Joe Jobbing PHP Viagra Spammers

happygeek 0 Tallied Votes 837 Views Share

IT security specialist Sophos is warning anyone with a website about recently uncovered evidence that spammers are hacking into legitimate sites in order to sell drugs.

Online pharmacy spam, be it under the Viagra or just general prescription drug banner, has become one of the most annoying and persistent forms of the junk mail genre. Rather than advertise the actual URL of the pharmacy site within the messages, however, the drug-peddling pharmacy spammers are instead directing users to the websites of innocent users unaware that they have been hacked. All the sites uncovered by Sophos are using PHP, most likely because there are so many operating in an unpatched form and so still open to any number of well publicized security vulnerabilities. Once a punter, victim or idiot as I prefer to call them, arrives at the innocent host site they are automatically redirected to the pharmacy itself.

Unfortunately, it is the innocent website owner that runs the risk of brand damage and reputation loss, because it is their address that appears in the spam. They also run the risk of larger hosting bills if a spam campaign dramatically increases the bandwidth consumed by increased traffic, all of it just hopping aboard for a quick ride with a drug scamming spammer.

Even more unfortunately, because of the way that many anti-spam and anti-phishing filters work it is quite possible that these messages would avoid filtration in the first place. The destination URL, after all, is a personal homepage or a site devoted to pictures of cats hosted in the US or Western Europe, and not a drug-laden dodgy pharmacy in Eastern Europe or Asia.

It is certainly a new twist on traditional joe jobbing where innocent email addresses are used to send out spam in an effort to besmirch a reputation or somehow incriminating that person.

"To the naked eye it looks like a bog standard spam message advertising medications," said Graham Cluley, senior technology consultant for Sophos. "But it is actually pointing to a website that is owned by someone who is probably completely unaware that spammers have hacked into their site, and are using it to redirect visitors to an online pharmacy. Website owners have a duty to properly patch their sites against the latest vulnerabilities, or face being exploited by spammers. What's more, since the web address is genuine, it's possible more people will be tricked into clicking on the link, giving the spammers more incentive to keep plugging their pills."

And why not buy your pills on the Internet? After all, you have had them before, you might even have a prescription from your doctor. Sophos has a good reason, with 60 percent of all spam being related to drugs and medication, following the death of a 57 year old Canadian woman who bought ‘anti-anxiety’ pills this way. After her death, tests showed the pills contained dangerous traces of uranium, strontium, selenium, aluminum, barium and boron.

What I don’t understand is why anyone would buy medication from a spam lead? Would you buy your pills from a man knocking on your front door and asking if you needed some Viagra or anti-depressants, just on the off chance? Of course not, but the Internet somehow provides a measure of legitimacy to otherwise patently obvious dodgy practice.

blud 82 Linux Reject Moderator

Working in the hosting industry, I hate to say, this isn't very unusual, and it's been happening for a long time. :sad:

happygeek 2,411 Most Valuable Poster Team Colleague Featured Poster

Certainly the problem does seem to be getting more commonplace. Although that might just be down to better detection methodology, more security awareness (yeah right) or a maturing userbase when it comes to things IT.

>shadow< 11 Posting Pro

yeah i always get emails on my gmail acoount asking me if i want to purchase viagra. I also get frequent spam attacks at my forum :cry:

XXPepper 0 Newbie Poster

So what is the solution? It's nice to bring up the problem that you describe, but to do so without a solution is, well, a disservice to the folks who are going to find this article in their Google searches.

How does a site owner protect themselves from these PHP hackers?

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.