Pharmacy Spam is delivered at an estimated 70% of global spam volumes, or 140 billion messages per day. These massive volumes are largely fueled by botnets such as Grum and Cutwail, creating all types of problems for business networks large and small.
These botnet operators are continually trying to find ways around Spam filters and web filters to earn money as part of the larger criminal operation behind these sites. The latest attempt to get around these filters uses livejournal.com, a free blogging service, to link back to fraudulent pharmacy sites. eSoft has seen similar attempts using other free blog services, including Windows Live Spaces.
In this example, a number of methods were used to get around Spam filtering technologies including using numbers and underscores (0rder_Now) to prevent the text from being detected as Spam. A user following the link is taken to the Live Journal blog which then links them to the fraudulent online pharmacy.
In our research, the image link provided on each of the blogs linked back to many different “Canadian pharmacy” type pages. eSoft has very good detection of pharma-fraud sites, finding hundreds of new sites per week. Last year eSoft worked with the ThreatChaos blog to report on these sites. The recent government crackdown has decreased the amount of sites coming online as compared to last year’s report, but certainly not stopped the operation or the related Spam.
It can be difficult to ascertain if an online pharmacy is legitimate or not. The National Association of Boards of Pharmacy (NABP) provides some excellent safety information for buying medicine online. Here are a few of the jaw dropping stats from their site.
• 83% do not require a valid prescription
• 42% offer foreign or non-FDA-approved drugs
• 55% do not provide a physical address
• 96% of sites reviewed are NOT recommended
At the time of writing, Live Journal has disabled the fake blogs we found using their service. eSoft categorizes these fake blogs and the pharma-fraud sites they link to as "Pharmaceuticals" paired with “Phishing & Fraud” and “Spam” if the URL was detected in a Spam message.
Note that visiting these sites may result in stolen identity, delivery of fake products, further Spam and more. eSoft strongly recommends sticking to lists of approved pharmacies and always using extreme caution and skepticism before following links in emails.