"Canadian" pharmacy spammers moving from China to Russia

Messages offering discounts on "Canadian" pharmaceuticals traverse the internet by the millions, decreasing responsiveness to legitimate traffic at all network levels. People who respond to these messages are signed up to more spam and become subject to identity theft; those who purchase are subject to further identity theft and fake or misrepresented products.


Though this threat originates from Russian "Canadian Pharmacy" companies and their affiliates, it is distributed worldwide, with most campaigns targeting U.S. citizens. "Canadian Pharmacy" spam has been pandemic for a number of years, and has grown to be a significant percentage of all email sent. Recently, the spammers have had to move off of their Chinese domains and have become more creative in the structure and the delivery of their messages.


Due to the volume of messages the spammers send out, they need only a small percentage of responses to be profitable. Offloading the message distribution to botnets decreases cost of distribution and automating message generation means few man-hours are needed to manage the campaign.
Some tricks that the spammers use:

  • Use of botnets to distribute the spam
  • Affiliate sites registered daily on "disposable" domains
  • Hashbuster paragraphs – essentially “white noise” in email text added to make it seem less offensive to anti-spam filters)
  • Use of newsletter-style templates with random words/non-words for the template text
  • Short call-to-action paragraphs with dynamically generated generic text linking to affiliate sites
  • Images advertising the pills linked to call-to-action domains
  • Images rotate between varying styles, and have a hashbusting random noise generated background
  • Images hosted on multiple free image hosting services
  • Images included in message content

Since China's tightened policies around domain registration do make an impact in spam distribution. Specifically, China now requires proof of Chinese citizenship in order to register .cn domains -- non-Chinese individuals and companies can no longer register a .cn domain. If other countries follow suit with their domain policies, this style of spam will become cost-prohibitive and will likely vanish.


Source: Sophos Software

 

  
 
   
Website design by Skylab. © 2006 IT Architechture Ltd. All Rights Reserved.