![Image](/cdn-cgi/image/format=auto/sites/default/files/images/blogs/_TIeEMQaNHSw/S_FTj7GtNsI/AAAAAAAAAN0/T1fJky_mKN0/s320/Screen+shot+2010-05-17+at+10.34.32+AM.png)
hxxp://groups.adobe.com/index.cfm?event=post.display&postid=22600
... most all postids between (that's more than 2K posts!) ...
hxxp://groups.adobe.com/index.cfm?event=post.display&postid=25000
Users that follow the links visit a page that looks like:
![Image](/cdn-cgi/image/format=auto/sites/default/files/images/blogs/_TIeEMQaNHSw/S_FTU-KTgdI/AAAAAAAAANs/8Q33tovWGew/s320/Screen+shot+2010-05-17+at+10.33.41+AM.png)
Clicking on the advertisement takes you to the pharm redirector:
hxxp://online-shop24h.com/shop/go.php?sid=133 (has groups.adobe.com referer)
302 redirects to the pharm: hxxp://www.best-medshop.com (USID tracking cookie is set)
![Image](/cdn-cgi/image/format=auto/sites/default/files/images/blogs/_TIeEMQaNHSw/S_FVRT34_TI/AAAAAAAAAN8/bXA1fZfFmdg/s320/Screen+shot+2010-05-17+at+10.41.03+AM.png)
online-shop24h.com domain registration info:
![Image](/cdn-cgi/image/format=auto/sites/default/files/images/blogs/_TIeEMQaNHSw/S_FWNTnF-2I/AAAAAAAAAOM/GvWyaNDDg3c/s320/Screen+shot+2010-05-17+at+10.45.15+AM.png)
best-medshop.com domain registration info:
![Image](/cdn-cgi/image/format=auto/sites/default/files/images/blogs/_TIeEMQaNHSw/S_FV0Lmgr4I/AAAAAAAAAOE/F_NFvuJZcq8/s320/Screen+shot+2010-05-17+at+10.43.51+AM.png)
The lesson here is that if you or your company is going to start a "Groups" page (or any site that allows user driven content to be published onto your site), you need to have a mechanism in place to validate the content / prevent this sort of abuse. I sent a note to Adobe notifying them of this problem.