Posts Tagged: Canadian Pharmacy


Malicious PHP Scripts on the Rise

by

Last week, I gave a talk at the RSA Security Conference about malicious PHP scripts. For those who can’t attend the conference, I wanted to give you a glimpse into this world to which, until last year, I hadn’t paid much attention. My normal week begins with a quick scan of malware lists — URLs that point to new samples — that come from a variety of public sources. I started noticing an increasing number of non-executable PHP and Perl scripts appearing on those lists and decided to dig a little deeper. In a lot of ways, PHP is an […]

Continue Reading »

Subscription Renewal Spam Points to Drive-by

by

Dear Customers: Please be aware that a crew of Russian malware distributors are circulating a spam message which looks like a subscription renewal confirmation from Best Buy, allegedly for one of our products. The linked text in the message, however, leads to a Web site which performs a drive-by download. Please don’t click the links in the message; If you have any questions about your subscription, please contact support. The spammers appear to have done some homework. Some, but not enough. Best Buy currently sells our products through their online software subscription service. Note to spammers: If you’re going to […]

Continue Reading »

Facebook Spam Leads to Viagra Vendor, Drive-by Download

by

Annoying as they are, the spam emails circulating that supposedly come from Facebook don’t merely lead the recipient to one of those so-called Canadian Pharmacy pill-vendor websites. They now come with a bonus: An infection, courtesy of a malicious iframe which attempts a series of exploits against the browser, Adobe Reader, and Adobe Flash in an attempt to push a drive-by download down to the victim’s PC. The messages, which say they come from a service called Facebook Notify (or, sometimes, just Facebook Service) inform the recipient that they’ve received a message. In order to read the message, the recipient […]

Continue Reading »

Massive Spam Campaign Impersonates Social Networks

by

Spammers are the source of a flood of messages that appear to originate from various social networks, including Facebook and Myspace, as well as popular sites like iTunes. The spam messages usually just contain a link, and possibly a few words. Their subject matter falls into three general categories common to most contemporary spam: Pill vendors, Russian bride “vendors,” and drive-by download sites hosting Zbot password-stealer installers. It’s not unusual for spammers to forge the return addresses, but the sheer volume of spam that has been forged so it appears to originate from MySpace, Facebook, or iTunes is notable.

Continue Reading »