Tuesday, April 21, 2009

Who Put The "Canadian" in Canadian Health&Care Mall"?

It's alarming just how many lies a single spam message can have. Join me as I dissect just one botnet-delivered spam message on behalf of "Canadian Health&Care Mall", a well known bulker.biz property (aka bulkerbiz.com, currently in transition as previously mentioned.)

******* 0nline Canadian Pharmacy Mall *******
NoPrescription needed for CialisLevitrvViagra, Hairloss treatment, WieghtLoss & all

Right out of the gate: lies.

The domain, which they carefully placed at the end, is:


That's ".cn" as in "China." Not Canada. Hosted on IP address: That's in Budapest, Hungary.

That in turn redirects to:


A domain which has been especially difficult to shut down, thanks to the deaf ears of ename.com, registrar of choice to many illegal spam operations.

Hosted on ip address:

That's in Brasil. And guess what? It's a hijacked unix server. The actual owner of that server has either abandoned it or is otherwise not using it for web hosting purposes.

So: "Canadian"? Lies!

ViagraFrom $1.85
CialiFrom $2.40
SomaFrom $1.06
TramadolFrom $1.39
LevitrvFrom $2.5
& ....

The site says "as low as". I guess this is the first non-lie. But it's all downhill from here.

** How to buy Canada Drugs:

Again: nowhere near Canada.

0rdering Canada drugs from a Canadian Pharmacy Mall, and finding relief, has never been easier! You can place your 0rder online as easy as 1-2-3. Regardless of how you order, your needed drugs will arrive quickly and safely - in about 7 days.

Bait orders were received in a matter of weeks, not days. It sure is easy, though. With no secure server, and no confirmation as to when your order ships, or anything else regarding the use of your personal data or credit card information, I guess that is "easy." It's just that it isn't particularly safe.

Oh and of course: the pills contained only trace amounts of the alleged "active ingredient". The rest was "filler material". You are wasting your money by purchasing from these criminals. But you knew that already, right?

You can also find, view and track your order, or make changes to your personal medical file at any time, from the comfort of your own home.

More lies. "Personal medical file"? They create no such thing. They capture your order using zero security, and throw that information to an as-yet unknown third party host where the order is processed. This is usually a server in Russia, and the fulfillment of the order takes place usually in India. (Again: How close are we to Canada now?)

Order tracking is, at best, spotty. You are only told one of three things:

1) Your order has been received.
2) Your order has been processed.
3) Your order has been denied.

No individualized order tracking in the way that a legitimate company would do. They only use international postal mail (which, by the way, since they sell controlled substances, is a violation of international law, and violates several DEA and FTC guidelines.) As a result: the consumer is left completely in the dark regarding whether the order has shipped, or when it can be expected to be delivered.


Why not go shopping on our site and see the wide selection of top Canadian prescriptionDrugs and available discount prices for yourself? We think you'll agree that family values are alive and well at Pharmacy Online!

"Family values"? So far we're up to:

- Lies about where they claim to be located.
- Hosting on hijacked unix servers
- Fake and / or dangerous drugs.
- Lies about how long the order takes to ship
- No security whatsoever.

I don't see any "family values" in any of that. Didn't their mothers ever teach them that lying is wrong?

** Canadian Pharmacy 0nline Testimonials:
Here's what some satisfied customers had to say:

Oh this should be good.

"I reviewed an AARP bulletin online (Sites to See: Getting Prescription Drugs Safely From Canada)... This article suggested checking with the following organizations when buying meds from Canada (Canadian Pharmacies):

1. CIPA: Canadian International Pharmacy Association
2. IMPAC: Internet and Mailorder Pharmacy Accreditation Commission
3. Pharmacy Checker

I highly recommend Pharmacy 0nline for all meds purchased from Canada... Most important, I ordered on the 20th of January and received them on the 27th of January... Thank you again for being there..."

Wow. They just don't know when to quit.

Bait purchases had Indian postal stamps on them. That's some 6,902 miles or 11,108 kilometres from Canada. Nice try, though, "I".

AARP: That's the American Association of Retired People. There is a report, as mentioned, and it lists each of the three organizations listed above (article available here). No representatives from the AARP responded to a request for comments on this claim, but try and find a single report that mentions "Canadian Health&Care Mall", or bulker.biz in a positive light. Go ahead I'll wait... :)

CIPA, if you contact them, are very much aware of this illegal online pharmacy and do not endorse or support this group, or any of the sites that they promote via illegal spam or otherwise. They're also well aware of the abuse of their logos and organization name within these illegally sent spam messages, and on the websites they drive to.
In reviewing all the above, I could only find two Pharmacies that were recommended
by all three... and one was Pharmacy Online.

IMPAC (Internet and Mail-Order Pharmacy Accreditation Commission) also is aware and (hey guess what!) also deny any endorsement for this site, or this affiliate program. Their site also features a list of actual IMPAC accredited pharmacies (located here) and (hey guess what!!) "Canadian Health&Care Mall" is nowhere to be found. There are only three online pharmacies on that list, so it doesn't take much time to figure out that this group is telling outright lies.

Pharmacy Checker, as you might expect, also says that they do not at all endorse this group, and further that their logos and organization name are being used illegally by this group.

By the way: who is this quotation from? Who is this "I" they refer to? And why do they suddenly refer to this site as "Pharmacy Online"?


"I got on the Internet looking for (Canadian 0nline Pharmacy) alternatives and most of the companies were either not registered with the Better Business Bureau or had bad reports. Yours was registered and had a very good report..."

Really? (Again with this nondescript "I" person.)

If you do a simple, non-strategic search for "Better Business Bureau Canadian Health&Care Mall" the first link you get has a headline of "Online Pharmacy Questionable: Canadian Health&Care Mall" (here.) Separately, correspondence I and many others have had with the Better Business Bureau in numerous states has resulted in statements from their representatives stating outright that they do not recommend these sites, that they lie, that they pose a genuine risk to the public, and that they are notoriously difficult to shut down. They also state that their logos and organization name are being used by this group without any authorization or consent.

But hey: so is their hosting. So is their domain registration, which uses stolen identities and credit cards. So why stop there?

If I were to write a testimonial with some truth in it, it might sound more like this:

All of the research I could find on this shady "pharmacy" indicated that they were lying to me, but I purchased from them anyway. I know it sounds silly, since the only way I ever heard about this company was via hundreds of unwanted spam messages which I never asked to receive. I guess I figured "why not"? They certainly weren't going to remove me from their lists. After weeks of waiting I did finally get some pills but they weren't packaged very safely, and when I brought them to my doctor he said that these were essentially fake pills.

But people generally don't do this type of research before they hand over their credit card information. They should.

Please visit our Big Discount Canada Pharmacy Mall via below links

How about: please don't.

The days of this criminal group must be numbered. If this were a legitimat company with a head office and a CEO, they would be hauled into court for publishing lies like this. Because they are illegal spammers, and have operatives located in numerous offshore locations: they get away with it.

It is time for international law enforcement to recognize this group and others like it as more than a mere "nuisance" for spamming. They are commiting numerous serious crimes without spamming even entering into the picture, and most of all, they are filthy liars.

Please tell anyone you know who has a requirement for pharmaceuticals that they should never, ever, buy from organized criminals, which is essentially what this group is.

SiL / IKS / concerned citizen

Thursday, April 16, 2009

What Is Going On At Bulker.biz?

As many of you who follow my blog know, Bulker.biz (more recently known as "bulkerbiz.com" due to coincidental shutdown of their previous domain in November 2008) is a spam-friendly affiliate I've talked about quite a bit.

The list of illegal acts they routinely take part in is available in the spamtrackers wiki entry devoted to their most popular spammable illegal online pharmacy My Canadian Pharmacy.

I noticed that rather suddenly, they have decided to secure their current affiliate portal, replacing it with an authorization setup, and a default message indicating they are changing their name yet again.

Site is closed. Please contact ICQ 333192431 for new address.

To see what it used to look like, even a mere four days ago, check out the Spamtrackers wiki entry here.

Isn't that interesting?

That ICQ address belongs to an individual who used to post on a variety of forums, notably Russian ones, using the username "ebulker". He specifically mentions in most of these postings that bulker.biz "doesn't care where your traffic comes from", indicating that they're very much aware that they spam illegally. But really, spamming is just the tip of the iceberg. These guys break so many laws on a daily basis that it's hard to believe nobody's gone after them. It would literally be like shooting fish in a barrel.

More as it happens, I suppose...

SiL / IKS / concerned citizen

Thursday, April 9, 2009

An open letter to new US FTC Chairman Jon Leibowitz

The following is a letter which has been drafted by many of the members of the Fight Spammers Forum at InBoxRevenge.com to Jon Leibowitz, who was appointed as the new chairman for the Federal Trade Commission. I think it deserves some exposure.

We very much support the efforts the FTC is taking to educate consumers about internet fraud and identity theft, and we recommend that everyone view the excellent materials online at ftc.gov. However, those types of problems require a level of coordinated effort beyond what any one individual or business can accomplish. We urge the next head of the FTC to see the big picture. And one obvious part of the picture is spam.

Spam is like a flashing light alerting us to far more serious criminal activity beneath the surface. By minimizing the severity of spammers' offenses, you lose the ability to expose and investigate much deeper risks to the US, even impacting on national security.

Spam -- unsolicited commercial email -- is a nuisance. Because it is so inexpensive to advertise through email, spam volume has ballooned to comprise the vast majority of email messages. And the majority of the spam being mailed advertises products that are fraudulent or illegal, whose sponsors do not care about building a positive brand image. Most users have little idea how much spam would be arriving in their inboxes if their internet service providers were not using strategies to block the worst of it.

This is obviously a problem in terms of time/money spent on spam filtering systems and in deleting spams that pass through filters. More importantly, the loss of valid emails due to spam filtering is making some types of email communication extremely difficult. Legitimate commercial email is lost in the deluge of spam messages.

But the problem in the inbox pales by comparison to the multiple layers of illegal activity spammers employ to circumvent users' attempts to avoid their garbage. Spammers are hijacking the computers of innocent users to send their email and host their web sites. They are using stolen identities to register their website domain names, and using stolen credit/debit/PayPal accounts to pay for them. Their websites flagrantly violate trademarks, fraudulently claim approval from agencies like the FDA and Better Business Bureau, use stock photos of buildings and people to create imaginary locations and corporate officers for themselves, display forged pharmacy licenses, and sell counterfeit copies of drugs still protected by patents within the US. They abuse voice-over-internet phone service, using US local phone numbers to give unwitting consumers the impression they are located within the US. They transmit protected health information and credit card numbers via insecure connections, and use fake images of SSL icons to deceive consumers about that fact. They require no prescription for drugs that require one in the US, often including controlled narcotics. They ship pills of questionable content into the US, competing with those produced under FDA oversight, and they smuggle them through customs via fraudulent declarations. They use spam emails to lure additional people to websites where their computers will become infected with malicious programs like computer viruses and Trojan horses, allowing the spammers to continue to expand their power to abuse the internet.

While CAN-SPAM attempted to provide a safe haven for legitimate emailers, it is totally ignored by the criminal spammers whose products would still be illegal no matter how "compliant" their emails might be. Enforcement is hampered because spammers can maintain anonymity by using other people's hijacked computers, and because many of the most prolific spammers operate in countries which tolerate or even condone their activities.

But the situation is not as hopeless as it would appear. Not all reasonable measures are being taken to control the problem. Spammers could not continue at this level of activity without the passive cooperation of legitimate businesses. For instance, there are multiple systems in existence to identify the hijacked computers and illegally registered domain names that spammers rely on to conduct their business. Spam filtering products rely on them to obtain the necessary information to identify spam. Yet that information is often ignored by the otherwise legitimate registrars, hosting companies and telecommunications services which have the power to do something about it.

Does anyone really believe the spammer smuggling counterfeit Viagra into the US is sitting at home at the address provided in the domain registration, waiting for law enforcement to drop by? Then why is there unwillingness to investigate and suspend these domains? Do internet service providers think their customers would rather not know their computers are controlled by strangers in foreign countries, sending spam and helping themselves to users' personal information? Then why are they so unreceptive to reports of hijacked servers within their own networks? Do banks consider it acceptable for their clients' credit card numbers to be stolen to register illegal domains? Then why is there no effort to identify and close the credit card merchant accounts being used to process orders at those same sites? And when it would be simple to block all traffic from rogue countries which allow these criminals to operate, why are US internet companies so lax at shutting down bots on their own networks, making it impractical for American companies to block traffic from the worst spam-spewing IP address ranges?

The other issue is that these armies of zombie computers, called "botnets," do more than just send spam or host websites. They are also used to conduct Distributed Denial of Service attacks. In such attacks, large numbers of computers access the resources of an internet target simultaneously, making it impossible for that web site to continue to operate without spending large sums of money for mitigation.

We in the antispam community saw an extreme example of such an attack in 2006 when angry spammers attacked the company Blue Security, whose product submitted automated unsubscribe request for its members. The high volume of that DDoS attack not only shut down Blue Security, it knocked many other innocent firms off-line as well. Yet this was apparently dismissed as a private matter between Blue Security and the spammers, and there was no notice given of the potential risk to national security posed by criminals with control of such a powerful botnet. A year later, a DDoS was used to attack government agencies in the nation of Estonia. While our government expressed concern, there was little evidence of action. Now similar attacks on the nations of Georgia and Kyrgyzstan have been in the news, and non-governmental targets continue to be attacked for the purpose of extortion or harassment. This is more than merely a commercial or consumer nuisance; it is a threat to national security.

These botnets are in fact being purchased and maintained by the spam economy. That's the "military budget" keeping those "standing armies" available for rental by any terrorists who might wish to attack the US. There is serious potential for cyberterrorism to cripple significant parts of the US government and private sector, and spam is just one particularly visible part of the problem. The silly messages and sexually oriented products should not deceive anyone about the danger. We ask you to work to coordinate the various companies whose actions and inaction enable spammers to operate, so that the current state of extreme lawlessness can be brought under control.

-- from the spam and
internet security investigators
at InboxRevenge.com.

SiL / IKS / concerned citizen