Just like true marketers interested in improving the click-through rates of their campaign, pharmaceutical scammers are constantly looking for new ways to attract traffic to their fraudulent sites.

From compromised web shells on web sites with high page rank, the impersonation of legitimate brands, to the development of co-branding campaigns, pharmaceutical scammers persistently rotate the traffic acquisition tactics in an attempt to trick more end users into purchasing their counterfeit pharmaceutical items.

In this post, I’ll profile two currently spamvertised campaigns impersonating YouTube and Twitter, ultimately redirecting end users to pharmaceutical scams.

More details:

Screenshot of the ‘YouTube Video Approved’ themed email:

Screenshot of the ‘Twitter Support” themed email:

Sample spamvertised URLs located on compromised domains: 

  • hxxp://cantaci.com/solitude.html
  • hxxp://lyonssystems.co.uk/plank.html

Spamvertised pharmaceutical scam site:

  • hxxp://medslevitraleiby.com – Email: peep@osmail.net

Both campaign redirect users to pharmaceutical scam domains, such as medslevitraleiby.com which is responding to 91.212.124.152. In the past, it used to respond to the following IPs: 37.157.249.2; 91.212.124.152; 95.168.193.184; 171.25.190.224; 188.132.211.183; 194.28.50.113; 213.162.209.179.

The spammers are monetizing the traffic by participating in a revenue-sharing pharmaceutical affiliate program.

Users are advised to be extra vigilant when interacting with email from unknown sources, and not to purchase counterfeit items from pharmaceutical shops delivered to them via spam messages, no matter which company they’re attempting to impersonate.

You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on  Twitter.

Blog Staff

About the Author

Blog Staff

The Webroot blog offers expert insights and analysis into the latest cybersecurity trends. Whether you’re a home or business user, we’re dedicated to giving you the awareness and knowledge needed to stay ahead of today’s cyber threats.

Share This