Please support our Web Development advertiser:
Featured Entry 
Mar 30th, 2007, 6:33 am
IT security specialist Sophos is warning anyone with a website about recently uncovered evidence that spammers are hacking into legitimate sites in order to sell drugs.
Online pharmacy spam, be it under the Viagra or just general prescription drug banner, has become one of the most annoying and persistent forms of the junk mail genre. Rather than advertise the actual URL of the pharmacy site within the messages, however, the drug-peddling pharmacy spammers are instead directing users to the websites of innocent users unaware that they have been hacked. All the sites uncovered by Sophos are using PHP, most likely because there are so many operating in an unpatched form and so still open to any number of well publicized security vulnerabilities. Once a punter, victim or idiot as I prefer to call them, arrives at the innocent host site they are automatically redirected to the pharmacy itself.
Unfortunately, it is the innocent website owner that runs the risk of brand damage and reputation loss, because it is their address that appears in the spam. They also run the risk of larger hosting bills if a spam campaign dramatically increases the bandwidth consumed by increased traffic, all of it just hopping aboard for a quick ride with a drug scamming spammer.
Even more unfortunately, because of the way that many anti-spam and anti-phishing filters work it is quite possible that these messages would avoid filtration in the first place. The destination URL, after all, is a personal homepage or a site devoted to pictures of cats hosted in the US or Western Europe, and not a drug-laden dodgy pharmacy in Eastern Europe or Asia.
It is certainly a new twist on traditional joe jobbing where innocent email addresses are used to send out spam in an effort to besmirch a reputation or somehow incriminating that person.
"To the naked eye it looks like a bog standard spam message advertising medications," said Graham Cluley, senior technology consultant for Sophos. "But it is actually pointing to a website that is owned by someone who is probably completely unaware that spammers have hacked into their site, and are using it to redirect visitors to an online pharmacy. Website owners have a duty to properly patch their sites against the latest vulnerabilities, or face being exploited by spammers. What's more, since the web address is genuine, it's possible more people will be tricked into clicking on the link, giving the spammers more incentive to keep plugging their pills."
And why not buy your pills on the Internet? After all, you have had them before, you might even have a prescription from your doctor. Sophos has a good reason, with 60 percent of all spam being related to drugs and medication, following the death of a 57 year old Canadian woman who bought ‘anti-anxiety’ pills this way. After her death, tests showed the pills contained dangerous traces of uranium, strontium, selenium, aluminum, barium and boron.
What I don’t understand is why anyone would buy medication from a spam lead? Would you buy your pills from a man knocking on your front door and asking if you needed some Viagra or anti-depressants, just on the off chance? Of course not, but the Internet somehow provides a measure of legitimacy to otherwise patently obvious dodgy practice.
Online pharmacy spam, be it under the Viagra or just general prescription drug banner, has become one of the most annoying and persistent forms of the junk mail genre. Rather than advertise the actual URL of the pharmacy site within the messages, however, the drug-peddling pharmacy spammers are instead directing users to the websites of innocent users unaware that they have been hacked. All the sites uncovered by Sophos are using PHP, most likely because there are so many operating in an unpatched form and so still open to any number of well publicized security vulnerabilities. Once a punter, victim or idiot as I prefer to call them, arrives at the innocent host site they are automatically redirected to the pharmacy itself.
Unfortunately, it is the innocent website owner that runs the risk of brand damage and reputation loss, because it is their address that appears in the spam. They also run the risk of larger hosting bills if a spam campaign dramatically increases the bandwidth consumed by increased traffic, all of it just hopping aboard for a quick ride with a drug scamming spammer.
Even more unfortunately, because of the way that many anti-spam and anti-phishing filters work it is quite possible that these messages would avoid filtration in the first place. The destination URL, after all, is a personal homepage or a site devoted to pictures of cats hosted in the US or Western Europe, and not a drug-laden dodgy pharmacy in Eastern Europe or Asia.
It is certainly a new twist on traditional joe jobbing where innocent email addresses are used to send out spam in an effort to besmirch a reputation or somehow incriminating that person.
"To the naked eye it looks like a bog standard spam message advertising medications," said Graham Cluley, senior technology consultant for Sophos. "But it is actually pointing to a website that is owned by someone who is probably completely unaware that spammers have hacked into their site, and are using it to redirect visitors to an online pharmacy. Website owners have a duty to properly patch their sites against the latest vulnerabilities, or face being exploited by spammers. What's more, since the web address is genuine, it's possible more people will be tricked into clicking on the link, giving the spammers more incentive to keep plugging their pills."
And why not buy your pills on the Internet? After all, you have had them before, you might even have a prescription from your doctor. Sophos has a good reason, with 60 percent of all spam being related to drugs and medication, following the death of a 57 year old Canadian woman who bought ‘anti-anxiety’ pills this way. After her death, tests showed the pills contained dangerous traces of uranium, strontium, selenium, aluminum, barium and boron.
What I don’t understand is why anyone would buy medication from a spam lead? Would you buy your pills from a man knocking on your front door and asking if you needed some Viagra or anti-depressants, just on the off chance? Of course not, but the Internet somehow provides a measure of legitimacy to otherwise patently obvious dodgy practice.
This blog entry was written by Davey Winder, staff writer aka happygeek. It has received 3,815 views, 5 comments, and 31 linkbacks. 1 voter has rated this entry 5 out of 5 stars. It was promoted to featured status Mar 30th, 2007.
•
•
•
•
advertising apple botnet browser business crime daniweb data development email europe facebook firefox forensic gaming google hacking hardware help ibm internet iphone ipod law legal linux malware marketing microsoft mobile mozilla news phishing privacy research search security software spam survey technology trojan uk video virus vista web windows yahoo youtube
All Recent Tags Comments (Newest First)
vlas1811 | Newbie Poster | Jul 24th, 2007
•
•
•
•
good site <a href="http://xvnp.com">Viagra Drugs information site</a> Viagra
XXPepper | Newbie Poster | Apr 4th, 2007
•
•
•
•
So what is the solution? It's nice to bring up the problem that you describe, but to do so without a solution is, well, a disservice to the folks who are going to find this article in their Google searches.
How does a site owner protect themselves from these PHP hackers?
How does a site owner protect themselves from these PHP hackers?
>shadow< | Posting Pro | Apr 3rd, 2007
•
•
•
•
yeah i always get emails on my gmail acoount asking me if i want to purchase viagra. I also get frequent spam attacks at my forum :cry:
happygeek | He's The Daddy | Apr 1st, 2007
blud | Linux Reject | Mar 31st, 2007
•
•
•
•
Working in the hosting industry, I hate to say, this isn't very unusual, and it's been happening for a long time. 
Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Web Development Marketplace
Related Blog Entries
- UK ISPs agree to throttle illegal music file-sharers (3 Hours Ago)
- Open Web Foundation to Help Shepard Standards (7 Hours Ago)
- WikiGoogle or GooglePedia? Nope, it is Knol actually. (16 Hours Ago)
- Botnets boost click-fraud rate (1 Day Ago)
- DNS Security Flaw In the Wrong Hands? (2 Days Ago)
- Apple ships 2.5 million Macs, sells 11 million iPods and 717,000 iPhones in just 3 months (2 Days Ago)
- Limbo 2 Trojan comes complete with guarantee of invisibility (3 Days Ago)
- Fake UPS invoices deliver Pushdo botnet package (4 Days Ago)
- Consumer electronics revenue to hit $700 billion by 2009 (13 Days Ago)
- The ultimate in-car tech KITT, a Knight Rider satnav (15 Days Ago)
Related Forum Threads
