Weekly analysis – 27th February 2010 to 6th March 2010

No Comments

MillerSmiles provides its weekly phishing analysis for the week of 27th February 2010 to 6th March 2010

Excerpted from:
Weekly analysis – 27th February 2010 to 6th March 2010

Share/Save/Bookmark

Weekly analysis – 20th February 2010 to 27th February 2010

No Comments

MillerSmiles provides its weekly phishing analysis for the week of 20th February 2010 to 27th February 2010

Originally posted here:
Weekly analysis – 20th February 2010 to 27th February 2010

Share/Save/Bookmark

Weekly analysis – 13th February 2010 to 20th February 2010

No Comments

MillerSmiles provides its weekly phishing analysis for the week of 13th February 2010 to 20th February 2010

See the rest here:
Weekly analysis – 13th February 2010 to 20th February 2010

Share/Save/Bookmark

Weekly analysis – 6th February 2010 to 13th February 2010

No Comments

MillerSmiles provides its weekly phishing analysis for the week of 6th February 2010 to 13th February 2010

Here is the original:
Weekly analysis – 6th February 2010 to 13th February 2010

Share/Save/Bookmark

Who Put The “Canadian” in Canadian Health&Care Mall”?

No Comments

others..

Right out of the gate: lies.

The domain, which they carefully placed at the end, is:

http://gipg.vbjeozwe.cn

That’s “.cn” as in “China.” Not Canada. Hosted on IP address: 89.134.141.124. That’s in Budapest, Hungary.

That in turn redirects to:

http://canadapharmacymall.com/

A domain which has been especially difficult to shut down, thanks to the deaf ears of ename.com, registrar of choice to many illegal spam operations.

Hosted on ip address: 200.206.237.78

That’s in Brasil. And guess what? It’s a hijacked unix server. The actual owner of that server has either abandoned it or is otherwise not using it for web hosting purposes.

So: “Canadian”? Lies!

“Family values”? So far we’re up to:

- Lies about where they claim to be located.
- Hosting on hijacked unix servers
- Fake and / or dangerous drugs.
- Lies about how long the order takes to ship
- No security whatsoever.

I don’t see any “family values” in any of that. Didn’t their mothers ever teach them that lying is wrong?

From Canada)… This article suggested checking with the following organizations
when buying meds from Canada (Canadian Pharmacies):

1. CIPA: Canadian International Pharmacy Association
2. IMPAC: Internet and Mailorder Pharmacy Accreditation Commission
3. Pharmacy Checker

I highly recommend Pharmacy 0nline for all meds purchased from Canada… Most
important, I ordered on the 20th of January and received them on the 27th of
January… Thank you again for being there…”

Wow. They just don’t know when to quit.

AARP: That’s the American Association of Retired People. There is a rfeport, as mentioned, and it lists each of the three organizations listed above (article available here). No representatives from the AARP responded to a request for comments on this claim, but try and find a single report that mentions “Canadian Health&Care Mall”, or bulker.biz in a positive light. Go ahead I’ll wait… :)

CIPA, if you contact them, are very much aware of this illegal online pharmacy and do not endorse or support this group, or any of the sites that they promote via illegal spam or otherwise. They’re also well aware of the abuse of their logos and organization name within these illegally sent spam messages, and on the websites they drive to.
In reviewing all the above, I could only find two Pharmacies that were recommended
by all three… and one was Pharmacy Online.

IMPAC (Internet and Mail-Order Pharmacy Accreditation Commission) also is aware and (hey guess what!) also deny any endorsement for this site, or this affiliate program. Their site also features a list of actual IMPAC accredited pharmacies (located here) and (hey guess what!!) “Canadian Health&Care Mall” is nowhere to be found. There are only three online pharmacies on that list, so it doesn’t take much time to figure out that this group is telling outright lies.

Pharmacy Checker, as you might expect, also says that they do not at all endorse this group, and further that their logos and organization name are being used illegally by this group.

By the way: who is this quotation from? Who is this “I” they refer to? And why do they suddenly refer to this site as “Pharmacy Online”?

