The Kelihos botnet is rearing its ugly head again as a massive Canadian pharmacy campaign sent out a large amount of spam emails entitled “Only 24 Hours Left to Shop.”
While such spam campaigns are not uncommon, there is one interesting aspect about this one. The spammers are using an old-school technique to make sure a large number of users receive the messages, said researchers at Cisco who found the campaign.
Instead of using some method to bypass spam filters, the spammers sent out a massive amount of emails. Even if spam filters block out 99.99 percent of the messages, the remaining 0.01% that reach their destination still represent a big number.
Another noteworthy point is the Canadian pharmacy website promoted in the campaign can track the location of visitors and other information.
“They are tracking not only the country where the visitor is from, but there is a site identification number, a ‘heatmap’ cookie, a session identifier which lasts far into the future, and a ‘holiday’ cookie set to the value of ‘usps,’” said Cisco’s Jaeson Schultz. “This pharma gang is definitely intent on tracking their loyal customers and other visitor.”