eSoft’s Threat Prevention Team has noticed that the search engine poisoning is now very actively making use of Microsoft’s Windows Live Spaces – a free blog hosting environment. By registering accounts and using those accounts solely to link to the pharma-fraud sites, the search engine ranking of the target sites goes up. Additionally, the spam emails now link to these fake blogs rather than directly to the pharma-fraud site in an effort to better evade spam filters that might otherwise detect the link to the fraudulent website.
The blog page shown here is typical of those seen by the Threat Prevention Team: it consists of a single blog entry with a single image that is linked to a classic “Canadian Pharmacy” website using a template that eSoft has seen used on thousands of websites. eSoft worked with the ThreatChaos blog to shine the light and provide full details on these sites during a major outbreak in May. More details about this threat may be found in that posting.
Whatever the distribution method, its clear these cybercriminals will stop at nothing and continue to evolve new ways of advertising their bogus sites. eSoft has excellent detection for pharma-fraud sites and detects thousands of these URLs month after month. Exploited blogs on spaces.live.com are being flagged as ‘Phishing & Fraud’.