Flickr welcome message leads to Canadian Pharmacy web site
July 6, 2010 Leave a comment
Various brands have been subject to spam campaigns and today Flickr, the photo sharing web site, is now also being abused by spammers.
MX Lab started to intercept messages with the subject “[Flickr] Welcome!”, send from a spoofed email address, with an welcome message from Flickr (see image below).
The web sites above function as a redirect to hxxp://keptoften.com/
Each message has different URLs included so these spammers are using a massive amount of domains in this campaign.
I personally do not understand why they are doing this because an Intent Analysis filter, that analyses the included URLs in emails, can blacklist many URLs from these web sites immediatly when investigating one single spam message.
When only using the domain for visiting the sites we get quite often a warning from our browser that the site is known to host malware. In other cases, or when ignoring the warning, we are redirected to hxxp://bestadultsite.ru/run/go.php?sid=3 and afterwards to the web site of Canadian Neighbor Pharmacy hxxp://pharmacymentalhealth.com (see image below).