This is strange. Looks like Amazon was hacked to sell a colon cleanser!
Tonight I get an email saying “Get a Blu-ray Player with Purchase of Qualifying Samsung HDTVs” which actually sounded like a good deal, coming from Amazon. I recently got a free printer with the purchase of a Samsung LCD, so I clicked this ad because I’m thinking about buying a larger LCD to watch movies.
The spam email looks very professional, at a glance there’s no way to tell it’s not really from Amazon. I get these Amazon “recommended deals” emails all the time. Who doesn’t? So either Amazon has lost its mind (spamming a colon cleanser) or an unguarded redirect script on Amazon’s website was taken over by a hacker/spammer.
Take a look at this URL, it looks legit, right?
http://www.amazon.com/gp/r.html?R=1P82UR23M2GSX&C=3BV421ZYZED2C&H=IF98WICIG7CHUGSKWGRWS7CT2MEA&T=C&U=http%3A%2F%2Fwww%2Fgp%2Ffeature.html%2Fref%3Dhi_img_1%2F%3Fie%3DUTF8%26docId%3D1000476101
R.html appears to have the vulnerability. Probably Amazon uses r.html for some useful purpose and never thought it would be used by a spammer to redirect us to a weight loss landing page. Is your redirect script next? Protect your scripts!
The Amazon URL redirects me to “http://www.www.com/daily-health-news/” which tells me I can “Lose 47lbs In The Next 10 Days (Without Exercise or Dieting?)” But this spammer made a mistake, this site runs Google Adsense and Doubleclick.net ads! I assume Google will kill this spammer’s Adsense account.
Granted, we don’t know for sure Alex Royf is responsible for this spam, but I would like to hear a better explanation. The domain is registered to Alex Royf of “Diagonal Axis Limited” and his site “diagonalaxis.com” is a blank page.
If you have more details, please leave a comment.