Monday, January 31, 2011
Spammers Are Now Using Verified By Visa
I've begun receiving tons (as usual) of spam promoting a new "Viagrow" site setup. This same spammer also sends me Ultimate Replica spam and spam messages promoting "Online Pharmacy" (I don't know the affiliate program for that one.)
Viagrow is of course yet another in a long line of utterly fake penis enlargement products. (I have to wonder why these spammers, all predominantly Russian, have such a fixation on penises, but that's probably a topic for another day.)
I decided to check out the new "Viagrow" site setup in terms of examining their order processing methods and was stunned to discover that they actually use the Verified by Visa process. This is a first, and is especially surprising given how frequently spam affiliate programs have been abusing the Verified by Visa brand over the past six years.
Presents two forms to the user to capture personal details including full credit card details. It does so (of course) using no security whatsoever.
Posting the second form leads to this spam operation's custom payment processing domain:
Which in turn passes the form's values to the actual Verified by Visa domain, using Visa's proprietary encryption.
Since I began researching criminal spam operations and the forms their sites use to snare personal details from victims (ahem) "customers", Visa - or more likely the third-party "high-risk" merchants who perform the processing - has never canceled any processing for these sites. This is going all the way back to 2002 or earlier. MasterCard and American Express have repeatedly denied service to pro-spam websites, but never Visa.
Now the Verified by Visa program, one which is directly operated by Visa itself, is allowing payments to be processed directly, essentially sending the message that Visa as a company is a-ok with criminals using their services.
cyber-pay.biz is registered with Directi and hosted on 126.96.36.199, provided by SoftLayer. Softlayer is now owned by ThePlanet. Softlayer has provided hosting, dns and domain registration to online criminals for many years now, so it's probably not going down anytime soon. Directi, in my experience, has been very helpful with spam complaints so we'll see what happens in that department.
change-your-life1.com is registered with bizcn, hosted on 188.8.131.52 by Voxility in Bucharest, Romania.
If anyone knows of any Verified by Visa contacts I'd be extremely interested to see if anyone over there would care to respond regarding their support of a criminal spamming operation.
SiL / IKS / concerned citizen