The Latest in IT Security

Spam Called “Google Pharmacy” is In the Wild

06
Mar
2012

When Aaron Brown (Senior Product Manager) and Bill Weihl (Green Energy Czar) announced that Google will be retiring its “personal health record service” Google Health, who would have thought that the company will find itself “involved” once again with rogue pharmaceutical companies after unknowingly profiting from their ads?

click to enlarge

Of course, this time around, online criminals only used Google’s name in an attempt to pique users’ interest and have them start clicking away. Here are the spam details:

From: webmaster@irs.com
Subject: At Rx-shop CAILIS is more available
Message body:
[Google Pharmacy Logo]

We have launched a pharmaceutical interface for Google, as well as several new features that will improve the Google experience for

the people buying pills and using pharmaceutical interfaces.

We are really pleased to have worked on a launch that will help people use pharmacy and surgery.

We are currently working to make it available to even more users with more language interfaces.

Visit Google’s Accredited Pharmacy

http://iledrugs(dot)com

The supposed sender is obviously fake, seeing that it used an @irs.com domain. What’s more, this particular email address has been involved in numerous email scams before.

The link cannot be clicked since the entire message body is an image. Spammers designed this spam to bypass normal filters that normally just track texts/URLs within email messages. Such a spam is called image spam.

Recipients of this spam will have to type the URL into a browser’s address bar in order to visit the domain. Once done, they are then led to a page that is not Google Pharmacy (as expected) but to one that looks more familiar to us:

click to enlarge

This site is called Pharmacy Express, which should not be mistaken with the legitimate one that is based in New Zealand (1)(2). Spamtrackers.eu gives us its detailed history that dated back from 2007. The screenshot of the webpage above is the latest “page template” of this particular Canadian fake pharma. The URL, iledrugs(dot)com, resolves to the IP address, 60(dot)190(dot)223(dot)190, which is hosted in China.

Stay safe!

Jovi Umawing (Thanks to Jesmond)

Related posts:
  1. Google opens a pharmacy? It’s spam of the day
  2. Online pharmacy spam disguised as AOL.com phishing
  3. Use of Legit Online Translation Services in Pharmacy Spam
  4. Use of .avi & .mp3 Extension Leads to Pharmacy Spam
  5. Bogus Windows License Spam is in the Wild

Tags:  
Written by GFI Labs blog
0 Comments

Leave a reply


Categories

SUNDAY, FEBRUARY 23, 2025
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments