Fraudulent Websites: Spammers Shift Tactics
Prescription drugs are not cheap. In the United Stated alone, Americans commute to neighboring countries, buy by mail or shop online to save money.2 Spammers have made money from this trend for a number of years. Researchers from the University of California, San Diego, estimate that fraudulent pharmacy sites generate between $1 million and $2.5 million in sales each month. Their research stemmed from this exact preference of Americans in buying prescription non-lifestyle drugs for cheaper from pharmaceutical sites that are promoted by spam.3
Traditionally, spammers’ methods entailed the use of email or free blogging platforms, such as Microsoft’s live.com, to push folks to fraudulent pharmaceutical websites. Now, free forum-hosting sites like freeforums.org are actively being exploited to act as facades that redirect users to these virtual storefronts (image 1). Cybercriminals have turned to these third-party sites in order to avoid easy-detection by spam and web content filtering software that lacks the adequate detection capabilities required of today’s dynamic Web.
Image 1: A sample pharma/fraud forum homepage
The page consists of a single forum topic and an image that links to a malicious website containing the feed of the actual pharma-fraud site (image 2).
Image 2: Fraudulent pharmaceutical website
The multifind24.com homepage features various advertisements from a Pay-Per-Click (PPC) partner program tied to BidTraffic.com, which is a legitimate PPC search system. PPC is an online advertising model used to push traffic to websites, in which advertisers pay for clicks generated by the efforts of marketers promoting their goods or services. In this case, the marketers, or fraudsters, behind this domain are clearly exploiting the BidTraffic.com PPC API for profit.
As long as Americans continue seeking cheaper sources of prescription drugs and if consumer-oriented spam or web content filtering software continues to fail in detecting such fraudulent pharmaceutical websites, zveloLABS foresees a rise in global spam campaigns of this nature, which may extend beyond online forums and advertising partner programs.
zvelo’s AutoCategorization (AutoCat) systems effectively auto-detect and categorize these fraudulent pharmaceutical sites as “Pharmaceuticals” and “Phishing/Fraud.” AutoCat combines URL analysis, taxonomic content categorization and zero-hour malicious website detection to provide dynamic, highly accurate categorization of URLs at the domain, sub-domain, sub-path or page level within a website.
Fraudulent Pharmaceutical Website Variants:
Image 3: Fraudulent pharmaceutical website variant
Image 4: Fraudulent pharmaceutical website variant
References:
Casey Holley. (Last updated January 9, 2011). Apidex Weight Loss. LiveStrong.com. Retrieved July 14, 2011 from hxxps://www.livestrong.com/article/353159-apidex-weight-loss/#ixzz1Rx7OkgGm.
Brian Krebs. (July 11, 2011). Americans Use Spam for Cheaper Prescription Drugs. Technology Review. Published by MIT. Retrieved on July 14, 2011 from https://www.technologyreview.com/web/38023/?p1=A3&a=f.
Various Authors. (June 28, 2011). Show Me the Money: Characterizing Spam-advertised Revenue. UCSD Computer Science and Engineering. Retrieved on July 14, 2011 from https://cseweb.ucsd.edu/~savage/papers/UsenixSec11-SMTM.pdf.
