The following is a fake mail which simulates being sent by Apple, the hook is a alleged purchase order that was canceled:
Fake Apple Mail
Clicking on the link ends in a legitimate site that was compromised, the attackers created hundreds of spam pages under their control. The one included in the message only has a link and a script that redirects all visitors to a fraudulent online pharmacy:
Spam page created on the infected site Redirect to fake pharmacy
Following this trail I came across several sites that are being similarly exploited, they all use an outdated version of AWStats (it is a web statistics software) and they have it without a password, so anyone can access the data.
In the case of this spam email, so far in May more than 2,000 people they clicked on their link:
Spam page was loaded 2174 times
In another of the infected sites it can be seen that the campaign was even more effective, over 8,700 clicks:
Another spam page that received thousands of visits
By taking advantage of legitimate sites, spammers manage to circumvent anti-spam filters and increase traffic to their pages, the more visits the greater the chances of achieving sales, infecting and earning money.
It is difficult for me to close the circle and understand how a person can click on an alleged purchase order from Apple and end up buying cheap viagra with their credit card, but hey … if they send it out it is because it must give them results, the key is to do it massive.
See also: Good spam, hard not to click. Thank you for your purchase! Flashy spam.Translate.google.com used to circumvent spam filters.