Pharma Spam Finds Its Voice

By Matthew Hines  |  Posted 2009-12-17 Print this article Print

Canadian online pharmacy spam has been piling up for years as scammers seek to take advantage of interest in lower-cost pills and other medications. However, in a new twist, the messages have actually begun speaking their minds to recipients.

Researchers at Sophos have uncovered a unique variation of the time-honored pharma spam theme, as some spammers have actually begun embedding audio clips in their messages to help avoid detection by messaging security filters and e-mail clients.

In a blog post, SophosLabs researcher Brett Cove noted the new development on the spam scene, where purveyors are constantly cooking up new methods to try to help their wares reach well-guarded e-mail in-boxes.

According to the expert, SophosLabs recently began seeing the MP3-laden e-mails coming across its wires, marking only the second time the company has ever observed the use of such multimedia technology to try to defeat spam filters. The other instance of audio spam appeared back in 2007 when stock spamming had reached a critical mass and scammers were similarly forced into creating new tactics to respond to filters being tuned to find the keywords typically found in such messages.

In the new pharma messages, recipients are presented with an e-mail that offers no subject line and no body text but instead contains an attached MPEG file with a random lowercase file name, SophosLabs reported. Once someone hits play on the MP3, a woman's voice reads off a URL address and encourages users to visit the site.

Apparently the clips are specifically being used to market Cialis, Viagra and other performance-enhancing products. In the background of the recorded sales pitch there's even some not-so-subtle moaning in the playback as well.

Cove notes that the scammers have moved to the audio model because pharma spam has become so ubiquitous that it is not likely driving the same returns that it traditionally has as recipients and message filtering vendors have responded.

But even with millions of vulnerable people sitting at their computers willing to make truly reckless decisions in regards to what they'll open, unsolicited multimedia attachments offering no clue of their contents likely won't find too many new targets, according to the researcher.

"[It's] yet another example of how willing spammers are to try anything to hide the content of their campaigns from filters," Cove said. "However in this case, I would suspect this technique won't last for long as the likelihood of recipients opening some blank message with just an attachment, from an unknown sender, is quite low."

And I mean, is it really that hard to legitimately get your hands on Viagra these days?

Follow eWeek Security Watch on Twitter at: eWeekSecWatch.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to |

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel