Spam, Scam, or Malware?
[Another great post by Adnan in our internal blog. Definitely deserves a wider audience... --C.L.]
Recently, we saw several customer submissions of a particular URL. One thing that caught my attention: the three submitters suggested three different categories for the rating. (The suggestions were: “Malicious Sources”, “Spam”, and “Scam/Questionable/Illegal”.)
The question is, do they really understand the meaning of the category they chose, or was each person seeing different things on the link/page?
So I spent some time before my lunch break, and here is my analysis on the incident.
First, all the submitters agreed that they received the URL/link in a spam email. So a “Spam” rating would certainly be accurate. Next, I tried to simply browse to the URL. It's a redirect to a scammy "Canadian Pharmacy" site:
(So a rating of "Scam/Questionable/Illegal" would also be reasonable.)
Here's the content of the URL before the redirection:
So, yes it is a scam URL, but it is also a malicious URL. … and it is distributed in a spam mail. So everyone was correct, the URL (together with the Blackhole site and scam site) is blocked, and everyone is safe and happy.
Thanks to everyone who took time to submit the URL! We really appreciate your efforts to submit malicious/suspicious URLs for our review. It helps everyone when we work together.
Till next time, stay safe everyone!
-- Adnan Shukor
[Other relevant details: the taurbael.ru attack site was automatically flagged in our database by the Malnet Tracker three days ago, and medicineandroid.pl was added by the Spamnet Tracker a week ago. --C.L.]