Chinese pharamcy spam could be legitimate in origin: McAfee

Oversupply of drugs in the Chinese market the likely culprit, however, Chinese spam responsible for up to 65 per cent of global email volumes

Increases in spam which offers cheap Chinese medicine need not necessarily be a cause for alarm, according to a new report from McAfee.

In its September 2009 <i>Key Spam Trends</i> report, the security company said that the up-tick in this form of spam appeared to be a legitimate reaction to Chinese overproduction of prescription drugs and the need to sell them cheaply to customers outside the country.

Although the number of messages pose real issues — constituting between 60 and 65 per cent of today’s global email volumes — it was inaccurate to view the Chinese pharmacy spam phenomenon as the result of purposeful malicious behaviour by the Chinese government or a single corporation, according to the report.

“Rather, it appears to be the result of a need to export the results of excessive overproduction to a global population that has tightened its purse strings against unnecessary spending,” it reads.

Based on observations of pharmacy spam over the past few months, however, the company concluded there was no end in sight for the high volumes of Chinese spam.

“If excess industrial chemical production in China cannot be dumped on the legal market, then it will continue to find a black market,” the report said. “The need for that black market is too strong to be shut down by international law enforcement.

“On the other hand, there may be a peak to pharmaceutical spam in which the quest for profitability and maintainability eventually balances with the growth rate of the drugs market and reduces the danger of long-term overproduction. This may also result in an overabundance of idle botnet nodes and, as we all know, an idle botnet is the devil’s plaything.”

The report also examined the August 6 distributed denial of service (DDoS) and low-volume spam attack on Twitter\CIO :: Twitter and CIO :: Facebook, aimed at silencing or spotlighting a pro-Georgian blogger who went under the nickname 'cyxymu'.

“The latter seemed primarily to publicly highlight, perhaps to the blogger himself, the target of the attack,” the report reads. “The spam itself was not responsible for the downfall of Twitter, either as mail target or as a click generator. However, a few aspects of the email suggest that the spam was merely an afterthought, or at least not the primary focus of the attacker.

“Whether that attacker was state-sponsored (as many have speculated, though usually without evidence), a self-motivated political hacktivist, or even cyxymu himself, the spam did a good job of bringing cyxymu’s opinions to light. Amateurish inconsistencies in the header data (a BCC header field), lack of creativity in the contents, and the low volume of email are part of the distinctive character seen in this campaign.

Join the CSO newsletter!

Error: Please check your email address.

Tags spammcafeesecurityddosChinatwitterFacebook

More about FacebookMcAfee Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tim Lohman

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts