Tuesday, October 16, 2007

Fast Fluxing Yet Another Pharmacy Scam

Spam and phishing are indeed starting to operate behind the curtains of a fast-flux network of constantly changing IPs of malware infected PCs that end up hosting the scams and phishing pages themselves for a certain period of time. And I'm certain that's a trend and not a fad given the potential for increasing the average time a phishing or a scam site remains online, even the inability prove a certain IP was hosting it at a given period.

Take for instance the latest Canadian Pharmacy spam campaign, where in between the fast-flux, they didn't even bother to register and use a legitimate SSL certificate, among the few visual proofs for the average end user that's ensuring a certain degree of security, yet, in order to establish more trust, dead link logos such as "Verified by Visa", "Secured by GeoTrust", "ScanAlert - Hacker Safe", and "Verisign" are included at the processing order page. To me, that's a typical Rock Phish mentality - efficiency vs quality of the phishing/scam campaign. The whole Canadian Pharmacy spam campaign is behind an affiliate program forwarding the responsibility for promotion (spamming) and fast-fluxing, to the participants.

No comments:

Post a Comment