Thanks to Anand Muralidharan for contributing to this blog.
Recently there was a serious bomb blast outside the high court in Delhi, the capital of India. The blast happened on September 7, 2011, and the investigations are continuing with the National Investigation Agency (NIA). News of this terrifying event is being used by spammers to promote fake pharmaceutical products. In the past we’ve seen Mumbai terror attack news used by spammers for advertising pills—we blogged about it in Spammers Attempting to Cash in on Mumbai Terror.
Below are some spam subject samples: Subject: Delhi explosion Subject: Bombing at Delhi court kills 10 The domains that are included with these latest spam messages lead users to fake online pharmacies. Using domain names that include a reference to “pills” has also been a common feature to lure readers to purchase fake products. All of these domains are registered with .RU top level domains (TLD), as shown in the below examples:
Symantec advises our readers to be cautious when it comes to communications involving popular news headlines—spammers will always try to leverage hot news topics to lure recipients into opening unsolicited or unexpected emails. Frequently update your message security software for protection against potential online scams and being duped into buying fake products.