Behind OEM Spam and Pharmacy Spam

Posted on by

anti spam

The other day, we contacted the domain registrar of the notorious pharmacy spam site at www.toppharmacy.com. Now, it’s gone. But a pharmacy spam ring is still sending junk messages to advertise this dead website.

So who’s behind this pharmacy spam? Well, we don’t have the answer. But we now have strong reasons to believe that this pharmacy spam is actually run by the same spam group running the illegal software store called Software Download. We have put some of their domains to death. They have found their temporary new home at laga-soft.com.

anti spam anti spam

Comparing two different spam messages, we have found similarities.

  • The designs are the same. They both say, “Enter the link manually in address bar of your browser!”
  • They even arrived at almost the same time.

    The source codes reveal that one message arrived at 12:44:08 in April 9 while the other spam message arrived at 12:50:43 on the same day.

    anti spam anti spam

    Furthermore, one of the source code shows that the character set used is KOI8-R, an 8-bit character encoding for Russian and the Cyrillic alphabet. They often say that many Russian criminal groups are behind running phishing websites and sending spam messages.

    • Leave a Reply

    Your email address will not be published. Required fields are marked *

    Notify me of followup comments via e-mail. You can also subscribe without commenting.