Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Phishy Spam - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Phishy Spam

Lately there has been an increased surge in spam.  This past week I've received four messages that impersonate a message from Facebook.   The messages are actually a Phishing attempt to sell you some drugs.  They are very "facebook" like and to an unsuspecting email recipient they would likely capture a click thru.  I followed through the links to find  dead pharmacy links.  It appears there is spam campaign to sell med's through phishing emails.

A snapshot of one of the emails is below and all of the emails had a consistent link inside the email.  The links were as follows.  The ultimate destinations never loaded and appear to be removed as of this writing. The pharm url's were all on the same IP block.  So someone has caught up to this batch.  Be vigilant and on the look out for more.

hxxp://hajayanee.com/directories.html                      -> hxxp://controlpills.net
hxxp://carrosserieaerni.ch/ascension.html               -> hxxp://medicarerxdrugstore.com
hxxp://mallorcaso.com/postprocessor.html              -> hxxp://pillpillspharmacy.net
hxxp://firstclassmotorsports.com/screeching.html   -> <no response received>

Phishy Spam

Feel free to tell us about any of your phishing spam email.

--
Kevin Shortt
ISC Handler on Duty

Kevin Shortt

81 Posts
ISC Handler
I've been getting these for a few weeks already.. either a fake wall-post notification or friend request or whatever. Most of the links redirected to Rx sites, but there are also a few oddities among them, like a sportswear retailer and pet food.
Visi

41 Posts
Is there some kind of e-mail sinkhole project out there? I mean, we know much about malware domains, and doing DNS sinkholing, but why not e-mail? Obviously it would be a big task, but I shouldn't think it would be as difficult as keeping tabs on DNS sinkhole domains.

We could add emails as we see them, and use the same principals to block them...

/shrug
Visi
6 Posts
Seen an abrupt upswing on Nigerian scam phishing emails on a throwaway yahoo account that normally saw 1 per month and is now at a dozen a day. Someone must have sold a list....

/lurk
lurk

4 Posts
You can easily forward spam&phish messages to spamcop.net using the Spamsource add-on in Outlook.
Source and target will be added to a blocklist.
Easy and you help others this way.
Anonymous
Spamcop's stats do show a decided upswing in volume since mid-May. The same stats show a significant decrease in the past 12 months, though. My first guess would be that that's related at least in part to the botnets that have taken down in the past year.

http://www.spamcop.net/spamgraph.shtml?spammonth
Hal

50 Posts
Bah! Hate replying to myself. The URL that shows most clearly what I said above is http://www.spamcop.net/spamgraph.shtml?spamyear -- I'm sure you're smart enough to click on that Statistics link and explore. I second Jack's suggestion that those who can use Spamcop's services to report spam.
Hal

50 Posts

Sign Up for Free or Log In to start participating in the conversation!