Friday, December 31, 2010

2010 Year End Wrap-up: Year Of The Botnet

While the previous two years saw several high-profile investigations, arrests, trials and convictions of several very well-known spammers and their supporters, 2010, even from the very start, was already appearing to be a year where international focus turned to botnets, cyber attacks, cyber crime, and theft via malicious Windows infections. For the first time we saw mainstream news organizations featuring stories about international criminal activity via computers and rogue networks, and for the first time some of these ended up on the front page of newspapers like the Wall Street Journal and the New York Times. This is a very distinct shift from previous years where this type of story would be relegated only to tech news outlets, and only discussed and understood by tech professionals. This is, I must say, a very good sign, because cybercriminal activity's real target is the rest of the public who really are not that tech-savvy.

However, this year we also saw several very highly publicized "takedowns" of some well known botnets, notably Lethic, Waledac, Bredolab, and Mega-D. Not all of these shutdowns were 100% successful, but the volume of activity related to getting specific control servers for one or another botnet is a welcome development, and hopefully will lead to more firm activity on behalf of law enforcement and security researchers around the world. In one particularly interesting case, a series of renowned criminal botnets known as Zeus were shut down and several of their operators were also arrested, pending sentencing as of this writing. This didn't always immediately result in a slowing of criminal activity related to these botnets, and in many cases it didn't appear to have any noticeable effect on the volume of spam received by ordinary email users, but it was still a very notable development in the fight against online criminal activity.

2010 was also the first year where we saw a major international incident caused by a malware infection, which in this case affected Iran's nuclear program. This was a major story and continues to be a genuine concern with regards to international diplomacy and overall relations in the Middle East. Later still, the now-infamous Wikileaks "Cablegate" releases to the media further compromised international diplomacy, as bit by bit thousands and thousands of classified US embassy cables from embassies around the world make their way into the mainstream media. This is an unprecedented event and should continue to be the source of further interesting developments in the years to come.

In more specifically spam-related areas we saw major media also casually refer to operations such as Spamit or Glavmed, identifying them (correctly) as one of the most egregious high-volume criminal spam operations in the world. Even better: a lot of media and law enforcement attention was paid specifically to Spamit and Glavmed, resulting in Spamit closing up shop due to receiving too much heat. That was a development I wasn't expecting to happen so quickly, and it's an indication that the days of criminally operated pharmacy affiliate programs may finally be about to come to an end.

So here we go. Start the popcorn maker...

Jan. | Feb. | Mar. | Apr. | May | Jun. | Jul. | Aug. | Sep. | Oct. | Nov. | Dec.


  • SiL begins 2010 having "won" or "inherited" $15 Billion USD from a 14-month flood of Nigerian scam messages. Within the month of January, SiL "wins" or "inherits" an additional $5 Billion USD, due to a sudden increase in this type of spam.
  • Jan. 4th, in a followup to a previous article he wrote in December 2009, Knujon's Garth Bruen writes about the large number of illicit hosting providers related to the online fake / illicit pharmacy trade. The article comes under fire from many US-based ISP's, but definitely makes some salient points, focusing on the violation of intellectual property rights by pill spammers.
  • On Jan. 11th, renowned security investigative firm M86 coordinate with several ISP's an registrars to take down the "Lethic" botnet, responsible for some 8 - 10% of all spam worldwide. From their research it seems very clear this spambot was dedicated to mailing on behalf of Spamit and Glavmed criminal online pharmacies ("Canadian Pharmacy", "Canadian Healthcare", etc.)
  • On Jan. 11th, the Dallas office of the FBI publishes a press release detailing a new indictment against 19 individuals for participating in a massive cybercrime conspiracy. [Original press release available here.] Four of the defendants - including the two primary individuals originally investigated back in April, 2009 (Michael and Chastity Faulkner) are alleged to have fled the United States to avoid prosecution. If convicted of conspiracy, the defendants face a maximum sentence of 30 years in prison and a $1 million fine. [Also see this coverage.]
  • On Jan. 12th, in what is considered to be a bold statement internationally, the Google Blog divulges that Google as a company has decided to no longer filter their search results from within China after coming under numerous strategic attacks, allegedly from Chinese locations.

    ...we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. Based on our investigation to date we believe their attack did not achieve that objective. Only two Gmail accounts appear to have been accessed, and that activity was limited to account information (such as the date the account was created) and subject line, rather than the content of emails themselves.

    and later:

    These attacks and the surveillance they have uncovered--combined with the attempts over the past year to further limit free speech on the web--have led us to conclude that we should review the feasibility of our business operations in China. We have decided we are no longer willing to continue censoring our results on, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down, and potentially our offices in China.

    This announcement makes the front page of the New York Times among numerous other international newspapers, not merely tech news outlets.
  • On Jan. 15th, Cornel Ionut Tonita of Galati, Romania pleaded guilty to criminal phishing of bank credentials and faces up to five years in prison for his involvement in the criminal act. Also charged were two other Romanians: Petru Belbita and Ovidiu-Ionut Nicola-Roman, who was the first Romanian suspect convicted in the US for this activity. The phishing operation purported to represent Citibank, Wells Fargo and eBay. Sentencing for Tonita takes place on April 5th.
  • In a series of very public defacements, a group of rogue hackers referring to themselves as the "Iranian Cyber Army" modify the DNS settings of and to point to their own server, presenting a page stating that the site was taken over by them. [See coverage here and here.]
  • On Jan. 28th, Jody M. Smith is sentenced to a year plus one day in federal prison for his part in assisting the notorious AffKing / SanCash / Genbucks affiliate program, known for spamming all manner of fake "male enhancement" pills from 2004 til their court-ordered shutdown in 2008.
  • Brian Krebs, on his fantastic Krebs On Security blog, continues to hear from more and more victims of theft involving the use of the Zeus infection. This continues a very long-running series of stories (going back at least a full year) documenting the losses suffered by a litany of companies, schools, and other organizations.
  • Microsoft and Adobe, starting in January and continuing throughout 2010, issue a larger-than-average number of emergency patches for their products to specifically address a rash of newly-discovered exploits. In three months they issue as many emergency fixes as they did in all of 2008.


  • On Feb. 8th, numerous news outlets report that the Chinese police have shut down a major hacker training site known as "Black Hawk Safety Net".

    The tally is: three people arrested; nine Web servers, five computers and one car confiscated; $249,000 in assets frozen.

    According to China Daily, the website was ran from the Hubei province in Central China, and offered attacking programs and malicious software to its subscribers.

    In theory this could represent some heavy damage to the Chinese hacker community.

    See also this coverage from the Wall Street Journal.
  • On Feb. 17th, CNN airs a multi-hour program which attempts to simulate the US government's reaction to a cyber attack. This results in a series of stories outlining the US's lack of preparedness for such an eventuality. [See one such story here.]
  • Also on Feb. 17th, security organization M86 report that despite a very highly-publicized shutdown last year, the Mega-D botnet is still sending very large amounts of spam.
  • On Feb. 22nd, in a Reuters story, representatives state that the US Government have pinpointed the Chinese developer of the malware used in the attack against Google.
    U.S. government analysts believe a Chinese man with government links wrote the key part of a spyware program used in hacker attacks on Google last year, the Financial Times reported on Monday.

    The man, a security consultant in his 30s, posted sections of the program to a hacking forum where he described it as something he was "working on," the paper said, quoting an unidentified researcher working for the U.S. government.
  • On Feb. 25th, Microsoft posts a story on their security blog detailing their shutdown of the command and control servers for the Waledac botnet. [See also this coverage and this story from the Wall Street Journal.] The project to get the botnet shut down is known internally as "Operation b49". On March 16th, it is independently confirmed that the Waledac botnet had ceased operation.
  • In late February, much of the massive flood of Zeus bot-related spam messages purporting to be from any number of financial or other institutions drops completely out of circulation. This had been slowing by Feb. 22nd, but by the 27th it drops to zero for the first time since June 2009.


  • Further ratcheting up international criticism, on March 2nd the US government considers lodging a complaint with no less than the World Trade Organization (WTO) claiming that China's censorship requirements are an unfair barrier to trade. This is specifically in relation to the requirement that must censor any potentially sensitive search terms in order to operate within China.
  • On Mar. 2nd, capping a multi-year investigation and year-long trial preparation, convicted and completely unrepentant stock spammer and all around fraud artist Alan Ralsky reports to the Morgantown Federal Correctional Institute to begin his four year sentence. You can see his prison listing here. His release date is scheduled for November 11th, 2013.
  • On Mar. 10th, with very little explanation to go on, it is reported that dozens of Zeus botnets are knocked offline.

    In an online chat conversation with Krebs on Security, [Zeus researcher Roman] Hüssy said the average ZeuS C&C he tracks has anywhere from 20,000 to 50,000 unique infected computers under its thumb. That means this takedown may have had a massive impact on a large number of criminal operations. For starters, even if we take a conservative estimate, and assume that each of the C&Cs knocked offline controlled just 25,000 PCs, that would mean more than 1.7 million infected systems were released from ZeuS captivity by this apparently coordinated takedown.
  • By March 10th, SiL's "winnings" pass the $32 Billion USD mark. That's past double what he started the year with. On average he receives from 40 to 60 of these messages every day, resulting in accumulated "winnings" of $1 Billion USD every two days or so. Who needs a stimulus package? Let's just rely on these Nigerians to pay for everything.
  • On March 10th, it is confirmed that two rogue ISP's were shuttered:
    Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus command-and-control servers. Zeus Tracker, a Web site that tracks the botnet, noticed the steep drop in servers on Wednesday morning.

    The Troyak network was itself an upstream provider to six networks, known to host a large number of cybercrime servers, including Web sites used in drive-by attacks and phishing sites, according to Kevin Stevens, a researcher with SecureWorks.
    Troyak and Group 3 join McColo and 3fn / Pricewert in the dustbin of rogue ISP's. Yet another blow to criminal botnet operators.

    (Note that there are multiple Zeus botnets, not just one. Any vetted criminal can buy the code to start their own. This was still a very heavy blow to a large number of criminal operators.) [More great coverage by Brian Krebs]
  • March 11th: another shoe drops and another of the co-conspirators in the infamous TJX hacking case is sentenced to 4 years.
    Humza Zaman, a co-conspirator in the hack of TJX and other companies, was sentenced Thursday in Boston to 46 months in prison and fined $75,000 for his role in the conspiracy. The sentence matches what prosecutors were seeking.

    Zaman, a 33-year-old former network security manager at Barclays Bank, was charged with laundering between $600,000 and $800,000 for hacker Albert Gonzalez, who is currently awaiting sentencing on charges that he and others hacked into TJX, Office Max, Heartland Payment Systems and numerous other companies to steal data on more than 100 million credit and debit card accounts.
    So far, March 2010 looks like one of the worst months in history for cyber criminal operatives. Good to see.
  • On March 11th, a securities attorney, ironically named David B. Stocker, pleaded guilty and was sentenced to two and three-quarter years for his participation in yet another stock spamming and market manipulation scheme. (His mailer was one Justin Medlin, previously unknown to me.) This makes the third straight year we've seen charges, arrests, trials, convictions and actual prison time for this type of crime. You would have to be an outright imbecile to engage in stock spamming.
  • On March 23rd, the FBI's Steven R. Chabinsky gave a Major Executive Speech entitled The Cyber Threat: Who's Doing What to Whom? In it he outlined the very real threat that online crime poses to ordinary citizens but also to governments and businesses.


  • In the first major leak they have released to date, Wikileaks post a classified US military video to their website and numerous other locations [YouTube Link] which depicts a US apache helicopter firing on over a dozen people, most of them non-military personnel. This includes journalists, women and children. This is a very serious leak and sets the stage for far bigger leaks which begin to appear in late 2010. [Further coverage: Collateral Murder Website]
  • On April 17th, National Defense magazine publishes a report on the current status of the threat of online criminal activity. The author quotes liberally from well-known online crime researcher Gar Warner, but it has some interesting insights about the risks and dangers if this activity is allowed to continue.


  • In what may have been a first, M86 actually names "Spamit" (as opposed to "Glavmed") as the subject of one of several spam messages they witness being sent by a new botnet which resembles the Storm botnet. [source]
  • On May 3rd Knujon's Garth Bruen writes a great article entitled When Registrars Look the Other Way, Drug-Dealers Get Paid. The article outlined the key process that supports non-compliant spamming: lazy and non-compliant registrars, and a slow, ineffective ICANN. As a bonus he specifies / Eva Pharmacy as an especially bothersome spammer affiliate program. This is the first of what would become several blog postings and online magazine articles drawing attention to this rampant problem with so-called "bullet-proof" domain registrars.
  • In what would become a high-water mark for the exposition of the Russian online crime economy, on May 18th Brian Krebs publishes a landmark article regarding several Russian individuals and their involvement with spamming and illicit payment processor Chronopay, sourced from several Russian media articles.
    In an open letter to investigators at the Ministry of Internal Affairs (MVD) of the Russian Federation, Ilya V. Ponomarev, a deputy of the Russian State Duma's Hi-Tech Development Subcommittee, in March called for a criminal inquiry into the activities of one Pavel Vrublevsky, an individual I interviewed last year in an investigative report on rogue security software (a translated PDF version of Ponomarev's letter is here).

    This leads to a lot of open discussion spanning several months on both Russian and English forums related to online security and cybercrime research.
  • On May 19th, notorious rogue ISP 3FN (a.k.a.: Triple Fiber Network or "Pricewert") is shut down by the FTC for providing hosting and other infrastructure to several varieties of online criminal activity.
    The Federal Trade Commission today got a judge to effectively kill off the Internet Service Provider 3FN who the agency said specialized in spam, porn, botnets, phishing and all manner of malicious Web content.

    The ISP's computer servers and other assets have been seized and will be sold by a court and the operation has been ordered to give back $1.08 million to the FTC.

    This caused some sizable financial damage to several criminal elements who profited from these servers' continued availability and marked a small success for law enforcement against some really scummy spammers.


  • On June 10th, Wired Magazine's Threat Level blog publishes an article [source] in which two of their journalists communicate with a hacker named Adrian Lamo who had communicated via a variety of chats with Private Bradley Manning. Manning allegedly downloaded thousands of classified cables and handed them over to WikiLeaks over a lengthy period of time.
  • On June 20th, Igor Gusev, the alleged owner and operator of the notorious affiliate program files a defamation lawsuit against representatives and editors of the Russian "Newsweek" magazine over an article they published in Dec. 2009 entitled "The Evil (Cyber) Empire: Inside the world of Russian hackers." The article, which has since been amended, referred directly to Igor Gusev by name, calling him "one of the world's leading spammers".
  • On June 21st, Knujon posts a report [full report pdf] which directly names Demand Media and their domain registration unit eNom "as a major facilitator of Internet drug crime."
  • On June 28th, the FTC busted a massive online fraud ring which used spam messages, money mules and stolen credit card data to swindle cardholders out of an alleged $10 million USD over many years using "micro transactions" which were then funneled through several shell companies without the cardholders ever noticing. [FTC press release here, Wired Threat Level article here.]


  • On July 8th, an anonymous person using the name "Obivan" posts a comment on a story by Brian Krebs regarding a hack on the Pirate Bay website. The comment announces that the Russia-based payment processing company "Chronopay" has been under a sustained online attack, and that a great deal of data has been lost. At about the same time, numerous anonymous bloggers begin posting several large-scale leaks of insider information regarding the payment processing company "Chronopay", totaling several gigabytes in size.


