Beware emails linking to blogspot.com

I'm seeing a new pattern of malicious emails in my inbox. The body of the email message is nothing but a link to a blog at blogspot.com. The subject is a single word such as: Hey, Ave or Hallo.

One message linked to   uyxmwrmxaxquiuxti.blogspot.com.

My browser stayed there for only a second before getting re-directed to xykribwams.com which claims to be My Canadian Pharmacy.

This is a great example of the value you can get from the Flagfox extension for Firefox (which I wrote about back in July). Flagfox shows that xykribwams.com is actually in Taiwan.

Another message linked to svhtuxcngrwg.blogspot.com. Blogger, however, caught this one as you can see below.

Should you run into a spam blog at Blogger, report it here.

A third message linked to rxqesyeagquzabjagdlokqafmnd.blogspot.com. Blogger also warned that this one was a possible violator of their terms of service.

Despite the warning from Blogger, I clicked through to see both of the last two sites. Each was redirected to the same place as the first one, xykribwams.com.

Abusing Google Docs

On a somewhat related note, another spam message employed another new (to me at least) tactic. The link in the email message went to

docs.google.com/View?docID=dw2rvb4_0d3cv77d6

Everybody likes Google Docs, so this page is unlikely to set of any alarms. Clicking on a link in the page takes the spam victim to the actual website pharmsdirectfull.com, which also claims to be a Canadian Pharmacy.

Flagfox shows that this site is in South Korea.

I purposely didn't mention the "From" address for any of these email messages because you should never consider it when judging a message. It's very easy to forge the From address.

See a summary of all my Defensive Computing postings.