Friday, June 28, 2013

"Garcinia Cambogia" Spam on Twitter, Facebook, Pinterest, and Tumblr

Janne Ahlberg and Graham Cluley have reported on the latest round of diet drug spam being advertised on sites like Twitter, Facebook, Pinterest, and Tumblr.

Sites involved with this spam campaign purport to be Women's Health Magazine's site and use deceptive subdomains. The sites falsely imply endorsement by Dr. Oz by auto-playing a video segment from his television show about "garcinia cambogia extract."

The following domains have been advertised via spam bots and hacked accounts. Note that these links lead to the Web of Trust report for each site, and that some of these domains have been blacklisted by SURBL.

https://www.mywot.com/en/scorecard/com-10.us
https://www.mywot.com/en/scorecard/com-11.us
https://www.mywot.com/en/scorecard/com-14.us
https://www.mywot.com/en/scorecard/com-15.us
https://www.mywot.com/en/scorecard/com-16.us
https://www.mywot.com/en/scorecard/com-17.us
https://www.mywot.com/en/scorecard/msnbc.msn.com-april.us
https://www.mywot.com/en/scorecard/msn.com-april.us
https://www.mywot.com/en/scorecard/com-april.us
https://www.mywot.com/en/scorecard/womenshealthmag.com-may.us
https://www.mywot.com/en/scorecard/com-may.us
https://www.mywot.com/en/scorecard/com-june.us
https://www.mywot.com/en/scorecard/womenshealth.com-ar1.info
https://www.mywot.com/en/scorecard/com-ar1.info
https://www.mywot.com/en/scorecard/com-ar2.info
https://www.mywot.com/en/scorecard/com-ar3.info
https://www.mywot.com/en/scorecard/com-article-diet.net
https://www.mywot.com/en/scorecard/com-articles-diet.net
https://www.mywot.com/en/scorecard/com-expo.in
https://www.mywot.com/en/scorecard/healthywomen.com-garcinia-diet.net
https://www.mywot.com/en/scorecard/com-garcinia-diet.net
https://www.mywot.com/en/scorecard/com-gc.net
https://www.mywot.com/en/scorecard/com-lifestyle-article.net
https://www.mywot.com/en/scorecard/com-mgc.pw
https://www.mywot.com/en/scorecard/com-mgc1.pw
https://www.mywot.com/en/scorecard/com-wen.pw
https://www.mywot.com/en/scorecard/net-10.us
https://www.mywot.com/en/scorecard/net-11.us
https://www.mywot.com/en/scorecard/net-12.us
https://www.mywot.com/en/scorecard/net-13.us
https://www.mywot.com/en/scorecard/net-14.us
https://www.mywot.com/en/scorecard/net-15.us
https://www.mywot.com/en/scorecard/net-16.us
https://www.mywot.com/en/scorecard/net-17.us
https://www.mywot.com/en/scorecard/net-18.us
https://www.mywot.com/en/scorecard/org-10.us
https://www.mywot.com/en/scorecard/org-11.us
https://www.mywot.com/en/scorecard/org-12.us
https://www.mywot.com/en/scorecard/org-13.us
https://www.mywot.com/en/scorecard/org-14.us
https://www.mywot.com/en/scorecard/org-15.us
https://www.mywot.com/en/scorecard/org-16.us
https://www.mywot.com/en/scorecard/org-17.us
https://www.mywot.com/en/scorecard/org-18.us
https://www.mywot.com/en/scorecard/miraclegarciniacambogia.com
https://www.mywot.com/en/scorecard/womenshealth.com-c.pw
https://www.mywot.com/en/scorecard/twitter.com-c.pw
https://www.mywot.com/en/scorecard/com-c.pw
https://www.mywot.com/en/scorecard/womenshealth.com-lot.pw
https://www.mywot.com/en/scorecard/com-lot.pw
https://www.mywot.com/en/scorecard/loseweight.com-06-24-12.net
https://www.mywot.com/en/scorecard/com-06-24-12.net
https://www.mywot.com/en/scorecard/weightloss.com-0624.net
https://www.mywot.com/en/scorecard/com-0624.net
https://www.mywot.com/en/scorecard/net-2.us
https://www.mywot.com/en/scorecard/cnbc.com-ar2.info (added 29 June 2013)
https://www.mywot.com/en/scorecard/com-indexrx.us (added 29 June 2013)
https://www.mywot.com/en/scorecard/com-mo.com (added 29 June 2013)


Never attempt to buy products from spam-advertised sites. You wouldn't entrust your credit card information to a shady drug dealer on the street; spam sites are the online equivalent.

You may notice this spam campaign's use of the uncommon ".pw" top-level domain. Registration of .pw domains opened to the general public three months ago. According to Wikipedia, .pw was originally intended for sites from the island nation of Palau, and it is currently being branded as short for "Professional Web."

Please refer to Janne's article for further updates as this spam campaign continues.

Janne has also written a separate article about how he believes user accounts may have been hijacked (through phishing sites hosted on the same domains).

See also other articles I've written on the topic of spam, including an article about weight loss drug spam e-mails and an article about fake CNBC news sites spamvertized on Twitter.


For more from the JoshMeister on Security, please subscribe via e-mail or RSS, or follow me on Twitter or .

Monday, June 3, 2013

Camino Canceled: Mac Browser Calls It Quits

The developers of Camino, a Mac-exclusive Web browser that has been around since 2002, have announced that the browser has reached its end of life.

Camino was the last relatively popular browser to support Mac OS X v10.4 Tiger and v10.5 Leopard, operating systems which Apple is no longer patching. The current versions of Chrome, Firefox, and Safari do not support Tiger or Leopard.

The relatively obscure TenFourFox browser, designed specifically to run on now-unsupported PowerPC-based (G3, G4, and G5) Macs, is the last remaining browser that's being actively updated for unsupported versions of Mac OS X.

Meanwhile, online ad network Chitika reported in March that Leopard and Tiger are installed on approximately 10% of Macs used online in North America. Mac OS X v10.6 Snow Leopard had the largest share at roughly 35%, trumping the newer Lion and Mountain Lion operating systems at approximately 28% and 27% respectively:



At this time it is unknown whether Apple will continue to issue security patches for Snow Leopard after the upcoming release of OS X v10.9.

For more details, please read my full article at The Mac Security Blog on Intego's site.


For more from the JoshMeister on Security, please subscribe via e-mail or RSS, or follow me on Twitter or .