  • Aug. 3rd: LegitScript, a website which reports on criminal or rogue online pharmacies, publishes a story exposing a hack performed on a US government website which was used to promote yet another Spamit website via "blackhat SEO" (a.k.a.: search engine spamming). [source] These kinds of exploits against the public's servers are not new, but a hack against a US government website by these same Russian criminals highlights how rampant this actviity has become.
  • On August 9th, one of the previously-mentioned Chronopay leak sources, operating under the name "Chronoplay", publishes a comment on porn forum "" which reveals that long-time spammer Leo Kuvayev (operator of the original BadCow and later Mailien spam affiliate programs) has been arrested in Russia on 50 counts of juvenile rape. The arrest apparently took place earlier in 2010. Unfortunately the comment and any of Chronoplay's blogs are all offline as of this writing, but the arrest has been confirmed from several sources including Russian law enforcement. [Brian Krebs coverage here.]
  • Russian credit card thief Vladislav Anatolievich Horohorin (a.k.a.: "BadB") was arrested by French authorities on August 12th and charged with the illegal sale of thousands of stolen credit card numbers, known as "dumps".
    Horohorin, in an April 2009 advertisement of his services, said he had been selling "dumps" — compromised credit and debit card numbers — through websites such as the now-closed for about eight years.

    Horohorin is charged with access device fraud and aggravated identity theft. He faces a maximum penalty of 10 years in prison and a US$250,000 fine on the count of access device fraud and two years in prison and a fine of up to $250,000 for aggravated identity theft.

    [Dept. of Justice press release here.]
  • On August 25th, ICANN begins an investigation into the operations of domain registrar eNom. [source] This follows a report by HostExploit entitled Demand Media / eNom Report - CyberCrime USA which concludes that 51.5% of all domains that eNom approved were detected in spam traps, and that eNom was considered the #1 rogue domain registrar on the Internet. eNom had been the subject of numerous complaints for many months by security researchers and many members of the team at InBoxRevenge, and was also mentioned in the aforementioned scathing report in June by Knujon.
  • On August 26th, Andrew J. Klein, the White House Senior Adviser for Intellectual Property Enforcement, invited representatives of several domain registrars to attend a three-hour meeting in September to talk about cracking down on criminally-operated rogue online pharmacies. [Brian Krebs coverage here.] This appears to be related to Knujon's previous coverage of domain registrar eNom and their lack of action against several million domain names registered for the purpose of spamming numerous criminal pharmacy websites.


  • On Sep. 21st, following many months of reporting of illicit domain registrations by registrar eNom (see above), LegitScript joins forces with eNom to assist them in identifying the individuals behind the plethora of rogue, fake or otherwise non-compliant domain registrations by predominantly Russian online pharmacy affiliate programs.
  • On Sept. 23rd, numerous media outlets report that Iran's delayed Bushehr nuclear power plant was infected by the Stuxnet virus as far back as June 2010. This story brings to the forefront a scenario which was previously the stuff of movies: that a piece of malware could be used for nefarious purposes to affect real-world infrastructure. Stuxnet is said at the time to be a very complex piece of malware and was likely programmed by several very senior developers and other operatives. This is considered a very serious international incident and finger-pointing ensues, largely blaming the Israeli government for the infection. [More coverage:, Wired Threat Level]
  • In a completely unsurprising turn of events, the majority of domains for spammed criminal online pharmacies are now registered via Russian domain registrars.
  • October comes one day early in the arrests and convictions department: on Sep. 30th, 19 individuals of Eastern-European origin are arrested in London on fraud charges related to their long-term Zeus botnet activities.
    He and his team targeted hundreds of victims who had weak security on their computers and accessed their user names and passwords despite tight security systems put in place by the banks on their internet sites.

    Police were alerted by high street banks who were alarmed by a sudden surge in fraud.

    Investigators from Scotland Yard's e-Crime Unit discovered that the gang were hitting vulnerable computers using software which is described in the industry as a 'Trojan horse' because it infiltrates the computer without the user realising.

