Tuesday, December 22, 2009

Live.com Exploited as Pharma-Fraud Cover

The FDA crackdown on online pharmacy sites has driven a lot of attention to illegal and fraudulent online pharmacies and in particular to their methods for tricking people to visit their sites. These practices include prolific spam and search engine poisoning.

eSoft’s Threat Prevention Team has noticed that the search engine poisoning is now very actively making use of Microsoft’s Windows Live Spaces – a free blog hosting environment. By registering accounts and using those accounts solely to link to the pharma-fraud sites, the search engine ranking of the target sites goes up. Additionally, the spam emails now link to these fake blogs rather than directly to the pharma-fraud site in an effort to better evade spam filters that might otherwise detect the link to the fraudulent website.

The blog page shown here is typical of those seen by the Threat Prevention Team: it consists of a single blog entry with a single image that is linked to a classic “Canadian Pharmacy” website using a template that eSoft has seen used on thousands of websites.  eSoft worked with the ThreatChaos blog to shine the light and provide full details on these sites during a major outbreak in May.  More details about this threat may be found in that posting.

Similar attacks have been reported recently using Yahoo and Blogger to draw users to fraudulent pharmacy sites. Google Job Spam has also reportedly infiltrated spaces.live.com.

Whatever the distribution method, its clear these cybercriminals will stop at nothing and continue to evolve new ways of advertising their bogus sites. eSoft has excellent detection for pharma-fraud sites and detects thousands of these URLs month after month.  Exploited blogs on spaces.live.com are being flagged as ‘Phishing & Fraud’.

No comments: