MX Lab, http://www.mxlab.eu, started to intercept a spam campaign that is abusing iTunes to redirect users to the online site of Pharmacy Express.
The email messages comes from the address iTunes Store <do_not_reply@itunes.com> that is obviously spoofed. Also email headers are being spoofed as well:
Received: from badger1402.apple.com (badger1402.apple.com [17.254.6.185])
by asmail.fitnet.biz with SMTP id 02903735943
for <*****@*****.be>; Fri, 1 Oct 2010 21:10:22 +0200
This what the message looks like. A perfect iTunes branded purchase receipt email except that all URLs lead to the online pharmacy web site.
Domains that are being uses:
hxxp://medicineni.com
http://iwvblrig.info
http://cyvvlrgu.info
http://pxdnafse.info
…….
As we write, new domains are being brought into circulation. All these domains are hosting the online pharmacy web site Pharmacy Express.
View full post on mxlab – all about anti virus and anti spam
Related Posts
- Large spam campaign “Unread messages” from Twitter leads to pharmacy sites
MX Lab, http://www.mxlab.eu, started to intercept a large spam campaign with the subject “Twitter – You have X unread message(s)”, where the X is a number from 1 to 3, that leads to... - New types of online pharmacy spam
Just when I started to think that the new spam mails are getting increasingly fancy, I found out to be wrong: The email below has only one GIF picture attached to it and the website address is written... - Zbot’s eCard and Business Online Banking Account Spam Campaign
Fake Business Online Banking Account Alert!
We received spam emails disguised as a legitimate email about your "Business Online Banking Account". The spam mail informs the recipient in orde... - Cyber Crooks All Set to Crash the British Royal Wedding
As we have seen with many major events in the past, news of the British Royal Wedding is currently being used by cyber criminals to bolster their spam campaigns and push rogue antivirus software throu... - Facebook Users Get Invited to a Spam Event
For sometime now we’ve been reporting threats targeting Facebook users, most of which result in users unknowingly spreading spammy links to their networks. We’ve seen different social engi... - Spam from Canadian pharmacy masked as “Delivery Notification”
MX Lab, http://www.mxlab.eu, started to intercept a new spam campaign by email with the subject ”Delivery Notification”. What appears at first as a simple email notification is in fact a s... - Malicious Spam Campaign Preys on Japanese Disaster
There is a large-scale malicious spam campaign going on currently. The spam comes in a few different types, one of which imitates a Twitter notification. The subjects of the spam varies, but sadly, ... - UPS Spam.. Oh Wait, It’s an FDIC Spam Campaign
After more than a week of malicious UPS spam campaigns, the Cutwail botnet changed its spamming theme this week. The malicious spam pretends to be from the Federal Deposit Insurance Corporation or FDI... - Hide Your Real Email Address With Hotmail
Lots of people have multiple email addresses: one for work, one for personal use, and then one or two that might be called "spam-catcher" addresses -- used for low-priority e-commerce transa... - YourBizBegin spam campaign on Facebook
A fairly successful spam campaign is currently active on Facebook. The
campaign advertises the web sites YourBizBegin.com and
YourBizStart.com, which promise easy money for working from home.
Googling...
Posted on 02 October 2010. Tags: Abused, campaign, do_not_reply@itunes com, iTunes, medicineni com, Online, Pharmacy, Redirects, Spam, users
