Sophos Cloud Optix
We have seen an influx of spam this weekend purporting to be notification messages from Twitter.
The message body says:
"Hello,
You have notifications pending
http://twitter.com/account/notify/RANDOMHEX?emcamp=notify_CURRENTDATE&userid=RANDOMNUMBERThanks for being part of Twitter,
The Twitter Team"
In the samples I examined, the URLs that the links direct you to are all unique. In addition to rotating through many different domain names, the spammers append random words to the URL that are ignored by the redirecting websites.
Of course these messages aren’t from Twitter; they are promoting online pharmacies. One of the registrants with an address in Moscow currently owns more than 100 domain names all redirecting to pharmacy-related websites.
My favorite one proclaims to be an American pharmacy. How refreshing! The address in Texas that they list looks to be a bit empty, though.
Like most online pharmacy scams the cost of their products is not exactly discount. The average price for these products when you include special “handling” fees and “insurance” is almost $200 USD.
Amusingly, if you omit the www from the URL for US Drugs you get a “Canadian” pharmacy selling very similar products. I decided it was only fair to look up their Canadian address in Ontario.
It appears they either have made up the address, or have started a barbershop… Maybe they are taking advantage of all their Rogaine sales.
To learn more about how online pharmacy spammers and other affiliate-based networks make money, download our paper “The Partnerka – What is it, and why should you care?”
Do these email contain viruses?