Fake Apple Store Order Notifications have been making rounds for months now. The volume of this particular spam campaign is not as astonishing as other past campaigns. It is actually the exact opposite of those massive outbreaks that distribute hundreds of thousands of spam emails for a few hours and suddenly stop the next day. Websense customers are protected from this blended attack by ACE, our Advanced Classification Engine
Typically, the email contains a link that redirects users to a very familiar pharmacy spam site. These links either belong to compromised sites or newly registered domains.
Screen shot 1 : Fake Apple Store Order Notifications sample email
Today, we noticed the same fake Apple Store email redirecting users to a different, relatively new pharmacy spam web template. The new template channels a wikipedia feel to it and is cleverly titled "WikiPharmacy".
Screen shot 2 : WikiPharmacy web spam template
Looking deeper into the IP where this domain is hosted, we learned that it caters to over 24,000 other domains. These domains were all used in pharmacy spam campaigns at one point.