Tag Archives: canadian pharmacy

Canadian pharmacy spam is back again

We logged a new massive spam campaign using Yahoo Groups’s users accounts to display clickable images of pharmaceutical products and to redirect users in the fraudolent website. This kind of technique is most probably used to bypass security filters of anti-spam software.

Few links extracted:

hxxp://groups.yahoo .com/group/alandpenberthygy/message
hxxp://groups.yahoo .com/group/yehoshuacobazw/message
hxxp://groups.yahoo .com/group/mcculloughabeitao/message
hxxp://groups.yahoo .com/group/boddusteptoesm/message
hxxp://groups.yahoo .com/group/seennlovelykn/message
hxxp://groups.yahoo .com/group/zevmacconnelldl/message
hxxp://groups.yahoo .com/group/joulouncapperm/message
hxxp://groups.yahoo .com/group/rajeshrelphb/message
hxxp://groups.yahoo .com/group/ilantrevathanny/message
hxxp://groups.yahoo .com/group/dorrelltrinklea/message
hxxp://groups.yahoo .com/group/tebibmatopebj/message
hxxp://groups.yahoo .com/group/danlanaganu/message
hxxp://groups.yahoo .com/group/xenetotsimpkinsqe/message
hxxp://groups.yahoo .com/group/kerncogero/message
hxxp://groups.yahoo .com/group/exrsrlsr/message

All these links contain the same image:

Image

And the malicious pharmaceutical sites promoted are:

hxxp://medicaltopatom .com:8080/
hxxp://superdrugsudden .com:8080/
hxxp://perfectpillcool .com:8080/

Image

Medicaltopatom.com WHOIS:

Registrar: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
Whois Server: whois.dns.com.cn
Referral URL: http://www.dns.com.cn
Status: clientTransferProhibited

Expiration Date: 2011-07-21
Creation Date: 2010-07-21
Last Update Date: 2010-08-05

Name Servers:
ns1.medicaltopatom.com
ns2.medicaltopatom.com
ns3.medicaltopatom.com
ns4.medicaltopatom.com

Organisation Name…. hong zhongzhen
Organisation Address. shichengdadao29
Organisation Address.
Organisation Address. hangzhou
Organisation Address. 315029
Organisation Address. ZJ
Organisation Address. CN

Admin Name……….. hongzhongzhen
Admin Address…….. shichengdadao29
Admin Address……..
Admin Address…….. hangzhou
Admin Address…….. 315029
Admin Address…….. ZJ
Admin Address…….. CN
Admin Email………. juiajl@yeah.net
Admin Phone………. +86.57158905471
Admin Fax………… +86.57158905471

Superdrugsudden.com WHOIS:

Registrar: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
Whois Server: whois.dns.com.cn
Referral URL: http://www.dns.com.cn
Status: clientTransferProhibited

Expiration Date: 2011-07-21
Creation Date: 2010-07-21
Last Update Date: 2010-08-04

Name Servers:
ns1.superdrugsudden.com
ns2.superdrugsudden.com
ns3.superdrugsudden.com
ns4.superdrugsudden.com

Organisation Name…. lin xinhao
Organisation Address. xuchangshiliuyilu15hao
Organisation Address.
Organisation Address. xuchang
Organisation Address. 461691
Organisation Address. HA
Organisation Address. CN

Admin Name……….. linxinhao
Admin Address…….. xuchangshiliuyilu15hao
Admin Address……..
Admin Address…….. xuchang
Admin Address…….. 461691
Admin Address…….. HA
Admin Address…….. CN
Admin Email………. dvbdsbebvdb@126.com
Admin Phone………. +86.3742661510
Admin Fax………… +86.3742661510

Perfectpillcool.com WHOIS:

Registrar: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
Whois Server: whois.dns.com.cn
Referral URL: http://www.dns.com.cn
Status: clientTransferProhibited

Expiration Date: 2011-07-21
Creation Date: 2010-07-21
Last Update Date: 2010-08-06

Name Servers:
ns1.perfectpillcool.com
ns2.perfectpillcool.com
ns3.perfectpillcool.com
ns4.perfectpillcool.com

Organisation Name…. wang jitai
Organisation Address. jiningshichangqinglu7hao
Organisation Address.
Organisation Address. jining
Organisation Address. 273500
Organisation Address. SD
Organisation Address. CN

Admin Name……….. wangjitai
Admin Address…….. jiningshichangqinglu7hao
Admin Address……..
Admin Address…….. jining
Admin Address…….. 273500
Admin Address…….. SD
Admin Address…….. CN
Admin Email………. betty999_cool@yeah.net
Admin Phone………. +86.5372226919
Admin Fax………… +86.5372226919