A Trojan installed on victims computers, called Win32.Kelihos.b, is responsible for sending spam on behalf of a fake “Canadian pharmacy.”
Computer researchers discovered that a group running a botnet used P2P to install this trojan on victims’ computers in order to lure them into purchasing rogue anti-spyware products, and then to send spam with subject lines related to the medicine, reports GFI Labs.
The spambot sends junk emails advertising fake pharmacy websites branded “Canadian Pharmacy” and associated with Glavmed. Glavmed is the organization which sponsors spammers to promote illegal pharmacy websites.
This botnet shares large portion of its code to another one, “Waledac,” which was targeted and “neutralized” by Microsoft last year, reports Brian Krebs.
With subjects like, “Anti-swine flu drugs are available here,” “Are you worried about swine flu? buy medicine!” and “Buy medicine that prevent you from getting swine flu,” the botnet takes over computer processing time to send emails as spam for fake internet pharmacies associated with the name “Canadian Pharmacy.”