Friday, June 28, 2013

"Garcinia Cambogia" Spam on Twitter, Facebook, Pinterest, and Tumblr

Janne Ahlberg and Graham Cluley have reported on the latest round of diet drug spam being advertised on sites like Twitter, Facebook, Pinterest, and Tumblr.

Sites involved with this spam campaign purport to be Women's Health Magazine's site and use deceptive subdomains. The sites falsely imply endorsement by Dr. Oz by auto-playing a video segment from his television show about "garcinia cambogia extract."

The following domains have been advertised via spam bots and hacked accounts. Note that these links lead to the Web of Trust report for each site, and that some of these domains have been blacklisted by SURBL.

https://www.mywot.com/en/scorecard/com-10.us
https://www.mywot.com/en/scorecard/com-11.us
https://www.mywot.com/en/scorecard/com-14.us
https://www.mywot.com/en/scorecard/com-15.us
https://www.mywot.com/en/scorecard/com-16.us
https://www.mywot.com/en/scorecard/com-17.us
https://www.mywot.com/en/scorecard/msnbc.msn.com-april.us
https://www.mywot.com/en/scorecard/msn.com-april.us
https://www.mywot.com/en/scorecard/com-april.us
https://www.mywot.com/en/scorecard/womenshealthmag.com-may.us
https://www.mywot.com/en/scorecard/com-may.us
https://www.mywot.com/en/scorecard/com-june.us
https://www.mywot.com/en/scorecard/womenshealth.com-ar1.info
https://www.mywot.com/en/scorecard/com-ar1.info
https://www.mywot.com/en/scorecard/com-ar2.info
https://www.mywot.com/en/scorecard/com-ar3.info
https://www.mywot.com/en/scorecard/com-article-diet.net
https://www.mywot.com/en/scorecard/com-articles-diet.net
https://www.mywot.com/en/scorecard/com-expo.in
https://www.mywot.com/en/scorecard/healthywomen.com-garcinia-diet.net
https://www.mywot.com/en/scorecard/com-garcinia-diet.net
https://www.mywot.com/en/scorecard/com-gc.net
https://www.mywot.com/en/scorecard/com-lifestyle-article.net
https://www.mywot.com/en/scorecard/com-mgc.pw
https://www.mywot.com/en/scorecard/com-mgc1.pw
https://www.mywot.com/en/scorecard/com-wen.pw
https://www.mywot.com/en/scorecard/net-10.us
https://www.mywot.com/en/scorecard/net-11.us
https://www.mywot.com/en/scorecard/net-12.us
https://www.mywot.com/en/scorecard/net-13.us
https://www.mywot.com/en/scorecard/net-14.us
https://www.mywot.com/en/scorecard/net-15.us
https://www.mywot.com/en/scorecard/net-16.us
https://www.mywot.com/en/scorecard/net-17.us
https://www.mywot.com/en/scorecard/net-18.us
https://www.mywot.com/en/scorecard/org-10.us
https://www.mywot.com/en/scorecard/org-11.us
https://www.mywot.com/en/scorecard/org-12.us
https://www.mywot.com/en/scorecard/org-13.us
https://www.mywot.com/en/scorecard/org-14.us
https://www.mywot.com/en/scorecard/org-15.us
https://www.mywot.com/en/scorecard/org-16.us
https://www.mywot.com/en/scorecard/org-17.us
https://www.mywot.com/en/scorecard/org-18.us
https://www.mywot.com/en/scorecard/miraclegarciniacambogia.com
https://www.mywot.com/en/scorecard/womenshealth.com-c.pw
https://www.mywot.com/en/scorecard/twitter.com-c.pw
https://www.mywot.com/en/scorecard/com-c.pw
https://www.mywot.com/en/scorecard/womenshealth.com-lot.pw
https://www.mywot.com/en/scorecard/com-lot.pw
https://www.mywot.com/en/scorecard/loseweight.com-06-24-12.net
https://www.mywot.com/en/scorecard/com-06-24-12.net
https://www.mywot.com/en/scorecard/weightloss.com-0624.net
https://www.mywot.com/en/scorecard/com-0624.net
https://www.mywot.com/en/scorecard/net-2.us
https://www.mywot.com/en/scorecard/cnbc.com-ar2.info (added 29 June 2013)
https://www.mywot.com/en/scorecard/com-indexrx.us (added 29 June 2013)
https://www.mywot.com/en/scorecard/com-mo.com (added 29 June 2013)


Never attempt to buy products from spam-advertised sites. You wouldn't entrust your credit card information to a shady drug dealer on the street; spam sites are the online equivalent.

You may notice this spam campaign's use of the uncommon ".pw" top-level domain. Registration of .pw domains opened to the general public three months ago. According to Wikipedia, .pw was originally intended for sites from the island nation of Palau, and it is currently being branded as short for "Professional Web."

Please refer to Janne's article for further updates as this spam campaign continues.

Janne has also written a separate article about how he believes user accounts may have been hijacked (through phishing sites hosted on the same domains).

See also other articles I've written on the topic of spam, including an article about weight loss drug spam e-mails and an article about fake CNBC news sites spamvertized on Twitter.


For more from the JoshMeister on Security, please subscribe via e-mail or RSS, or follow me on Twitter or .

No comments:

Post a Comment

Comment moderation is enabled. (If you wish to contact Josh privately, you can leave a comment and ask that it not be published.)