Spammed Links – Part 2

One thing that we seem to have noticed (and granted we do have limited visibility of all spam campaigns) is that it seems when the spam campaign’s using Google’s link shortening service aren’t distributing malware, they are being used to redirect visitors to pharma websites.  We thought we’d look at where these were redirecting in a little more depth today.  So first we started to look at how the links were being delivered and were surprised to see that forum spam appeared to be a primary distribution method.  Here’s an example:

This spam contains 5 links so we thought we’d follow each of them and were again surprised to see the results:

The first link,, redirects to a rogue antivirus program called ‘Windows Trojans Sleuth’ via

The second link,, redirects to a ‘Pharmacy online’ at

The third link,, redirects to a ‘ViaGrow’ website at

The fourth link,, redirects to a English/Spanish/French (?) language ‘Pills and Tabs’ website at

The fifth link,, redirects to mobile monitoring software at

It looks like affiliate programs may be a good supplement to the income generated from Bugat/Gameover Zeus malware campaigns…as if that wasn’t enough.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: