Monday, January 14, 2008

US Pharmacy (Very American) -> Total Lies

We are seeing a great deal of new spam for this family of illegal websites. I thought it was time to raise the curtain on how these illegal websites operate.

Note that on the front page, the site is selling numerous controlled substances:



A closer look:



Note that they misspell "Hydrocodone". Sounds like a real professional operation they got goin' on there...

Hydrocodone is defined by the US Food and Drug Administration (FDA) as a banned Schedule II narcotic, and further defined by the FDA as a Schedule III controlled substance.

Vicodin ES is a derived product containing Hydrocodone and is similarly classified by the US FDA.

Phentermine, Ambien and Xanax are all defined by the FDA as Schedule IV controlled substances.

Ultram (also known as Tramadol) is not classified as a controlled substance but it is highly addictive.

Controlled substances are considered by the FDA and the international medical community to have a very high risk of addiction.

Further reading:

Schedule III (US)
Schedule IV (US)

For Vicodin ES, the usual dose is 1 tablet, up to a maximum of 5 tablets per day. It is only recommended to take this drug (as well as Hydrocodone) under the strict recommendations and instructions of a doctor or pharmacist. Overdoses can kill people. Addiction is a very strong possibility.

The sale of these substances is considered a federal offence, particularly if one does so with no medical background whatsoever. As we shall see, not only do the operators of these sites have no medical background, they seem to be pretty open about indicating that this is the case, even though they might not recognize that they have done so.

They claim to accept Visa, American Express, Diners Club International and JCB Gold, as well as the online check service ECheck. They even present a special animated banner for the front page, and several large-size icons making this claim:




In reality, when one makes it through to their shopping cart page, it turns out that they only accept Visa and American Express. They also definitely do not accept ECheck, and no such option is present on any of these websites:



The quantity of tablets available for Hydrocodone on all US Pharmacy sites far exceeds any recommended dosage guidelines for this drug:



Clearly these websites do not care what happens to the patients who purchase these products from them. That last entry (180 pills!) is enough to cause serious harm or even death to somebody who is not under the care or supervision of a doctor or pharmacist.

At no point, anywhere on these sites, is there any mention as to who is the registered pharmacist or medical professional who will be providing these drugs to consumers. The sole purpose seems to be to profit as much as possible, even if it means killing the consumers who purchase these dangerous substances.

Throughout the site, a javascript function causes a momentary pop-up graphic to appear which claims: "Please Wait, Secure site loading":



This is of course a lie. There is no secure socket layer encryption technology present anywhere, on any of these websites. They also feature, to the left side of their menu, an image which claims "100% Secure Site":



This is, of course, also a lie.

A typical spam is received in only text format (no html) and featuring very stripped down content with no subject line. A typical message body will read "Get the pian meds you need" (sic) and then feature a link to the target website.

In early January, 2008, the links in the spam messages was almost always a Blogger website whose sole purpose was to redirect the user to the actual target website. For example: The spam received on Jan. 14th, 2008 contained the url:

http://nugiwika29432.blogspot.com/

That url in turn redirected us to:

http://nugiwika29432.blogspot.com/discoveyamazing.com

Which was a mistake in this case, the morons who set up the Blogger site failed to use appropriate url redirection techniques. (Maybe they were high on Vicodin at the time...) It was attempting to redirect us to:

http://discoveyamazing.com/

Several users have received dozens of these messages throughout the month of January. In all cases, the abuse of Blogger urls was reported directly to Blogger.com using their abuse reporting form:

Their "About Us" page makes no mention as to the quality of their products or their legal ability to sell any of them, but they do make a point of saying that they are a popular destination for the purchase of these controlled substances, legal or not:

US Pharmacy is your online pharmacy for FDA approved drugs, specializing in the EXTREMELY POPULAR, yet hard to find High Level Muscle Relaxers, Pain Relief, and prescription Sleeping Aid Meds and MORE!

Join tens of thousands of customers who safely, conveniently, and discreetly order prescription medication including men's health, weight loss, pain relief, diabetes, stop smoking, cholesterol and anti depressant medications and more. Check out our FAQ for more information.


Their FAQ page makes a series of claims which could only be perceived as further lies in light of the fact that they falsely claim to be offering us a secure server.

Q. Is it safe to use my credit card with US Pharmacy ?

A. Absolutely. We have taken every precaution to make sure your transaction is secure. All account information submitted to us is safely isolated from unauthorized access. When you place an order online or with US Pharmacy, your personal information and credit card information are encrypted using SSL encryption technology before being sent over the Internet, making it virtually impossible for your information to be stolen or intercepted while being transferred.

Q. Is my personal information kept confidential?

A. Absolutely the personal information you give us will only be viewed by authorized employees of our company for the purpose of completing your order. We do not sell, trade, or rent your personal information to others.

Q. Are the drugs that you sell safe?

A. Our products are made by overseas pharmaceutical manufacturers. These are the very companies that manufacture (and export in bulk) the drug that goes in to the making of the world's best-selling brands. In the new global economy, manufacturing is increasingly being outsourced to overseas facilities of parent companies or third-party suppliers. Naturally any new advances in manufacturing technology are invested in to these overseas facilities, rather than in to the company's little-used factories. Our drugs are manufactured in state-of-the-art facilities that fully comply with the Good Manufacturing Practices (GMP).


That statement regarding the "GMP" shows the potential for just how dangerous these websites are. The US FDA's Good Manufacturing Practice (GMP) regulation does indeed exist, however it was put in place to regulate the manufacturing of medical devices (think: stethoscopes, scalpels), not pharmaceuticals. The GMP has absolutely no bearing whatsoever on pharmaceutical products. The operators of these sites are clearly not any sort of medical professional, and are only in this to profit at whatever cost. As such all of these websites should be seen as extremely dangerous.

And later in the same FAQ:

Q. Is this legal?

A. There are different laws in different countries for import the drugs for personal use. US FDA regulations allow for the importation of personal medication required for a 3 month period. US residents are already importing medication from Canada, India and South America and US citizens travel to Mexico and Canada to purchase the drugs all the time. Americans are fed up with huge prices at local pharmacies, and Congress is allowing them to buy drugs from other countries to combat this injustice. World-class drugs are now within reach of everybody who is being squeezed by the high cost of prescription drugs.


What this statement conveniently fails to mention is the following:

The United States Federal Food, Drug, and Cosmetic Act (Act) (21 U.S.C. section 331) prohibits the interstate shipment (which includes importation) of unapproved new drugs.

...

"when 1) the intended use [of the drug] is unapproved and for a serious condition for which effective treatment may not be available domestically either through commercial or clinical means; 2) there is no known commercialization or promotion to persons residing in the U.S. by those involved in the distribution of the product at issue; 3) the product is considered not to represent an unreasonable risk; and 4) the individual seeking to import the product affirms in writing that it is for the patient's own use (generally not more than 3 month supply) and provides the name and address of the doctor licensed in the U.S. responsible for his or her treatment with the product or provides evidence that the product is for the continuation of a treatment begun in a foreign country."

...

to ensure that the importation is for personal use only (and not for resale), and to ensure that the use of the unapproved new drug sought to be imported into the U.S. is supervised and does not represent an unreasonable risk, the guidance provides that the individual affirm in writing that the drug is for his or her personal use, and provide either the name and address of the U.S. licensed physician who will supervise its use or some evidence that the treatment was begun in a foreign country and that the drugs are being imported to continue/conclude the already begun treatment. Thus, while not the only documentation, either a U.S. or foreign prescription, along with an affirmation of personal use, could be supplied as evidence that this factor exists.


So no: what these sites are doing IS NOT LEGAL. Purchasing these substances from these sites IS NOT LEGAL. In fact, purchasing from these sites can lead to some serious charges for the consumers under FDA regulations, but this is assuming that the customer survives their likely overdose, given that the quantities which these sites have chosen to sell of these substances is much higher than anyone should ever take of these drugs.

Nobody requires a "three month supply" of Vicodin. That is a sure sign of addiction, and likely a sign that the user is at risk of overdose.

Placement of several control orders resulted in no secure page being accessed at any time, and no real-time validation of credit card information took place. We were immediately forwarded (via javascript) to a thank you page which passed a series of parameters which were easily able to be modified with no adverse effect.

Example url we were forwarded to:

http://discoveyamazing.com/pharmacy_thankyou.php?pending=1&PTxnID=1291602685

We could easily modify this to say:

http://discoveyamazing.com/pharmacy_thankyou.php?pending=1&PTxnID=WeAreIllegalSpammers

It has no problem with our value for the PTxnID paramater, and passes it through to the thank you paragraph:



This further indicates that there is no security whatsoever on these websites.

Placing an order results in a "thank you" page which claims that your order has been placed, and provides a 10-digit numerical tracking id. [eg.: 1291602685] They claim: "average time taken to fulfill an order is somewhere between 2 to 3 weeks."

They state that consumers can send emails regarding their order to the email address: sales@365support.us

The website that they claim users can track their orders at is www.365cansupport.us, however no such domain existed at the time we placed our sample orders.

Finally: even the brand for these illegal websites is a lie. Calling themselves "US Pharmacy" with the tagline "Very American" within their main banner indicates how badly they want to be taken seriously as a US-approved online pharmacy:



In reality the website we were spammed with () was hosted at an IP address located in China:

%whois 210.14.129.233

inetnum: 210.14.128.0 - 210.14.159.255
netname: ZBYD
descr: ZBYD Technology Co.,Ltd
descr: 15A build , xiyongle road ,shijingshan district ,Beijing
country: CN
admin-c: LA100-AP
tech-c: LA100-AP
status: ALLOCATED PORTABLE
mnt-by: MAINT-CNNIC-AP
mnt-lower: MAINT-CNNIC-AP
mnt-routes: MAINT-CNNIC-AP
changed: ipas@cnnic.cn 20071106
source: APNIC

person: Lei An
nic-hdl: LA100-AP
e-mail: anlei@gwbn.net.cn
address: No. 20, Fuxing Road, Beijing
phone: +86-10-68650064
fax-no: +86-10-66813424
country: CN
changed: ipas@cnnic.cn 20071106
mnt-by: MAINT-CNNIC-AP
source: APNIC

inetnum: 210.14.128.0 - 210.14.159.255
netname: ZBYD
descr: ZBYD Technology Co.,Ltd
descr: 15A build , xiyongle road ,shijingshan district ,Beijing
country: CN
admin-c: LA1-CN
tech-c: LA1-CN
status: ALLOCATED PORTABLE
mnt-lower: MAINT-CN-ZBYD
mnt-by: MAINT-CNNIC-AP
changed: ipas@cnnic.cn 20071106
source: CNNIC

person: Lei An
address: 15A build , xixiaoqu road ,shijingshan district ,Beijing
country: cn
phone: +86-10-68610494
fax-no: +86-10-68610495
e-mail: anlei@gwbn.net.cn
nic-hdl: LA1-CN
mnt-by: MAINT-CNNIC-AP
changed: ipas@cnnic.cn 20071106
source: CNNIC


The domain itself outputs absolutely no WHOIS information which is in violation of the ICANN accreditation rules. The domain was registered with XIN NET TECHNOLOGY CORPORATION on Jan. 9th, 2008, and the operators of this domain refer WHOIS requests to their own special whois domain (whois.paycenter.com.cn) which is unreachable.

A bit of a rant regarding XIN NET Technology Corporation: They appear to be the domain registrar of choice for all illegal spammers around the world today. Out of thouosands of complaints which have been lodged with them regarding a variety of patently illegally used domain names, not a single one has been responded to or acted upon. We're talking months of complaints here. ICANN apparently doesn't care. I and many others have complained to them regarding this rogue domain registrar with absolutely no response or action taken. You could probably create your own style of snuff porn site, and have it registered via XIN NET, and nobody will do anything about it. ICANN: When are you going to do something about this?

Anyway: Clearly, there is nothing American whatsoever about these websites.

Spammer lie. Criminals also lie. These sites are created and operated by criminals, and promoted via spammers.

Needless to say: Do not purchase from these websites. Among other things, it's "un-American".

SiL / IKS / concerned citizen

13 comments:

Anonymous said...

Use the source Luke :) And archive it for possible use someday.

From http://365support.us/index.php
google_ad_client = "pub-5041176925307000";
google_ad_width = 468;
google_ad_height = 15;
google_ad_format = "468x15_0ads_al_s";
//2007-04-23: Pharmacy Support
google_ad_channel = "1469202512";
google_color_border = "FFFFFF";
google_color_bg = "FFFFFF";
google_color_link = "2D8930";
google_color_text = "000000";
google_color_url = "008000";

AND

google_ad_client = "pub-5041176925307000";
google_ad_width = 120;
google_ad_height = 600;
google_ad_format = "120x600_as";
google_ad_type = "text_image";
//2007-04-23: Customer Support
google_ad_channel = "3102594349";
google_color_border = "FFFFFF";
google_color_bg = "FFFFFF";
google_color_link = "F2984C";
google_color_text = "66B5FF";
google_color_url = "3D81EE";

IKillSpammerz said...

> Use the source Luke :) And archive it for possible use someday.

Hehe. Nice one! I often browse using NoScript (for obvious reasons, a lot of spammers also want to infect your computer while you buy your fake drugs from them) so I missed that.

SiL / IKS / concerned citizen

Anonymous said...

thanks for the info. I stupidly ordered some drugs at US Pharmacy.

Thanks to your website, I was able to cancel the credit card before the charges took effect.

IKillSpammerz said...

> thanks for the info. I stupidly ordered some drugs at US Pharmacy.

I will never understand why anyone would knowingly submit an order to a company they have never heard of, based on email they likely never signed up to receive.

The most basic rules of online purchasing tend to be:

- Verify that they are using a secure server
- Verify that they actually have legitimate ordering procedures, backed by a legitimate payment processor.

Why nobody is checking these points is somewhat bewildering to me. Spammers always boast that their target audience is stupid. They have no hesitation in saying or assuming this. Don't prove them right.

SiL

Anonymous said...

Not american? LoL. Why is it that their biggest and most of their customers are american for one, and that all these drugs are invented by american corporations to get rich. It's the american way . pop a pill for everything and anything.

IKillSpammerz said...

> Not american? LoL. Why is it that their biggest and most of
> their customers are american for one, and that all these
> drugs are invented by american corporations to get rich.
> It's the american way . pop a pill for everything and
> anything.


Except that you're missing the point.

Sure, the original product was invented by a huge American corporation, but the criminals behind these operations are selling usally (a) fake or (b) counterfeit versions of these drugs, usually produced in either China or India. They aren't manufactured in anything resembling "clean-room" environments, and they aren't sold to people using any valid prescription.

You can say what you want about the culture of pharmaceutical purchases, that doesn't make it all right for some criminal to sell you something which is (at best) completely fake or (at worst) potentially lethal.

SiL / IKS / concerned citizen

P.S. How do you even know that the majority of their actualy paying customers are US-based? They spam a considerable amount of this spam to South Americans, Russians and Europeans.

Anonymous said...

Same ingredients and are the same.. these people are professional. Most of their customers are from the USA which has the biggest drug problem in the world. Same shit with cocaine manufacturers in mexico and columbia, their biggest exports are drugs that are then marketed in america. Lol

IKillSpammerz said...

> Same ingredients and are the same.. these people are
> professional. Most of their customers are from the USA which
> has the biggest drug problem in the world. Same shit with
> cocaine manufacturers in mexico and columbia, their biggest
> exports are drugs that are then marketed in america. Lol


Wow. You're obviously a rep from Spamit (the sponsor behind US Pharmacy,) or possibly one of their scumbag mailers. Glad to see this blog bothers you enough to come up with extremely weak arguments.

No: They are not the same ingredients. People have died from taking these, and numerous examinations of pills received from these sites have shown that when (key word: when) they contain any amount of the purported active ingredient, it is in such miniscule amounts as to be bogus. In many other cases, they actually contain harmful particles which no genuine manufacturer would ever allow to be present in the actual products.

It's obvious you have an anti-American bent. That has nothing whatsoever to do with this discussion.

As usual, yet another idiot spammer (or representative of their sponsor, Spamit) just trying to obscure or deviate from the actual topic: this is illegal, the company promoting it operates illegally, and that these products are dangerous.

And as usual: posting anonymously. Way to grow that backbone, spammer.

Spammers are juvenile, cowardly morons. You just proved that again.

Oh and: nice touch comparing your so-called "legitimate" pharmacy operation with a cocaine cartel. You claim that cocaine traffickers "market" cocaine to Americans? Are you out of your mind? You people are shocking in your lack of any intelligence whatsoever, and callous in your total disregard for public safety.

Enjoy your time in prison, which is bound to happen sooner or later.

SiL / IKS / concerned citizen
[Sick of hearing from anonymous spammers]

Anonymous said...

In no way am i a rep or spam. I was just simply pointing out the fact that drug use in america is an epidemic and it's partly because of the economy that america is their biggest customer. You're totally right it can kill people by OD and over time. Most of these people operate overseas and also know it's americans who invented these drugs which are also prescribed in the USA and just as dangereous. I suggest watching the movie "Sicko". drug companies have those most lobbyists then anybody else. another positive side is that some people actually DO need the drugs and can't get a prescription. i would never promote anything of the matter because i know they kill people. I'm not an anti either. These drug companies could give a shit about the consumers as well. They're both greedy

Anonymous said...

Not a spammer -- I just think their should be other perspectives addressed on here. I don't like the pharmacy crap either since it kills peoples and not to mention all kinds of ways... fact is these corporations who invent these drugs just for the money and the pharmacy site owners and promoters are all in the same boat as i see it. Too big of an impact on planet earth for them not to goto hell. both sides only maybe the people who actually invent it and pay off politicians are doing it on a bigger level.

IKillSpammerz said...

> In no way am i a rep or spam. I was just simply pointing out
> the fact that drug use in america is an epidemic and it's
> partly because of the economy that america is their biggest
> customer.


I will certainly not argue with you there.

> You're totally right it can kill people by OD and
> over time.


That would be true for users of the actual products. I don't know how much clearer I can be: these products are fake and harmful. They are NOT the same as the actual products, and the criminals who are foisting them onto the public don't care what harm comes to anyone who chooses to use them.

I suggest you read this press release, issued July 17th, 2008 from the US Department of Justice.

And I quote:

"The counterfeit pills were identical in shape, size, color and markings to legitimate Viagra pills, but samples later tested by the Food and Drug Administration’s laboratory were determined to be counterfeit. Additional testing also revealed that while the counterfeit Viagra tablets contained almost none of the active pharmaceutical ingredient, sildenafil citrate, the tablets did contain metronidazole (Flagyl) – an antibiotic, which if consumed with alcoholic beverages, could cause abdominal cramps, nausea, vomiting, headaches and flushing. The defendant subsequently admitted to federal officials that he knew that the 2,000 pills he sold were counterfeit Viagra."

It's not OD'ing I'm focusing on (though, considering that some of these sites, notably US Pharmacy, have a much higher focus on selling controlled substances, that is most definitely a possibility) - I'm talking about the fact that the majority of illegally spammed pharmacy sites feature products which contain absolutely no active ingredient, and which have the possibility of killing people due to the high amount of other dangerous particles found within.

> Most of these people operate overseas and also
> know it's americans who invented these drugs which are also
> prescribed in the USA and just as dangereous.


I assure you: they don't care who created these products. (For example: Roche, the creator of many addictive pain killers, is a Swiss company.) They also (based on years of monitoring) don't appear to care much about where they're located. Spammers routinely sell lists which contain recipients located around the world.

> I suggest watching the movie "Sicko". drug companies have those most
> lobbyists then anybody else.


I am (as I'm sure most people are) well aware of Sicko.

> another positive side is that
> some people actually DO need the drugs and can't get a
> prescription.


I see what you're getting at.

If the American government were at all interested in serving or assisting its citizens via its health policy, we wouldn't have this desperate situation where people with genuine health concerns are either refused treatment, or pharmaceuticals, or both. So of course they'll turn to whichever source they can - no matter how illicit - to get the medications they were told would help them.

I agree that that is a tragedy. That doesn't make these criminals' actions any more legal. They are scum. Blaming one country's drug policy on this is not the entire equation. Personally I feel that Russia has a long way to go in terms of shutting this activity down. It is widely known that Spamit, who operated "US Pharmacy" and "Canadian Pharmacy", are tied directly to the Storm Worm, the recent spate of mass infections and hijacks of web servers around the world, and are based in Russia. It's been rumored that the Russian Business Network (the RBN) are also tied to this group. It's also rumored that members of the RBN have ties to the Russian government.

To me that is a much more serious concern. It's condoned criminal activity, sponsored by a government.

But I digress.

> i would never promote anything of the matter
> because i know they kill people. I'm not an anti either.
> These drug companies could give a shit about the consumers
> as well. They're both greedy


Correct.

I think we're all aware of how much a company like Pfizer profits on a yearly basis. Surely devoting even 10% of that profit to seeking out who is behind these illegal sites would not hurt their yearly grosses one bit.

My apologies for making the wrong assumption about your comments, but at least initially they mirrored what a bunch of spammers have regularly sent my way.

SiL / IKS / concerned citizen

Anonymous said...

I think that everyone in the US should flood their website with spam and emails. The IP address I found for the company is 218.241.97.42 and the email address that works is ipas@cnnic.cn. I am going to send emails continuously and ping there IP address until either I get blocked or they stop calling me. I get a least 3 calls a day and it does no good to complain or tell them not to call.

IKillSpammerz said...

"Anonymous", that is a really bad idea.

> I think that everyone in the US should flood their website with spam and emails.

Which website?

> The IP address I found for the company is 218.241.97.42

You listed the IP address for CNNIC, a China-based domain registration regulator.

They don't run these websites.

> and the email address that works is ipas@cnnic.cn

*sigh*. That is going to result in absolutely nothing. They have absolutely nothing to do with the hosting of these sites at all.

> I am going to send emails continuously and ping there IP
> address until either I get blocked or they stop calling me.
> I get a least 3 calls a day and it does no good to complain
> or tell them not to call.


Calling?! What are you talking about?

This post - indeed this blog - is about email spammers.

Feel free to re-post with some actual details. I posted about EvaPharmacy and their fake "US Pharmacy" web property. I honesly have no idea what you're talking about.

You do know that every IP address used to host these sites is actually a hacked server that the criminals behind EvaPharmacy has taken over, right? I've posted this numerous times on this blog and elsewhere. They take over thousands of these servers and use them for a variety of purposes related to the DNS and hosting of literally tens of thousands of pharmacy website domains.

Also: "attacking" one IP address won't have much effect. Per-website, they implement no fewer than three hacked servers. When one goes down, the entire network knows to re-calibrate and use new ones from a list of (again) thousands of other hacked servers.

I've been reporting these hacked servers to ISP's around the world. It's rampant.

Your plan, in other words, will be completely ineffective.

This is why I dislike comments from anonymous posters. You're being particularly vague and not supplying any kind of reasonable evidence at all.

SiL