Fast Fluxing Yet Another Pharmacy Scam
0
Spam and phishing are indeed starting to operate behind the curtains of a fast-flux network of constantly changing IPs of malware infected PCs that end up hosting the scams and phishing pages themselves for a certain period of time. And I'm certain that's a trend and not a fad given the potential for increasing the average time a phishing or a scam site remains online, even the inability prove a certain IP was hosting it at a given period.
Take for instance the latest Canadian Pharmacy spam campaign, where in between the fast-flux, they didn't even bother to register and use a legitimate SSL certificate, among the few visual proofs for the average end user that's ensuring a certain degree of security, yet, in order to establish more trust, dead link logos such as "Verified by Visa", "Secured by GeoTrust", "ScanAlert - Hacker Safe", and "Verisign" are included at the processing order page. To me, that's a typical Rock Phish mentality - efficiency vs quality of the phishing/scam campaign. The whole Canadian Pharmacy spam campaign is behind an affiliate program forwarding the responsibility for promotion (spamming) and fast-fluxing, to the participants.
About Dancho Danchev
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
0 Comments: