« Spam list-broker shut down | Main | Spamming for the Lord »
March 18, 2005
Pill spammers abusing ZDnet
Spammers promoting an online pharmacy are exploiting a security glitch at the ZDnet web site to "mask" the hyperlinks in their spams.
The tricky messages use a legitimate "re-direct" page at ZDnet.com to ricochet Internet users to a drugstore located at retailblows.com. The "target" URL that appears in the spams obfuscates the destination address, apparently to make it harder for recipients to complain about the spams.
Here's how one spammer's URL looks:
http://chkpt.zdnet.com/chkpt/forcewindow/kfaz%2e%72%65%74ai%6c%62%6co%77%73.c%6f%6d/
Clicking that URL takes spam recipients to the pill site.
Many web sites use such re-directs to log traffic sent to partner sites and other pages cited in email newsletters. For example, ZDnet used the redirect in its 2002 ZDnet Computing newsletter.
Phishers were recently using a similar bug at the eBay site to create emails designed to steal eBay users' account information.
According to this posting, ZDnet has been notified of the problem.
Posted by brian at March 18, 2005 12:20 PM
Comments
known "spam kings" it seems?
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL25170
"Ivo Ottavio Reali Camargo
retailblows.com (Ivo with Ralsky and Lindsay)"
Posted by: Reader at March 21, 2005 10:34 PM
