Symantec experts have analyzed a particularly interesting campaign

Jul 23, 2013 14:28 GMT  ·  By

Symantec researchers have spotted a pharmacy spam campaign that relies on an interesting technique to evade being detected.

First of all, the spammers are using subject lines that contain randomized non-English characters or words at the beginning or the end.

The body of the spam emails contains a Google Translate link that’s designed to redirect victims to a rogue pharmacy website.

“The mechanism of the redirection is quite complex. After clicking the link, Google Translate is meant to get a second address embedded in the link, which then redirects to a pharmacy website,” Symantec experts explained.

The use of Google Translate in this manner is not new. However, unlike previous campaigns, which leveraged URL shortening services in the second part of the link, in this case, the spammers take advantage of country IDN top-level domains, particularly Cyrillic .рф ones.