Lies.

If you do a simple, non-strategic search for “Better Business Bureau Canadian Health&Care Mall” the first link you get has a headline of “Online Pharmacy Questionable: Canadian Health&Care Mall” (here.) Separately, correspondence I and many others have had with the Better Business Bureau in numerous states has resulted in statements from their representatives stating outright that they do not recommend these sites, that they lie, that they pose a genuine risk to the public, and that they are notoriously difficult to shut down. They also state that their logos and organization name are being used by this group without any authorization or consent.

But hey: so is their hosting. So is their domain registration, which uses stolen identities and credit cards. So why stop there?

If I were to write a testimonial with some truth in it, it might sound more like this:

All of the research I could find on this shady “pharmacy” indicated that they were lying to me, but I purchased from them anyway. I know it sounds silly, since the only way I ever heard about this company was via hundreds of unwanted spam messages which I never asked to receive. I guess I figured “why not”? They certainly weren’t going to remove me from their lists. After weeks of waiting I did finally get some pills but they weren’t packaged very safely, and when I brought them to my doctor he said that these were essentially fake pills.

But people generally don’t do this type of research before they hand over their credit card information. They should.

Please visit our Big Discount Canada Pharmacy Mall via below links
http://gipg.vbjeozwe.cn
http://gzts.vbjeozwe.cn

How about: please don’t.

The days of this criminal group must be numbered. If this were a legitimat company with a head office and a CEO, they would be hauled into court for publishing lies like this. Because they are illegal spammers, and have operatives located in numerous offshore locations: they get away with it.

It is time for international law enforcement to recognize this group and others like it as more than a mere “nuisance” for spamming. They are commiting numerous serious crimes without spamming even entering into the picture, and most of all, they are filthy liars.

Please tell anyone you know who has a requirement for pharmaceuticals that they should never, ever, buy from organized criminals, which is essentially what this group is.

SiL / IKS / concerned citizen

Read the original post:
Who Put The “Canadian” in Canadian Health&Care Mall”?

Share/Save/Bookmark

What Is Going On At Bulker.biz?

No Comments

As many of you who follow my blog know, Bulker.biz (more recently known as “bulkerbiz.com” due to coincidental shutdown of their previous domain in November 2008) is a spam-friendly affiliate I’ve talked about quite a bit.

The list of illegal acts they routinely take part in is available in the spamtrackers wiki entry devoted to their most popular spammable illegal online pharmacy My Canadian Pharmacy.

I noticed that rather suddenly, they have decided to secure their current affiliate portal, replacing it with an authorization setup, and a default message indicating they are changing their name yet again.

Site is closed. Please contact ICQ 333192431 for new address.

To see what it used to look like, even a mere four days ago, check out the Spamtrackers wiki entry here.

Isn’t that interesting?

That ICQ address belongs to an individual who used to post on a variety of forums, notably Russian ones, using the username “ebulker”. He specifically mentions in most of these postings that bulker.biz “doesn’t care where your traffic comes from”, indicating that they’re very much aware that they spam illegally. But really, spamming is just the tip of the iceberg. These guys break so many laws on a daily basis that it’s hard to believe nobody’s gone after them. It would literally be like shooting fish in a barrel.

More as it happens, I suppose…

SiL / IKS / concerned citizen

See original here:
What Is Going On At Bulker.biz?

Share/Save/Bookmark

An open letter to new US FTC Chairman Jon Leibowitz

No Comments

The following is a letter which has been drafted by many of the members of the Fight Spammers Forum at InBoxRevenge.com to Jon Leibowitz, who was appointed as the new chairman for the Federal Trade Commission. I think it deserves some exposure.


We very much support the efforts the FTC is taking to educate consumers about internet fraud and identity theft, and we recommend that everyone view the excellent materials online at ftc.gov. However, those types of problems require a level of coordinated effort beyond what any one individual or business can accomplish. We urge the next head of the FTC to see the big picture. And one obvious part of the picture is spam.

Spam is like a flashing light alerting us to far more serious criminal activity beneath the surface. By minimizing the severity of spammers’ offenses, you lose the ability to expose and investigate much deeper risks to the US, even impacting on national security.

Spam — unsolicited commercial email — is a nuisance. Because it is so inexpensive to advertise through email, spam volume has ballooned to comprise the vast majority of email messages. And the majority of the spam being mailed advertises products that are fraudulent or illegal, whose sponsors do not care about building a positive brand image. Most users have little idea how much spam would be arriving in their inboxes if their internet service providers were not using strategies to block the worst of it.

This is obviously a problem in terms of time/money spent on spam filtering systems and in deleting spams that pass through filters. More importantly, the loss of valid emails due to spam filtering is making some types of email communication extremely difficult. Legitimate commercial email is lost in the deluge of spam messages.

But the problem in the inbox pales by comparison to the multiple layers of illegal activity spammers employ to circumvent users’ attempts to avoid their garbage. Spammers are hijacking the computers of innocent users to send their email and host their web sites. They are using stolen identities to register their website domain names, and using stolen credit/debit/PayPal accounts to pay for them. Their websites flagrantly violate trademarks, fraudulently claim approval from agencies like the FDA and Better Business Bureau, use stock photos of buildings and people to create imaginary locations and corporate officers for themselves, display forged pharmacy licenses, and sell counterfeit copies of drugs still protected by patents within the US. They abuse voice-over-internet phone service, using US local phone numbers to give unwitting consumers the impression they are located within the US. They transmit protected health information and credit card numbers via insecure connections, and use fake images of SSL icons to deceive consumers about that fact. They require no prescription for drugs that require one in the US, often including controlled narcotics. They ship pills of questionable content into the US, competing with those produced under FDA oversight, and they smuggle them through customs via fraudulent declarations. They use spam emails to lure additional people to websites where their computers will become infected with malicious programs like computer viruses and Trojan horses, allowing the spammers to continue to expand their power to abuse the internet.

While CAN-SPAM attempted to provide a safe haven for legitimate emailers, it is totally ignored by the criminal spammers whose products would still be illegal no matter how “compliant” their emails might be. Enforcement is hampered because spammers can maintain anonymity by using other people’s hijacked computers, and because many of the most prolific spammers operate in countries which tolerate or even condone their activities.

But the situation is not as hopeless as it would appear. Not all reasonable measures are being taken to control the problem. Spammers could not continue at this level of activity without the passive cooperation of legitimate businesses. For instance, there are multiple systems in existence to identify the hijacked computers and illegally registered domain names that spammers rely on to conduct their business. Spam filtering products rely on them to obtain the necessary information to identify spam. Yet that information is often ignored by the otherwise legitimate registrars, hosting companies and telecommunications services which have the power to do something about it.

Does anyone really believe the spammer smuggling counterfeit Viagra into the US is sitting at home at the address provided in the domain registration, waiting for law enforcement to drop by? Then why is there unwillingness to investigate and suspend these domains? Do internet service providers think their customers would rather not know their computers are controlled by strangers in foreign countries, sending spam and helping themselves to users’ personal information? Then why are they so unreceptive to reports of hijacked servers within their own networks? Do banks consider it acceptable for their clients’ credit card numbers to be stolen to register illegal domains? Then why is there no effort to identify and close the credit card merchant accounts being used to process orders at those same sites? And when it would be simple to block all traffic from rogue countries which allow these criminals to operate, why are US internet companies so lax at shutting down bots on their own networks, making it impractical for American companies to block traffic from the worst spam-spewing IP address ranges?

The other issue is that these armies of zombie computers, called “botnets,” do more than just send spam or host websites. They are also used to conduct Distributed Denial of Service attacks. In such attacks, large numbers of computers access the resources of an internet target simultaneously, making it impossible for that web site to continue to operate without spending large sums of money for mitigation.

