{"id":505,"date":"2007-04-09T07:02:54","date_gmt":"2007-04-09T15:02:54","guid":{"rendered":"https:\/\/blog.mhvt.net\/?p=505"},"modified":"2007-05-27T00:20:44","modified_gmt":"2007-05-27T08:20:44","slug":"behind-oem-spam-and-pharmacy-spam","status":"publish","type":"post","link":"https:\/\/blog.mhvt.net\/?p=505","title":{"rendered":"Behind OEM Spam and Pharmacy Spam"},"content":{"rendered":"

\"anti<\/a><\/p>\n

The other day, we contacted the domain registrar of the notorious pharmacy spam site at www.toppharmacy.com. Now, it’s gone. But a pharmacy spam ring is still sending junk messages to advertise this dead website. <\/p>\n

So who’s behind this pharmacy spam? Well, we don’t have the answer. But we now have strong reasons to believe that this pharmacy spam is actually run by the same spam group running the illegal software store called Software Download<\/strong>. We have put some of their domains to death. They have found their temporary new home at laga-soft.com.<\/p>\n

\"anti<\/a> \"anti<\/a><\/p>\n

Comparing two different spam messages, we have found similarities.<\/p>\n

  • The designs are the same. They both say, “Enter the link manually in address bar of your browser!”\n
  • They even arrived at almost the same time.\n

    The source codes reveal that one message arrived at 12:44:08 in April 9 while the other spam message arrived at 12:50:43 on the same day.<\/p>\n

    \"anti<\/a> \"anti<\/a><\/p>\n

    Furthermore, one of the source code shows that the character set used is KOI8-R, an 8-bit character encoding for Russian and the Cyrillic alphabet. They often say that many Russian criminal groups are behind running phishing websites and sending spam messages.<\/p>\n","protected":false},"excerpt":{"rendered":"

    The other day, we contacted the domain registrar of the notorious pharmacy spam site at www.toppharmacy.com. Now, it’s gone. But a pharmacy spam ring is still sending junk messages to advertise this dead website.<\/p>\n","protected":false},"author":342,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22],"tags":[],"class_list":["post-505","post","type-post","status-publish","format-standard","hentry","category-internet-security"],"_links":{"self":[{"href":"https:\/\/blog.mhvt.net\/index.php?rest_route=\/wp\/v2\/posts\/505","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.mhvt.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.mhvt.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.mhvt.net\/index.php?rest_route=\/wp\/v2\/users\/342"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.mhvt.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=505"}],"version-history":[{"count":0,"href":"https:\/\/blog.mhvt.net\/index.php?rest_route=\/wp\/v2\/posts\/505\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.mhvt.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=505"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.mhvt.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=505"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.mhvt.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=505"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}