    London was only the first of many countries which made arrests related to this action. Most notably in the US, more than 60 people were arrested for engaging in identical behavior and operating Zeus botnets.

    This story received very wide coverage, and not only via tech or security news sites or blogs:

Last year I mentioned that November is usually a very high-volume month for announcements of indictments, arrests, convictions and other legal actions against spammers and those who help them. I want to amend that this year to say that it's actually more like October through November. However 2010 was especially fruitful during the month of October. This was another landmark year for legal action against numerous criminal entities related not only to spamming (of any sort, not merely email spamming) but any kind of online criminality, from botnet operation, to the operation of any large-scale criminal pharmacy affiliate program, to money mules, to you name it. As you can see from the story mentioned above, we got a head start this year as well.

  • On Oct. 8th the US Food and Drug Administration (FDA) posts a warning letter specifically naming RX-Promo as an affiliate program which violates numerous FDA regulations and several US laws by selling illicit, fake versions of numerous pharmaceutical products. RX-Promo are a very active spamming affiliate program known to sell fake or dangerous pills online, promoted solely via spamming of one sort or another.
  • On Oct. 21st, James Bragg, a former assistant in Al Ralsky's pump-and-dump spamming operation, who had already served six months in prison for his part in that organized fraud, pleaded guilty to charges of securities fraud and fraud related to new pump-and-dump activity since that arrest. He faces five years in prison and a $500,000 fine. Once a fraudster, always a fraudster...
  • On Oct. 25th, it is reported in the Dutch news media that the High Tech Crime unit had shut down 143 servers which were part of the Bredolab botnet. One day later, F-Secure reported that any affected servers were now redirecting users to a help page describing how to remove the infection. Later on the 26th, it was announced that a 27-year-old Armenian citizen had been arrested in connection with the operation of Bredolab, among other crimes.
  • On Oct. 27th, the New York Times run a story which delves into the workings of Russian email pharmacy spam, specifically naming Spamit and its alleged operator Igor Gusev.
  • Oct. 29th, Igor Gusev makes a statement to the press that he is not a spammer, and has never spammed. This is in response to charges made by the Russian Association of Electronic Commerce [RAEC] and other Russian law enforcement agencies that Gusev has been the operator of the most widely-renowned pharmacy spam affiliate program, Spamit, since at least 2006. Gusev claims this is a smear campaign on behalf of Chronopay's director, Pavel Vrublevsky. Chronopay is Russia's largest online payment processing company. The same day it is reported that Russian police raided Gusev's properties in relation to these charges.
  • On Oct. 30th, Igor Gusev begins writing a blog entitled RedEye Blog (in Russian and English) in which he exposes the inner workings of Chronopay, his business relationship with Pavel Vrublevsky and other interesting items.


  • On Nov. 1st, SiL posts his final update to the running tally of his Nigerian scam "winnings", having hit the $100 Billion USD mark several months ahead of schedule. At the time of that final update, SiL was averaging nearly $1 Billion USD of winnings or inheritances every day of the year. The sheer volume of Nigerian scam spam messages is at its highest point since SiL began tracking, often resulting in several hundreds of messages every day to just one of the accounts he monitors.
  • On Nov. 11th, as the Igor Gusev story continues to unfold, the RAEC hold a press conference in which they claimed they would expose Igor Gusev as "the largest spammer in the world". [Blog posting here, English translation here.] As previously mentioned, Gusev is alleged to be the operator of renowned criminal spamming affiliate program Spamit, and sister site Glavmed.
    Gusev, in this case is called a man who stands for the well-known pharmaceutical affiliate program "GlavMed". A year ago, RAEC, declaring war on pharmaceutical spammers, used as an example of this particular resource, associating it with a brand Canadian Pharmacy, which Spamhaus list, ranked by volume of the world's spam.
  • On Nov. 26th, The UK's Metropolitan Police Central eCrime Unit (PCeU) arrest two 18 year olds (Nicholas Webber and Ryan Thomas) for engaging in widespread credit card theft totalling some £12 million (~$18.6 million USD). [Gar Warner coverage here.] Sentencing, which is expected to be very severe, has been adjourned until Feb. 28th, 2011.
  • In what would become one of the most notorious international incidents, WikiLeaks begin leaking what they claim is a portion of over 200,000 classified US embassy cables in an event which would come to be known as CableGate. Over the following weeks and months, several news outlets report on the vast amount of information contained in the leaked documents, including the Guardian, the New York Times, Der Spiegel and Wired. As of this writing, the cables are still being released in what seems to be batches of just over 1,000 at a time. Weeks later, an international arrest warrant is released for Wikileaks director Julian Assange by Swedish police. [WikiPedia Link] The cables were apparently illegally downloaded by Private Bradley Manning, who allegedly downloaded them from the US's "SIPRNET" system, a network system which allows US embassies to communicate securely. [Cryptome timeline re: Adrian Lamo]


