YouTube And kaboodle, Spam-Vandalized Side by Side – Spam Campaign Sponsored by US Drugstore (US-DS.COM)

Posted on January 8, 2009 by Administrator

anti spam






TOKYO (MacHouse) – We all know what YouTube is. How about kaboodle? According to its website,






Kaboodle is a social shopping community where people discover, recommend and share products. Kaboodle’s powerful shopping tools allow people to organize their shopping through lists, discover new things from people with similar style, get discounts on popular products and find best prices.






(Screenshot 01 shows the index page of kaboodle’s website.) It’s quite a popular website though we never heard of it before. According to Quantcast, kaboodle is a top 500 website attracting 3.1 million visitors from the U.S. alone. (See Screenshot 02.)





YouTube kaboodle spam US Drugstore US-DS.COM
Screenshot 01 – Source:
kaboodle		   YouTube kaboodle spam US Drugstore US-DS.COM
Screenshot 02 – Source:
Quantcast		   YouTube kaboodle spam US Drugstore US-DS.COM
Screenshot 03 – Source:
MacHouse






Several hours ago, a Russian spammer circulated a junk post around blogs and forums worldwide to advertise spam profiles created at YouTube and kaboodle. (See Screenshot 03.) How do we know this spammer is a Russian? We will explain later. Anyway, the following is a list of hyperlinks used in the spam post.  






http://www.youtube.com/DavidLynchTwin
http://www.youtube.com/Robertocavallid
http://www.youtube.com/CristianoRivero
http://www.youtube.com/DiorCristianas
http://www.kaboodle.com/buyingviagraonline
http://www.kaboodle.com/buyingcialisonline
http://www.kaboodle.com/buyingtramadolonline
http://www.kaboodle.com/buyinglevitraonline
http://www.kaboodle.com/buyingphentermineonline
http://www.kaboodle.com/buyingaccutaneonline
http://www.kaboodle.com/buyingacompliaonline
http://www.kaboodle.com/buyingpropeciaonline
http://www.kaboodle.com/buyingrevatioonline
http://www.kaboodle.com/buyingsomaonline






Accessing http://www.kaboodle.com/buyingviagraonline, you will end up at a junk profile created at kaboodle. (See Screenshot 04.) The URL underlying the phrase Click here To Purchase Viagra Online is http://www.us-ds.com/item.php?id=188&aid=8315. If you click on it, you will be forwarded to a junk pharmacy website at http://www.us-ds.com. (See Screenshot 05.) Likewise, if you access http://www.youtube.com/DavidLynchTwin, you will be forwarded to a junk profile created at YouTube. (See Screenshot 06.) And the hyperlink shown in this profile is exactly the same one indicated at kaboodle.





YouTube kaboodle spam US Drugstore US-DS.COM
Screenshot 04 – Source:
kaboodle		   YouTube kaboodle spam US Drugstore US-DS.COM
Screenshot 05 – Source:
US Drugstore		   YouTube kaboodle spam US Drugstore US-DS.COM
Screenshot 06 – Source:
YouTube






Let’s find out where the spam-sponsoring website is hosted. The web server hosting the junk online pharmacy website at www.us-ds.com is traced to the IP address of 91.208.162.9. It’s located in Russia. This IP address appears to belong to a Russian organization called RusDesign Ltd.

Okay. So the website is probably hosted in Russia. So what? That doesn’t necessarily mean the spammer is from Russia. Well, this isn’t the first time we put a spotlight on the junk pharmacy website at www.us-ds.com. We reported a spam campaign incident involving the same online pharmacy store on October 24, 2008. After publishing this report, we heard directly from the spammer who said was from Russia. (See Screenshot 07.) He called himself Anton in an e-mail message he sent us in October 25th.





YouTube kaboodle spam US Drugstore US-DS.COM
Screenshot 07 – Source:
MacHouse		   YouTube kaboodle spam US Drugstore US-DS.COM
Screenshot 08 – Source:
US Drugstore






Is anybody that desperate to buy drugs from a Russian spammer? Anton says drugs will be shipped from Canada. But take a look at the store label once again. As shown in Screenshot 05, it’s US Drugstore. Moreover, Screenshot 08 shows the checkout page of the junk online pharmacy store. There is no security protocol to process credit card information. It’s NOT a secure order form. Nobody should buy anything from this insecure online store.

By the way, the e-mail address shown in Screenshot 07 is taraknully@gmail.com. That’s what Anton uses. I’m sure he won’t offended if people send him spam messages.






Click on the button to watch a short documentation video. VTC
Click on the button to watch more documentation videos. VTC






Related stories:

100 FortuneCity URLs and 20 National Clearinghouse on Academic Worklife URLs Leading to Malicious HTTP Attack Website – Part 1
Popular Social Networking Website (BEBO.COM) Embedded with JSP Function, Redirecting Internet Users to Online Pharmacy Store

This entry was posted in Internet security and tagged , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Comment spam protected by SpamBam

Notify me of followup comments via e-mail. You can also subscribe without commenting.