Tuesday, April 21, 2009

Who Put The "Canadian" in Canadian Health&Care Mall"?

It's alarming just how many lies a single spam message can have. Join me as I dissect just one botnet-delivered spam message on behalf of "Canadian Health&Care Mall", a well known bulker.biz property (aka bulkerbiz.com, currently in transition as previously mentioned.)

******* 0nline Canadian Pharmacy Mall *******
NoPrescription needed for CialisLevitrvViagra, Hairloss treatment, WieghtLoss & all
others..


Right out of the gate: lies.

The domain, which they carefully placed at the end, is:

http://gipg.vbjeozwe.cn

That's ".cn" as in "China." Not Canada. Hosted on IP address: 89.134.141.124. That's in Budapest, Hungary.

That in turn redirects to:

http://canadapharmacymall.com/

A domain which has been especially difficult to shut down, thanks to the deaf ears of ename.com, registrar of choice to many illegal spam operations.

Hosted on ip address: 200.206.237.78

That's in Brasil. And guess what? It's a hijacked unix server. The actual owner of that server has either abandoned it or is otherwise not using it for web hosting purposes.

So: "Canadian"? Lies!

ViagraFrom $1.85
CialiFrom $2.40
SomaFrom $1.06
TramadolFrom $1.39
LevitrvFrom $2.5
& ....


The site says "as low as". I guess this is the first non-lie. But it's all downhill from here.

** How to buy Canada Drugs:


Again: nowhere near Canada.

0rdering Canada drugs from a Canadian Pharmacy Mall, and finding relief, has never been easier! You can place your 0rder online as easy as 1-2-3. Regardless of how you order, your needed drugs will arrive quickly and safely - in about 7 days.


Bait orders were received in a matter of weeks, not days. It sure is easy, though. With no secure server, and no confirmation as to when your order ships, or anything else regarding the use of your personal data or credit card information, I guess that is "easy." It's just that it isn't particularly safe.

Oh and of course: the pills contained only trace amounts of the alleged "active ingredient". The rest was "filler material". You are wasting your money by purchasing from these criminals. But you knew that already, right?

You can also find, view and track your order, or make changes to your personal medical file at any time, from the comfort of your own home.


More lies. "Personal medical file"? They create no such thing. They capture your order using zero security, and throw that information to an as-yet unknown third party host where the order is processed. This is usually a server in Russia, and the fulfillment of the order takes place usually in India. (Again: How close are we to Canada now?)

Order tracking is, at best, spotty. You are only told one of three things:

1) Your order has been received.
2) Your order has been processed.
3) Your order has been denied.

No individualized order tracking in the way that a legitimate company would do. They only use international postal mail (which, by the way, since they sell controlled substances, is a violation of international law, and violates several DEA and FTC guidelines.) As a result: the consumer is left completely in the dark regarding whether the order has shipped, or when it can be expected to be delivered.

Lies!

Why not go shopping on our site and see the wide selection of top Canadian prescriptionDrugs and available discount prices for yourself? We think you'll agree that family values are alive and well at Pharmacy Online!


"Family values"? So far we're up to:

- Lies about where they claim to be located.
- Hosting on hijacked unix servers
- Fake and / or dangerous drugs.
- Lies about how long the order takes to ship
- No security whatsoever.

I don't see any "family values" in any of that. Didn't their mothers ever teach them that lying is wrong?

** Canadian Pharmacy 0nline Testimonials:
Here's what some satisfied customers had to say:


Oh this should be good.

"I reviewed an AARP bulletin online (Sites to See: Getting Prescription Drugs Safely From Canada)... This article suggested checking with the following organizations when buying meds from Canada (Canadian Pharmacies):

1. CIPA: Canadian International Pharmacy Association
2. IMPAC: Internet and Mailorder Pharmacy Accreditation Commission
3. Pharmacy Checker

I highly recommend Pharmacy 0nline for all meds purchased from Canada... Most important, I ordered on the 20th of January and received them on the 27th of January... Thank you again for being there..."


Wow. They just don't know when to quit.

Bait purchases had Indian postal stamps on them. That's some 6,902 miles or 11,108 kilometres from Canada. Nice try, though, "I".

AARP: That's the American Association of Retired People. There is a report, as mentioned, and it lists each of the three organizations listed above (article available here). No representatives from the AARP responded to a request for comments on this claim, but try and find a single report that mentions "Canadian Health&Care Mall", or bulker.biz in a positive light. Go ahead I'll wait... :)

CIPA, if you contact them, are very much aware of this illegal online pharmacy and do not endorse or support this group, or any of the sites that they promote via illegal spam or otherwise. They're also well aware of the abuse of their logos and organization name within these illegally sent spam messages, and on the websites they drive to.
In reviewing all the above, I could only find two Pharmacies that were recommended
by all three... and one was Pharmacy Online.

IMPAC (Internet and Mail-Order Pharmacy Accreditation Commission) also is aware and (hey guess what!) also deny any endorsement for this site, or this affiliate program. Their site also features a list of actual IMPAC accredited pharmacies (located here) and (hey guess what!!) "Canadian Health&Care Mall" is nowhere to be found. There are only three online pharmacies on that list, so it doesn't take much time to figure out that this group is telling outright lies.

Pharmacy Checker, as you might expect, also says that they do not at all endorse this group, and further that their logos and organization name are being used illegally by this group.

By the way: who is this quotation from? Who is this "I" they refer to? And why do they suddenly refer to this site as "Pharmacy Online"?

Lies.

"I got on the Internet looking for (Canadian 0nline Pharmacy) alternatives and most of the companies were either not registered with the Better Business Bureau or had bad reports. Yours was registered and had a very good report..."


Really? (Again with this nondescript "I" person.)

If you do a simple, non-strategic search for "Better Business Bureau Canadian Health&Care Mall" the first link you get has a headline of "Online Pharmacy Questionable: Canadian Health&Care Mall" (here.) Separately, correspondence I and many others have had with the Better Business Bureau in numerous states has resulted in statements from their representatives stating outright that they do not recommend these sites, that they lie, that they pose a genuine risk to the public, and that they are notoriously difficult to shut down. They also state that their logos and organization name are being used by this group without any authorization or consent.

But hey: so is their hosting. So is their domain registration, which uses stolen identities and credit cards. So why stop there?

If I were to write a testimonial with some truth in it, it might sound more like this:

All of the research I could find on this shady "pharmacy" indicated that they were lying to me, but I purchased from them anyway. I know it sounds silly, since the only way I ever heard about this company was via hundreds of unwanted spam messages which I never asked to receive. I guess I figured "why not"? They certainly weren't going to remove me from their lists. After weeks of waiting I did finally get some pills but they weren't packaged very safely, and when I brought them to my doctor he said that these were essentially fake pills.


But people generally don't do this type of research before they hand over their credit card information. They should.

Please visit our Big Discount Canada Pharmacy Mall via below links
http://gipg.vbjeozwe.cn
http://gzts.vbjeozwe.cn


How about: please don't.

The days of this criminal group must be numbered. If this were a legitimat company with a head office and a CEO, they would be hauled into court for publishing lies like this. Because they are illegal spammers, and have operatives located in numerous offshore locations: they get away with it.

It is time for international law enforcement to recognize this group and others like it as more than a mere "nuisance" for spamming. They are commiting numerous serious crimes without spamming even entering into the picture, and most of all, they are filthy liars.

Please tell anyone you know who has a requirement for pharmaceuticals that they should never, ever, buy from organized criminals, which is essentially what this group is.

SiL / IKS / concerned citizen

18 comments:

Anonymous said...

Great information. Thanks for your efforts. I got their site from friend who got spammed so I checked it out. My suspicions were first aroused when I saw they were selling prescription drugs without requiring a prescription. So I did a little research and discovered some of what you have posted. Thanks again for your work.

Anonymous said...

If you enter any personal information on this companys home page you will receive multiple spam emails daily. There is no contact that will follow up on stopping the emails, so be prepared to be spammed forever.

this is a mass marketing firm and does nothing to provide quality drugs.

IKillSpammerz said...

You are being far too generous by referring to this in any way as a "marketing firm."

It's a criminal operation, selling dangerous products from the black market, and stealing personal data.

Plain and simple.

And yes you're right: of course they spam the bejesus out of anyone who actually places an order. That's because anyone who does so just confirms that they're gullible enough to go through their little process.

SiL

Anonymous said...

Well Done! Thankyou for filling in the gaps.
I started receiving these Spam mails about 6 months ago, but what was worse, ALL my email contacts started receiving the same but their messages were purporting to have been sent by ME!!!!! Including some to delicate business contacts!!!
I thought it would die off with no responses, but when I noticed they'd sent a Spam to a BRAND NEW contact on my Hotmail Account I realised they were actively monitoring my hotmail account....I tried to contact MSN, no response, so I then tried going direct to the Spammer, again nothing.
Then I started getting complaints from several contacts.
The ONLY way to escape this is to start up a NEW EMAIL ACCOUNT, preferably with a new carrier.BUT REMEMBER NEVER ADD THE NEW ACCOUNT DETAILS TO YOUR OLD CONTACT LIST.

IKillSpammerz said...

You are only scratching the surface regarding the extent of completely illegal conduct this group is renowned for. They don't care which accounts they hijack, and they have utterly no regard for any amount of security regarding anyone's personal data.

SiL

Ted Johnson said...

They hijacked my contacts list and spammed all my contacts. They've been in business for years now from the complaints I've found. What's wrong with the domain registrar? Where's the email industry? Where are the government agencies? Why aren't these people in jail?