  • On Dec. 5th, an FBI indictment against one Oleg Nikolaenko is leaked to the Smoking Gun. Nikolaenko is alleged to be the main operator of the once-rampant spamming botnet known as Mega-D, a fundamental botnet for the former AffKing affiliate group. The FBI arrested Nikolaenko on Dec. 3rd. [PDF available here.]
  • Dec. 13th, the Chinese government announces a new crackdown on piracy of any copyrighted property, from DVD's to MP3's to (presumably) fake Rolex watches. This is allegedly to smooth trade relations iwth the US who have been attempting to get China on board with this strategy for many years.
  • On Dec. 18th, it is announced that the US government is setting up an initiative that would attempt to shut down fake pharmacy websites. They will certainly have their work cut out for them. This is an addendum to an existing strategy to go after any site which violates patents or copyrights, which was started mid-2010.
  • On Dec. 14th, Bloomberg publishes a story confirming that, among many other major online companies, Google and Microsoft are creating a non-profit organization targeting illegal internet pharmacies, in support of the US government initiative.
    Google Inc. and Microsoft Corp. are helping to establish a nonprofit organization targeting illegal Internet pharmacies in support of Obama administration efforts, according to the White House Office of Management and Budget.

    The group is comprised of companies that serve as Internet choke points and was in response to a call from the administration for private efforts to police illegal pharmacies, said Victoria Espinel, the White House intellectual property enforcement coordinator.
  • On Dec. 16th, several news outlets report that the Stuxnet infection which hit Iran's Bushehr reactor in June was apparently better than a bomb in terms of affecting Iran's nuclear program, possibly setting it back by as much as two years:
    According to a top German computer consultan, the Stuxnet virus, which has attacked Iran's nuclear facilities and which Israel is suspected of creating, has set back the Islamic Republic's nuclear programme by two years.

    The consultant, who was one of the first experts to analyse the program's code and was only identified as "Langer", told The Jerusalem Post that it will take two years for Iran to get back on track.

    "This was nearly as effective as a military strike, but even better since there are no fatalities and no full-blown war. From a military perspective, this was a huge success."

    There have been claims that the virus is still infecting Iran's computer systems at its main uranium enrichment facility at Natanz and its reactor at Bushehr.
  • On Dec. 23rd an independent research blogger named Nart Villeneuve posts a detailed breakdown of how a site is created and configured for the widely-spammed RX-Promotion pharma affiliate program.
  • On Dec. 27th, the website for Chronopay displays a notice that their entire database had been compromised, and all credit card and other payment information, has been downloaded by criminal entities. The notice turns out to have been placed by hackers who have actually redirected the DNS for to the domain "". Links are placed to what they claim is a database of all the stolen credit card data, but which is in fact only the credit card information for 800 users, captured between Dec. 25th and 26th.

Phew! That is quite a year.

Here's hoping that online criminal activity remains a high-focus item for world governments and the mainstream media. This is a first for both of those entities paying any kind of attention to these issues and it's been extremely refreshing to see.

Happy New Year, everybody. Stay safe!

SiL / IKS / concerned citizen