We in the antispam community saw an extreme example of such an attack in 2006 when angry spammers attacked the company Blue Security, whose product submitted automated unsubscribe request for its members. The high volume of that DDoS attack not only shut down Blue Security, it knocked many other innocent firms off-line as well. Yet this was apparently dismissed as a private matter between Blue Security and the spammers, and there was no notice given of the potential risk to national security posed by criminals with control of such a powerful botnet. A year later, a DDoS was used to attack government agencies in the nation of Estonia. While our government expressed concern, there was little evidence of action. Now similar attacks on the nations of Georgia and Kyrgyzstan have been in the news, and non-governmental targets continue to be attacked for the purpose of extortion or harassment. This is more than merely a commercial or consumer nuisance; it is a threat to national security.

These botnets are in fact being purchased and maintained by the spam economy. That’s the “military budget” keeping those “standing armies” available for rental by any terrorists who might wish to attack the US. There is serious potential for cyberterrorism to cripple significant parts of the US government and private sector, and spam is just one particularly visible part of the problem. The silly messages and sexually oriented products should not deceive anyone about the danger. We ask you to work to coordinate the various companies whose actions and inaction enable spammers to operate, so that the current state of extreme lawlessness can be brought under control.

– from the spam and
internet security investigators
at InboxRevenge.com.

SiL / IKS / concerned citizen

Read more:
An open letter to new US FTC Chairman Jon Leibowitz

Share/Save/Bookmark

Microsoft security updates for February 2009

No Comments

Learn about and download the latest computer security updates for February 2009. Read tips on protecting your computer by using anti-spyware and anti-spam programs.

See more here:
Microsoft security updates for February 2009

Share/Save/Bookmark

Glavmed responds – re: my Open Letter.

No Comments

Welcome Glavmed affiliates who are linking here directly from the Glavmed site. :)

For a very brief period of time yesterday (Feb. 4th, 2009) the following claims were posted on many pages of the glavmed portal site, and it makes it clear that they are seeing some negative attention as a result of my open letter:

4.Our rivals allege that our drug stores’ products have low quality. This is totally lie and defamation. We can show hundreds of feedbacks, proving high quality of our products. We also have independent test results. They prove that our products are being produced by indinan laboratories and up to claimed quality.

Unfortunately we can foresee the further organized pressure against our partnership programme, because normal business competition can’t be provided by them. We really take care of our partners and our customers.

This message was removed sometime between yesterday and today. It is unclear why, although I would guess that they didn’t want their own affiliates reading my posting. I and other researchers have also noticed that they are now blocking very specific IP addresses from viewing the Glavmed website.

A couple of obvious corrections need to be made right off the bat:

a) The letter was not written to you, Glavmed representatives. It was written to law and drug enforcement agencies, as well as the media who has been researching this.

b) I am absolutely not a “business rival”.

c) I am not the only one who has been researching your organization. My letter is a an account of the known, researched, verifiable facts regarding the scourge of unwanted Canadian Pharmacy websites. If I were trying to defame you, I wouldn’t have nearly as much factual evidence in my letter.

So in response, I’ll counter their bogus response point by point.

1. Glavmed claims on their front page (and I’m of course not altering their horrendous spelling and grammatical mistakes):

GlavMed is a BEST way to convert your pharmacy traffic into real money. Forget about miserable sums you’re getting sending your visitors to PPC pharmacy results.

You’re loosing at least half of YOUR money converting traffic like this. GlavMed offers you a possibility to eliminate any agents and sell most popular pharmacy products directly. It means 30-40% revenue share. features & benefits

Note: sell most popular pharmacy products directly. Which is it? Are they selling them or not?

Whether they sell the drugs themselves or not is ultimately irrelevant. They are part of a long chain that gets illegally-produced FAKE and harmful versions of these products into the hands of unwitting members of the public. There is copious amounts of evidence to support this, and they know it.

Glavmed is an affiliate program. They get their affiliates (aka: spammers) to promote (aka: spam) the websites (hosted via rampant viral PC infections) to sell fake drugs to unwitting victim customers. Who do they send that order data to? They don’t say. But they know who that is, and they know that they are taking these orders without any consultation with any pharmacist. They also do all of this with absolutely ZERO security or encryption, so you can imagine how they’re treating the rest of your personal data.

