Malicious Links Spammed from Fake Amazon Profiles

Security researchers from cloud security provider Zscaler have identified many fake Amazon profiles which are being used to spam links to rogue online pharmacies and malware distribution sites.

Fake profiles have long been used for spam on all websites that allow inter-user communication, starting years ago with forums and continuing today with social networks.

“For the most part, anytime a site allows user-driven content to be published on the web we have seen some kind of abuse (for example, LastFM, Google Code, Adobe Groups),” explains Mike Geide, a senior security researcher at Zscaler.

Amazon is no different, as it allows registered users to not only buy or sell items, but also post reviews, lists, guides, recommendations and so on.

The latest spam campaigns observed on the website are using fake profiles to abuse these community features in order to advertise malicious links.

One attack promotes adult content of an illegal nature and it directs users to two websites hosted on a server previously involved in trojan and scareware distribution.

The same domains are also advertised on Google Groups using the same fake profile-based spamming method.

In another scheme, thousands of fake Amazon accounts are used to promote counterfeit prescription drugs which link back to rogue online pharmacies.

The pharma spammers are currently trying to regroup and extend their activities in order too keep the income flowing after the world’s largest rogue pharmacy spam affiliate program shut down at the beginning of October.

Known as Spamit or GlavMed, the program was responsible for the “Canadian Pharmacy” line of online illegal pharmacies, which was one of the most spammed brands of the last years.

Even if the temptations are high (low prices and lack of prescription requirement), users are strongly advised against buying from such websites, because the drugs are generally counterfeit and carry serious health risks.