
It all starts with emails that bear subjects like these:
- Here Comes the Sun 1969 - Soldier of Love (Lay Down Your Arms) 1963 - For No One 1966 - Misery 1963 - Lucy in the Sky with Diamonds 1967 - From Me to You 1963 - Look! I found this!
In many cases, the body of the email contains just a link that appears to point to YouTube. If users hover with the mouse over the YouTube URL, they’ll see that it points to something like domainname.fr/32131.mp3 or domainname.com/fox.avi.
Here are some other URLs identified by Symantec:
http://www.[DOMAIN].com/Fox.avi http://www.[DOMAIN].com/Yamamoto.avi http://www.[DOMAIN].vn/Larue.avi http://www.[DOMAIN].com/McAlear.avi http://www.[DOMAIN].ru/87342.mp3 http://www.[DOMAIN].ru/327182.mp3 http://www.[DOMAIN].fr/472738.mp3 http://www.[DOMAIN].com/165137.mp3
Most of the domains were registered in Europe, the websites being hosted on servers located in Ukraine. According to experts, this technique is used for two main reasons: to bypass spam filters and to trick users into thinking that they’re about to access a media file.
Check out the gallery to see some examples.