IKillSpammerz said...

All very good questions.

SiL

Anonymous said...

They are so much worse now. Somehow they obtained the names and email addresses of my friends. Now they send their "ads" under the name of my friends so of course, I can't hit the spam button when the messages appear in my inbox. What if they are legit messages from my friends, whose email names and addresses I know? Please someone tell me how to stop these folks.

LW in TX

IKillSpammerz said...

> Please someone tell me how to stop these folks.

LW in TX: if I personally knew how to stop them from doing this, don't you think I would have posted that here already? :)

The key here is to focus on their infrastructure, which is 100% illegal (using thousands of hijacked PC's for their web hosting and DNS servers) and to apply pressure to the payment processing companies who process their orders. That takes time. Lots of it.

Until then, you can guarantee this whole batch of idiots will just continue to act like the assholes they are. Have faith. They think they can get away with this forever. One day, I don't know when exactly, they will learn a really hard lesson. You will definitely hear about it here whenever that happens.

There's only so many times someone can piss off everyone with an email address. This will eventually backfire on them.

SiL

Anonymous said...

The problem is the greedy, horny stupid individuals who purchase from them. Anyone with half a brain can guess they're thieves but I guess when you're greedy, horny and stupid you'll overlook anything.

I got an e-mail from this shower this afternoon and deleted it and marked iot as a phising attempt, I suspect someone in my address book has been spammed and the bot is firing out spam by the bucket load.

Anonymous said...

Someone hacked into my hotmail account and sent links to this site to all my contacts. I will be reporting this to a number of different authorities.



here are a few of the links there are dozens lof different ones.

http://nicktaylor7777.t35.com/capofsni/jiegyltdwfnkiicapcde.html

http://nicktaylor7777.t35.com/cappkrfpccg/bvmntadvwurykdcapdifez.html

http://vara_india06.t35.com/capoxiqvefsebz/nixgrwhxzrwjcapgnsyz.html

http://malekmontasser.t35.com/the11dayfp/sdstzjtclcapdxmd.html

http://rajarajesh96.t35.com/comcastxurxzjnpgq/fikoejgicapjlf.html

IKillSpammerz said...

This has been happening extremely frequently since October 2010. This group doesn't care how many people they piss off, or what laws they break as long as their sites get hosting (by stolen unix servers) and the spam gets sent (by your hotmail account.)

This is a really, really stupid move on their part.

By the way, T35.com has an excellent abuse team, something this group of morons didn't appear to check first.

SiL

Anonymous said...

I've been fighting spam for years using a little .htm file that continuously downloads large graphic files, driving up their hosting costs & slowing down their sites. Google spam vampire or lad vampire & join in the fun.

IKillSpammerz said...

> I've been fighting spam for years using a little .htm file
> that continuously downloads large graphic files, driving up
> their hosting costs & slowing down their sites.


If you read the report I reference here you'll see that that actually has zero effect on these sites. They're using dozens of hijacked, compromised public servers in a fast-flux rotation. You may feel like your script is having an impact, but it isn't.

The only way to get these shut down is to actually address the dozens to hundreds of independent hosting companies in numerous countries whose servers have been hijacked illegally by this operation.

Your type of activity is precisely why they engineered this distributed method of hosting.

They still accept fake orders though. :)

SiL

ssd21345 said...

IT HACK MY ACCOUNT AND SEND THESE WEBSITE TO MY FRIEND,THAT ANNOYING,if it reportable i will report that hacker health&care mall.

David said...

One other thing you might do in your list of contacts is (since they only send to what is on your list) double the letter at the end of the domain, i.e., .com becomes .comm instead. They will still send the messages, but they will all come back to your inbox as an unreachable host. Granted you have to delete them from your inbox, but it's helped me.

IKillSpammerz said...

> One other thing you might do in your list of contacts is
> (since they only send to what is on your list) double the
> letter at the end of the domain


I'm not sure I understand what you're saying.

The spammers who are promoting these sites purchase the addresses from email harvesters. These harvesters have presumably (thought obviously not always) verified that the email addresses are reachable. In fact there is anecdotal evidence that in the case of Gmail, Hotmail and Yahoo addresses, someone has been auto-verifying MX records for any new accounts - rolling through alphabetical lists of usernames - so even if you create a brand new email account on those services today, you'll get spam within a few weeks even though you have told nobody about its existence and have posted it nowhere. I've proven this myself by creating several Gmail accounts that I never even use. Within three weeks: they receive spam.

Or perhaps I'm misunderstaning what you're describing.

SiL

Anonymous said...

I've been receiving what can only be described as dribbleshit e-mails which are traced back to "My Canadian Pharmacy" and "Canadian Health Care % Mall" As Most of these arrive via Hotmail, I've blocked all mail from that server, having notified my contacts of this. Most have gone over to other servers,and the bulk of rubbish has gone.Good work from you.