iTunes abused in spam campaign that redirects users to online pharmacy


MX Lab, http://www.mxlab.eu, started to intercept a spam campaign that is abusing iTunes to redirect users to the online site of Pharmacy Express.

The email messages comes from the address iTunes Store <do_not_reply@itunes.com> that is obviously spoofed. Also email headers are being spoofed as well:

Received: from badger1402.apple.com (badger1402.apple.com [17.254.6.185])
by asmail.fitnet.biz with SMTP id 02903735943
for <*****@*****.be>; Fri, 1 Oct 2010 21:10:22 +0200

This what the message looks like. A perfect iTunes branded purchase receipt email except that all URLs lead to the online pharmacy web site.

Domains that are being uses:

hxxp://medicineni.com
hxxp://iwvblrig.info
hxxp://cyvvlrgu.info
hxxp://pxdnafse.info
…….

As we write, new domains are being brought into circulation. All these domains are hosting the online pharmacy web site Pharmacy Express.

7 thoughts on “iTunes abused in spam campaign that redirects users to online pharmacy

  1. I got This mail yesterday (2010-10-1 11:57+9:00(JST)).
    I have not bought anything ftom itunes store.
    And I am living in JAPAN. The mail must be written in Japanese Language.
    So I understood the mail is not true.

    The inks in the mail is “hxxp://medicineni.com”.

  2. Hi, I got this fake itunes mail today.. I clicked the link to it redirects me to medicini.com but the page was off-line..
    Am I in risk?… Is ther anything I must do?
    Thanks

    • When we checked it out it was only a redirect to the online pharmacy site so it is just spam at the moment. But as always, keep an eye on what you do when receiving such emails. Emails like this can also lead to a more serious threat.

    • Depends on how your set up is: do you use an email address of an ISP, do you have your own domain name, you own server,…

      MX Lab can help you if you have your own domain name. Just sign up for a 15 day trial and get protected.

      If you have an email address from an ISP, then you have a few other options. Get in contact with your ISP and notify them of spam coming through. the best option is that spam gets blocked at ISP level before it reaches your mailbox.

      You could also install some anti spam software on your computer, make a rule in your email client that will move the incoming spam messages to your trash,…. if your ISP fails to block the messages.

  3. When we checked it out it was only a redirect to the online pharmacy site so it is just spam at the moment. But as always, keep an eye on what you do when receiving such emails. Emails like this can also lead to a more serious threat.

  4. As a general rule I never deal with an online pharmacy that is outside of the US. I buy from a pharmacy that has only US doctors and US pharmacies. I have oredered every month since 2004 and I have never had a concern. All my meds were legitimate and my primary care MD is aware of what I take. I love the convenience of it. But dealing with Mexico, India, Canada one has to be “very” careful. If you do not know the company, the maker of the medication, if no secure server is used, if you get spam, if the try to misspell words to avoid your spam folder, if they do not tell you upfront the cost and shipping or if you are unable to call them…….stay away. Basically use common sense.

Comments are closed.