2. Sure, they state on their website that they don’t allow spamming, but as I mentioned: they removed any of the postings which made it clear that very actve spammers are indeed a part of their program. Nowhere do we find ANY postings within their forum about any actual action taken against spammers. Literally everyone with an email address will know that Canadian Pharmacy is THE most spammed property on the Internet today, and has been for three years and counting. If they don’t allow spammers, why is it still the most commonly found spam in the world today? You can have rules all you like. If you’re not enforcing them: what does it matter?

As an aside, I and many other individuals have been complaining to Glavmed under numerous identities starting in May of 2008. I have personally sent, using numerous of my accounts, at least 25 very detailed complaints regarding spam messages I have received between May 2008 and January 2009. Guess how many responses I’ve gotten? Guess how much “action” I’ve seen on behalf of Glavmed, or anyone else claiming to represent this operation? ZERO! Guess where their abuse-reporting pages are on their site? THEY DON’T HAVE ANY!

This claim is utterly false. They take zero action regarding their KNOWN spamming affiliates, and they never will.

3. If Glavmed has been aware all this time that so-called third parties were ripping off their site designs, functionality and everything else: why haven’t they drastically changed their entire design, branding, etc., or made ANY public statement regarding any of this? Why did they wait until someone like me exposes the whole setup for the obviously fraudulent operation that it is? This is an outright lie.

4. Again I will link to actual evidence (source), on behalf of a reputable company — Ironport — who placed orders from one of these sites, and gave the pills they received to a lab for analysis:

False Drugs Purchased

IronPort researchers followed the trail they uncovered and ordered sample pills from a pharmacy source in India. They then had an independent lab analyze the contents. The pills IronPort ordered contained sugar and some inert filler, Bhandari said.

A second test sampling from another online pharmacy purchase contained high metal content. The substances could be very harmful to unsuspecting consumers, he said.

IronPort-sponsored pharmacological testing revealed that two-thirds of the shipments contained the active ingredient but were not the correct dosage, while the others were placebos. As a result, consumers take a significant risk of ingesting an uncontrolled substance from overseas distributors, according to IronPort.

So in light of this report: I don’t believe a single word Glavmed says, and I don’t think anyone else should either.

Keep in mind: this is only one such report. There are others.

I notice that they completely ignore any mention of concern over the rampant illegal spamming which continues on behalf of Canadian Pharmacy, nor do they even broach the subject that as recently as October 2008 their site templates still contained bogus “sponsorship logos” on behalf of the Better Business Bureau, Verified By Visa, and Pharma Checker, nor do they mention that they were making very public statements that they knew full well that all of these logos were not being used appropriately.

The Spamtrackers wiki entry for Glavmed contains a screenshot of the Glavmed sites page dating from July 2008 which shows the Canadian Pharmacy layout still featuring the bogus sponsor logos. (source.)

In addition: this howler of a claim:

“We can show hundreds of feedbacks, proving high quality of our products. We also have independent test results. They prove that our products are being produced by indinan laboratories and up to claimed quality.”

Their claim that they have all kinds of feedback saying how great they are is meaningless.

Which “indinan laboratories”? Which “independent test results”? On behalf of whom? Published where, exactly?

Of course they will never say.

What about third-party, verified claims and lab tests that your products are genuine? What about third-party reports that your servers actually are secure? If I’m selling you a car and you ask me for verification that the car is in road-ready shape and is safe to drive, I can’t just start typing you a recommendation myself. I would need a third party inspector to verify that my claims that this vehicle was safe were in fact true. Glavmed doesn’t do this, nor have they ever.

“We really take care of our partners and our customers.”

Really? I know for a fact that numerous of your customers would very much beg to differ.

Clearly my letter has hit a nerve. As usual, their response, as with many obvious spam operations, is more concerned with damage to their profits than anything to do with public safety, or the security of your personal data.

Glavmed’s claims are theirs alone, verifiable by nobody, and easily countered point by point as being verifiably false.

I stand behind every word of my posting. This is not defamation. Again: I am only one individual, but my posting links to research performed by literally dozens of others, from a very wide variety of technical, medical, security and other backgrounds.

