Buying "legal herbs" for smoking purposes from Chinese servers with ever-changing IP addresses will likely lose you your credit card number. Bummer, dude.
Disregard the photos of fat green buds with names like "Super Skunk" or "Holland Haze" and steer clear of spam advertising that "Big Buddha Bud is the bomb."
Security vendor F-Secure said the paranoia over an e-mail that advertises "legal herbs" for smoking purposes is justified, given the fact that the joint shop doing the advertising is sitting on top of Hong Kong servers whose IP addresses, oddly enough, keep changing every few minutes.
The spam, coming from the "Bud Shop," is advertising what it calls a "legal bud" meant for smoking.
"Intense and potent, yet it puts my mind at ease," the spam reads. "Wow you guys werent kidding about not driving after smoking this!"
A link in the spam leads to a site called thebudshop.hk, located, as the URL suggests, in Hong Kong. F-Secure peeked under the covers to find out where the server is actually hosted and found that the address keeps changing every few minutes. Also, the IPs point to individual DSL boxes, F-Secure wrote
in an Oct. 26 postingin other words, home computers.
"Sounds like a botnet to me," wrote Mikko H. Hyppönen, chief research officer at F-Secure.
Further research shows that all the sites name servers are registered to Chinese addresses and provide DNS for each other, Hyppönen said.
"Weve seen Citibank and MySpace phishing sites hosted under these domains before," he wrote in the posting. "But this is the first time weve seen a smoke shop hosted there. Its quite likely the whole site is fake and only built to collect credit card numbers. So just say no."
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.