Hard facts about penis pills
We've all seen far too many spam for "Generic Viagra" but does anyone really buy the stuff, do the spammers make any money out of it, and why are so many of these sites in Canada?
Security specialists Sophos recently unveiled the results of some research into the penis pill spammers. One of the spamvertized online pharmacies had neglected to implement proper security and this allowed researchers to inspect the site and uncover many interesting facts about the fake pharmaceuticals infrastructure.
The fake pharmacy sites are part of a franchise operation, a massive affiliate network named GlavMed. People joining the franchise download an e-commerce system written in PHP and tailored to this franchise. The operators of the fake websites simply forward orders to the hub of the network in Russia and receive a commission on all orders.
The Canadian connection is primarily aimed at the US market. US citizens are well aware that drugs bought in Canada are often significantly cheaper than the same drugs bought south of the border. Glavmed has exploited this to develop its Canadian Pharmacy brand and it is not unusual to find websites which claim to be "Canada's Number 1 online pharmacy", often with a domain name ending in CN. Of course CN actually refers to China, not Canada. The researchers found an astonishing 124,000 sites in Google which claimed to be "Canadian Pharmacy" so the chances of finding a legitimate Canadian pharmacy on a search engine are slim.
The researchers were able to study the orders placed through the unprotected site and found it was taking 20 orders a day with an average value of $200 per order. Of this, the website operator was getting a 40% commission, meaning that he was typically receiving $1600 a day in income.
A great deal of spam is sent through compromised machines on user's desktops around the world. There is a whole underground industry which specialises in finding new ways to sneak rogue programs onto user's machines and selling or hiring out groups of machines as "botnets". Few computer owners would be happy at the idea of their machines being abused in this way, yet studies have previously indicated that machines remain infected for an average of 6 weeks. However, Trend Micro has recently conducted an up to date analysis of 100 million reports of compromised PCs and concluded it is far worse than anyone thought. It found that only 20% of machines are cleaned within a month of infection, the median length of infection is 10 months, and it is not uncommon to find machines that are infected (or repeatedly re-infected) for more than two years.
In light of this, some countries such as Australia are considering legislation requiring ISPs to contact customers of infected machines and, if they fail to remedy the infection, disconnect them from the Internet, whilst the Internet Engineering Task Force (IETF) has published a set of draft guidelines for how ISPs around the world should go about cleaning up their networks.
29th September 2009
This article comes from the SKILLZONE email newsletter, published monthly since January 2008, and covering topics related to technology and the internet. All articles and artwork in the SKILLZONE newsletter are orignal content.