Use your own judgement: Glavmed, and the entire operation they support, are liars and part of a criminal operation. The proof isn’t just in my open letter. It’s all over the place.

SiL / IKS / concerned citizen

Continued here:
Glavmed responds – re: my Open Letter.

Share/Save/Bookmark

Canadian Pharmacy and Glavmed: An Open Letter To Law Enforcement, The FTC And The FDA

No Comments

To whom it may concern (and ultimately it concerns all of you.)

I write today to petition your attention towards a large-scale international illegal pharmacy operation known as Glavmed.

Glavmed are the sponsor program promoting the very-widely-spammed property known as “Canadian Pharmacy”. (Hereinafter referred to as “CPh”.) If you have an email address of any sort, it is very likely that you’re at least mildly aware of Canadian Pharmacy. It’s the most commonly spammed property on the Internet today, and shows no signs of slowing down whatsoever. CPh has been relentlessly spammed to millions of recipients for the past three years. Here is a screenshot of a currently spammed domain, dadsymbol.com:


Further (although technically speaking this is less of an issue than the risk to public health and safety): these sites’ continued use of the brand name “Viagra” is in violation of the trademark and intellectual property rights of Pfizer, who owns the Viagra name and the patent on its particular medicinal formula. There is no such thing as “generic” Viagra, nor has there ever been. It is not legal to make — or claim to make — Viagra while Pfizer still holds the patent. The same is true of Cialis and Levitra.

Sales of these alleged “generic” pharmaceuticals violates the law in most countries around the world. Sale of these products in their legitimate form without consultation with a physician or a registered pharmacist is also illegal, and violates several sections of the FDA act.

Finally: sale of controlled substances – phentermine definitely qualifies, but again: who knows what’s actually in the pills this “company” is selling to you? – is also against the law when done so without any registered pharmacist or a valid, authorized prescription.

This organization breaks several international laws, but more importantly it poses a very serious threat to the public’s health.

Promotion Via Illegal Spam

The only way that perhaps 70% or more of the world has heard of Canadian Pharmacy is via the unrelenting, large-scale receipt of illegally-sent spam email messages. By “illegally-sent”, I refer specifically to the fact that they (or someone or some group working on their behalf) send these emails using very large scale “botnets” (definition) comprising several thousand of exploited public computers. Over the past three years, no fewer than six (6) IT security organizations have performed research on a variety of these botnets, most notably the Storm botnet, and discovered that one of the primary uses of this botnet was to send spam email messages promoting these CPh websites.

I myself have written on this blog and on numerous spam- and cybercrime-related forums regarding Canadian Pharmacy, and I’ve specifically been researching their operations starting in mid-2006. (previous posting) However I am far from the only individual researching this organization.

Finnish Security Company “F-Secure” posted research tying spam messages promoting spamvertised websites for CPh on November 11th, 2006. (source) In this research they discovered that a PC exploit then known as “Warezov” was capable of sending spam. That spam contained urls for websites promoting what was then known as “Pharmacy Express.” Pharmacy Express turned into Canadian Pharmacy in early 2007. The spam runs promoting these websites would often send tens of millions of messages to addresses around the world. The domain names for the Pharmacy Express sites were virtually identical in naming structure to those used as name servers for other sites which were being used as infection points for the Warezov virus, as well as domains used as name servers for both the warezov infection sites and the CPh websites. More on Warezov and it’s functionality later.

Fast-Flux Hosting Via Hijacked Public Computers (Storm Worm)

Focusing again on the abovementioned domain, we can see that some unique hosting solution is being used for the “dadsymbol.com” domain by running a “dig” command against that domain:

sign up form features no section where anyone needs to disclose whether they are a medical professional or a pharmacist at all, or whether they are retaining one for the purposes of fulfilling prescriptions for the pharmaceuticals these sites sell.

So how did I discover the link between Glavmed’s affiliate program and Canadian Pharmacy? I joined their affiliate program. I will not disclose the details of my affiliate account other than to say that I have never used it for any promotional purposes on behalf of glavmed or Canadian pharmacy. Once I was approved, I was sent a link to their site templates which made it very clear that this was a very large-scale, highly organized operation, and that they are indeed 100% responsible for Canadian Pharmacy, and therefore responsible for the relentless spamming which occurs on their behalf.

As it turns out, apparently one of their supporters or affiliates posted a very Glavmed-friendly piece on a website known as atlantea.com (source), which alleges to rate the various online pharmacies promoted by Glavmed. They of course make absolutely no mention of the fact that these sites are easily the most prolifically-spammed properties on the Internet today. That entire domain appears to be a very spam-friendly site, and it links to a known base-domain which glavmed sites have been using for payment processing for three years now, rx-partners.biz.

Some interesting additional notes: They have modified several threads in their forums. These threads previously contained postings by several members which made it very clear that not only were Glavmed and their affiliates aware that many of their ranks were involved in large-scale spamming, but that they also knew they were lying about the use of logos such as that of Pharma Checker.

This thread previously had a posting (following posting #4, which is now the final posting in that thread) which stated that there was no valid Pharma Checker account for the Canadian Pharmacy websites. (A valid Pharma Checker is required in order to place a link to any pharmaceutical sites within a Google Adsense campaign, among many others. One affiliate was refused. I feel certain that many others must have been refused as well.) Another thread regarding spamming (source) had several pro-spam postings dating back to late 2007. These were removed sometime between December 2008 and January 2009. That was previously located after posting #3. Clearly someone is removing any expository evidence. (I and many others have archives of this forum however.)

Glavmed / Spamit / Storm / Canadian Pharmacy / RBN

Further, no less an authority than Ironport, a major spam-fighting corporation, made direct connections between Storm worm, Canadian Pharmacy, Glavmed, and their underground affiliate portal (and likely the real smoking gun) known as Spamit.com. (source) Ironport also placed several orders to verify what would happen with their bait credit card information, and to see whether they would actually receive anything from the order. They did receive a package containing pills which contained sugar and what was referred to as “inert filler”. Another contained “high metal content”. This is clearly a very high risk to the public’s health.

I and many other researchers and security professionals believe it is time for someone to take decisive action against this operation, which has profited for at least four years now and is only continuing to grow. Research and evidence abounds regarding the connections between Canadian Pharmacy, Glavmed, The Storm Worm and the Russian Business Network. All of these are known by numerous security and law enforcement agencies to be operating in flagrant violation of international law. I and the citizens of my country and those of pretty much every other country are fed up with continual bombardment of these spam messages, promoting websites which lie in every word of their content, which sell fake and harmful products, and which endanger the lives of the general public. We are fed up with the complete lack of action on behalf of anyone in Law Enforcement to go after Glavmed, their affiliates, their site operators, their payment processors, their hosting providers and their domain registrars. The time for action is now, especially with the abundance of available research into this organization and their practices.

Please take this appeal very seriously. I welcome your feedback.

Very sincerely,

SiL / IKS / concerned citizen

Further research into Canadian Pharmacy

Spam Wiki: Canadian Pharmacy
http://spamtrackers.eu/wiki/index.php?title=Canadian_Pharmacy

Further research into the Storm Worm

Storm Worm Botnet Cracked Wide Open
http://www.heise-online.co.uk/security/Storm-Worm-botnet-cracked-wide-open–/news/112385

Russian Business Network (RBN): Georgia Cyberwarfare – Attribution & Spam Botnets
http://rbnexploit.blogspot.com/2008/08/rbn-georgia-cyberwarfare-attribution.html

Full-disclosure: It’s time to get serious about Storm Worm / RBN
http://seclists.org/fulldisclosure/2008/Mar/0300.html

Slashdot: We Know Who’s Behind Storm Worm
http://it.slashdot.org/article.pl?sid=08/01/29/1823242

Excerpt from:
Canadian Pharmacy and Glavmed: An Open Letter To Law Enforcement, The FTC And The FDA

Share/Save/Bookmark

Older Entries