Russian Viagra and Other Medical Spam Email



Posted by admin on

Russian Viagra and Other Medical Spam Email.
There’s been a recent surge in Russian spam lately. So much, in fact, that it has accounted for nearly 100% of the blocking done by our “URL” filter. Most of it is Viagra spam and other medical or pharmaceutical spam.
Here’s what you need to know about this potential danger to your email server and infrastructure.
Russian Spam.
Russian spam does not necessarily come from servers in Russia. It’s called that because the website the scammer wants you to visit ends with “.ru” or “.su” (for “Russia” and the former “Soviet Union”, respectively). Those top-level domains became popular among spammers many years ago, and the trend continues.
Here’s how it works. A spam email usually has a link in the body of the message that the spammer wants you to click. The link will take you to a website controlled by the spammer that you probably don’t want to visit. Some of the sites might be legitimate in the sense that when you pay you’ll get something, but it’s a dangerous gamble. Many involve illegal activities and will likely just rip you off.
Most is Viagra Spam and other Medical Spam Email.
As it turns out, most Russian spam falls into the category called “medical spam” or “pharmaceutical spam”, such as an email offer to buy cheap prescription drugs (like Viagra or Celebrex) or to order online from a supposed North American pharmacy.
According to Greg C., one of our 24/7/365 threat analysts, “A big tipoff that you’re looking at a scam is that the website’s address ends in .ru or .su. But be careful. Never click on a link in an email, whether it’s to a Russian website or not. Other websites linked from emails are also scams. It’s just that the Russian ones almost always are.”
Big Surge in Russian Medical Spam.
Over the last few weeks, we’ve seen a big rise in Russian spam, and almost all of it is medical spam. There has been so much of it that we’ve written special filters to block and analyze it even faster than usual, protecting our customers from these attacks. Here’s a chart showing Russian spam (white dotted line) during the last half of February.
The solid red line shows the amount of spam blocked on each day by our “URL” filter. That’s one of our most powerful filters, and it’s virtually unique to SpamStopsHere. It blocks emails with those “click-me” links that take you to scammers’ websites.
The dotted white line shows the amount of spam with click-me links that go to websites ending in “.ru” or “.su”. Almost all of the URL blocking on those days was for Russian spam. This is not uncommon. Our our threat analyst Greg C. says “we often see that Russian spam accounts for nearly 100% of the spam blocked by our URL filters.”
Unique Spam Blocking.
SpamStopsHere is able to block these campaigns because our multiple filters can recognize virtually any spam profile instantly. Instead of filtering out malicious emails based primarily on where they’re coming from (usually zombie servers), which changes frequently, we block entire campaigns based on the websites the spammers want you to go to so they can take your money. Those URLs don’t change nearly as often, so we can block it much better. We have other filters that block based on the IP of where the email is coming from, known spam phrases and html tricks, and other criteria.
It’s likely that other antispam programs aren’t blocking campaigns like this as well, and their customers are seeing a lot of this spam. Hopefully, they know not to click on it.
For More Info.
SpamStopsHere works differently from other anti-spam programs. It blocks 99.5% of spam while delivering over 99.999% of legitimate emails. That means we block fewer that 1 out of 100,000 good emails, which is why businesses and professionals love our service.
Our spam review team, along with our proprietary Spamalyzer 3.0, analyzes and blocks email threats for our customers 24/7/365. That’s a claim almost no other antispam provider can make.
Viagra is a registered trademark of Pfizer Inc. No endorsement by Pfizer is implied.
Want to share this?
After McAfee End of Life, What Size Antispam Provider Should You Switch To?
New WordPress Hack Spam with Dangerous Links.
Contact us anytime for more info and a 30-day trial including our 24/7 support!
8178 Jackson Rd, Ste A.
Ann Arbor, MI 48103.
© 2011-2017 Greenview Data, Inc.
All Rights Reserved.
Greenview Data and Third-Party marks are the property of their respective owners. No endorsement from third parties is implied. Prices, features and availability are subject to change without notice.