Security news29 March 2007
Spammers hack PHP websites to make money from online pharmacies Drug store spammers "joe job" innocent websites in an attempt to avoid spam filters
Sophos, a world leader in IT security and control, has warned internet users of the importance of properly securing their websites after it has uncovered evidence that spammers are hacking into sites in their attempt to sell goods.
Spam campaigns advertising internet pharmacies peddling drugs are directing users to webpages hosted on hacked innocent websites that then automatically redirect surfers to the online store. The hacked websites are all using PHP, a scripting language used by many internet sites, which has suffered from serious security vulnerabilities in the past.
Because the spam messages point to an innocent website rather than directly to the online pharmacy, there is a risk that sites unaware of the spam campaign may have their reputations tarnished. Anti-spam products often use information about the webpage pointed to by an email as an indicator of whether the message is spam or not.
The spam emails advertise an online drugs store.
"To the naked eye it looks like a regular spam message advertising Viagra and Cialis," said Graham Cluley, senior technology consultant for Sophos. "But it is actually pointing to a website that is owned by someone who is probably completely unaware that spammers have hacked into their site, and are redirecting visitors to an online pharmacy. Website owners have a duty to properly patch their sites against the latest vulnerabilities, or risk being exploited by spammers."
The HTML source code of the spam email reveals that it links to a page on a hacked website, and displays a graphic hidden on another exploited site.
"If people visit the webpage on the hacked website they will then be automatically redirected to the real destination: a site pushing drugs," continued Cluley. "Web surfers probably wouldn't even notice they are being hopped across the net. The intention of the spammers is not to confuse their potential purchasers but to try and slip past anti-spam products."
The spammers have hacked into websites which use PHP to plant redirection code that will take customers to their store. In this case the site is www.dickcheneyshotmetoo.com.
The websites running PHP that spammers are hacking into are legitimate sites that would not normally be blocked by anti-spam solutions or web filters.
"Normally, a joe job is a spam campaign forged to appear as though it came from an innocent party, with the intention of incriminating or pinning blame onto them," explained Cluley. "In this case, spammers are "joe jobbing" innocent websites by having their spam point (however briefly) to hacked webpages which then redirect to the spammers' preferred destination."
Customers defended by Sophos's anti-spam products are protected against the spam campaign using Genotype® technology.
Last week, Sophos warned computer users of the dangers of buying pills from online sites following the death of a 57-year old Canadian woman. Sophos's Security Threat Report 2007 revealed that almost 60 percent of all spam sent across the internet is related to drugs and medication.
Sophos recommends companies protect themselves with a consolidated solution which can defend against the threats of spam, spyware and viruses.
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.
