Whether it be email, social media, or SMS, when spam is the topic of discussion, it’s practically impossible to talk about the slimy, slippery stuff without drugs becoming part of the discussion. The ironic approach to that statement would be to make some sort of reference to how much the frustrating blight known as spam makes us want to lose ourselves in altered states of consciousness, but the truth of the matter is that drugs and pharma scams constitute a large chunk of the crap that pollutes our inboxes. In a way, it makes perfect sense: with the litany of porn on one side of the spam food chain zenith, and banking scams on the other, why not cough up some of those hard-earned Benjamins for a six pack of Viagra while you’re cozying up to the latest Internet smut?
Tongue removed from cheek now, according to new research, the very real problem with pharmaceutical-based spam scams has become a little more difficult to wrangle, as reported by spamfighter.com last week. A “fascinating technique to avoid detection,” pharma scammers are “employing subject lines with randomized non-English words or characters in the beginning or end.” The messages, according to the research, includes a ‘Google Translate’ link along with some promotional text explaining the benefits of being able to purchase drugs online, presumably in English.
The spammers have given the user just enough rope to hang himself by piquing his interest in what those foreign words are really saying (I like to think that the words actually say “come on! CLICK ME, you ignorant schmuck, so I can get on with cleaning out your bank account so I can afford to have my Olympic sized pool cleaned out!”). Clicking the link, of course, takes the poor unsuspecting user to a compromised website where he can get jiggy with whatever black hat technology lies lurking in wait.
As it turns out, the redirection link is quite sophisticated, in that it utilizes a second URL or IP address that redirects to the rogue site. According to spamfighter, “use of ‘Google Translate’ in this fashion is nothing new. Unlike campaigns prior to this one, that exploit URL shortening services in the second part of the link, the spammers in this case take benefit of country IDN (internationalized domain name) top-level domains (TLDs) particularly Cyrillic.po.ones.”
This, of course, confirms what we already knew: that while spam levels in general are falling, the level of sophistication used by spammers has increased dramatically. With exploit kits like Blackhole in full play, phishing schemes taking on a mob-like caste, web hosts being used for spam attacks, and targeted attacks like spam blizzards, spammers and other criminals have basically drawn the lines in the sand, and the lines spell a resounding “we’re not going anywhere.”
Heck, we’re even seeing old tried-and-true techniques resurfacing, with the Canadian Pharmacy scam campaign resurfacing earlier this year. According to Cisco, the scam utilized an ‘old school’ technique of the shotgun blast spam to bombard mail servers with so many messages that even if the majority of messages are blocked, some still get through. “The idea here is not necessarily to evade the spam filters but rather to maximize the mail that does make it past the filters. If we suppose an anti-spam vendor catches this attack and blocks 99.99% of it, the remaining 0.01% that made it through, given the amount of volume that was sent in such a short time, still adds up to significant revenue for the spammer.”
Spammers are nothing is not resilient. They seem to spend enormous amounts of time trying to figure out how they can screw us. These pharmacy campaigns seem to be a boomerang that just keeps coming back, and it baffles me how they can even make money at it, after all this time. Through experience and education, and a little bit of hard-earned common sense, you have to wonder who could be dumb enough to click one of those links, but if the research is any indication, then these scam artists are indeed finding it easy to fund their pool cleanings. If spam is a disease – one can certainly make a case for it being a socially transmitted disease – the virus (the spam technique) may have mutated, but the end result is still the same. So with summer almost done and distractions of a new school year around the corner, perhaps it’s time to dust off those training manuals and spend some quality time with your employees. Just sayin.’