14 DAY TRIAL // Security researchers from German antivirus vendor Avira warn of new pharma spam campaign, which produces emails displaying characteristics normally associated with phishing attacks.
"In the recent past we saw emails looking like phishing mails, which were spam though actually. The spammers tried to make them look as much as possible as official mails from the entity they were faking: Amazon, Twitter, Facebook, and so on," Sorin Mustaca, manager of international software development at Avira, warns.
All of the emails direct users to a Canadian Pharmacy website and according to the security expert the fact that spammers are resorting to this technique suggests that such spam is no longer bringing in as much revenue as it used to.
A series of these emails are misuing the Facebook message received notification template, a technique we've seen adopted by a lot of spammers and malware distributors recently.
"[Full name] has sent you a message" the rogue communication, which appears to originate from Facebook, reads. However, instead of the actual message, the recipient is presented with an image promoting various male enhancement pills.
All links inside the email, including the one allegedly used for replying to the Facebook message, point to the same Canadian Pharmacy website.
In fact, the spam image itself is loaded from the same server where the site is hosted, suggesting that the spammers are pretty confident that it won't be easily taken down by researchers.
"We checked about 100 different emails in this category and all of them use the same domain. We were curious and investigated who owns the domain – the domain is registered in China by a single registrar who owns 14 thousands other domains," Mr. Mustaca notes.
We recently reported about similar email template abuse used to mimic official communications from LinkedIn, YouSendIt, Gmail, ImageShack, My Opera, ShopNBC or Twitter.