Friday, November 20, 2009

FDA To Criminal Pharmacy Affiliate Programs: Stop.


Some great news this morning from the Food and Drug Administration.

Yesterday the FDA's office of criminal investigations sent out warning letters to operators of several domains which present websites selling pharmaceuticals illegally. Brian Krebs has the full story including links to the specific letters and the FDA press release, and the full list of warning letters sent by the FDA to several rogue website operators. That is a significant amount of reading, and essentially echos what people like me have been trying to tell the public since at least 2005.

This is definitely a case of "No sh*t, Sherlock", since the FDA was arguably in a position to do this as far back as 2006, but it's better late than never. Letters were sent to 136 website operators, and specifically describe the precise illegal nature of each of the sites, which should be obvious to anyone who reads this blog or follows any ongoing spam-related illegal online pharmacies.

I am also a bit surprised that the main "affiliate program" being called out is rx-commission.com, since we all know that the #1 criminal promoter of these bogus websites is Spamit aka Glavmed, who continue to pummel the Internet at large with their criminal websites promoting what we know to be completely bogus and dangerous versions of pharmaceutical products. But it's still good news.

One of the key, KEY quotes from the press release:

The agency issued 22 warning letters to the operators of these Web sites and notified Internet service providers and domain name registrars that the Web sites were selling products in violation of U.S. law. In many cases, because of these violations, Internet service providers and domain name registrars may have grounds to terminate the Web sites and suspend the use of domain names.

That one is pretty significant: if you allow a domain name to be registered, and that domain is then used to promote any of these rogue pharmacy sites, YOU can shut it down - period. I should hope that this means far-off companies such as XIN Net, Ename, Beijing Innovative Link, etc., will finally get the message: you can now be held as criminally responsible as the individuals whose websites you allow to be registered. My colleagues and I have been trying to get this message across to these organizations for at least the past three years. This press release from the FDA adds considerable weight to our communications to these companies.

"The FDA works in close collaboration with our regulatory and law enforcement counterparts in the United States and throughout the world to protect the public," said FDA Commissioner Margaret A. Hamburg, M.D. "Many U.S. consumers are being misled in the hopes of saving money by purchasing prescription drugs over the Internet from illegal pharmacies. Unfortunately, these drugs are often counterfeit, contaminated, or unapproved products, or contain an inconsistent amount of the active ingredient. Taking these drugs can pose a danger to consumers."

Again: no surprise to anyone reading this blog, but great that they put it in black and white so that (hopefully at least) the average consumer can now be made aware of this action.

The individual warning letters do not mince words:

The United States Food and Drug Administration (FDA) has reviewed your websites [...] and has determined that you are offering products for sale in violation of the Federal Food, Drug, and Cosmetic Act (the Act). These products include, but are not limited to "Xanax (Generic)," "Valium (Generic)," "Viagra (Brand)," "Acomplia (Generic)," "Acomplia (Brand)," "Rimonabant," "Herbal Xanax," and "Herbal Viagra." We request that you immediately cease marketing violative products.

These products, are drugs under section 201 (g) of the Act, 21 U.S.C. § 321 (g), because they are intended for use in the diagnosis, cure, mitigation, treatment, or prevention of disease and/or because they are intended to affect the structure or function of the body. Your marketing and distribution of these drugs violate various provisions of the Act, as described below:[...]

You can't get more clear than that.

I fully expect to see a large number of questions on support forums related to Glavmed or Spamit, saying things like "but you told me this was perfectly legitimate?!?!" I'm certain the responses should be highly entertaining.

Let's see what the next year or so holds in terms of this statement having any real effectiveness in the fight against organized criminals and the websites they continue to push onto unsuspecting consumers.

SiL / IKS / concerned citizen

Tuesday, November 10, 2009

Earth4Energy Appears On Criminal Spam Radar.


In light of recent wins against a variety of Russian-based pharmaceutical spammers, and assistance from Yahoo in getting those pesky Yahoo Groups URLs, I was interested to see what ridiculous trends would start to appear from the same morons who insist on sending spam to people who clearly don't want it.

Enter "Earth4Energy", a site I had never heard of until (you guessed it) people started sharing their samples of inbound, unwanted spam promoting it.

Researching this rather dubious "product" turned out to be pretty interesting, because whoever is behind Earth4Energy has taken great care in registering as many domains as possible - including those which would imply that the product is a scam - and then employing them in all manner of seemingly blackhat SEO (search engine optimization) techniques. This obscures any genuine discussion of this "product", which is why I thought it was probably worth posting here.

Let's start at the beginning. Here's a recently-received sample of the spam being sent, which I have only mildly cleaned up (this particular idiot didn't bother to clean up the formatting for readability):

From: "Dan Kittles"
To: <[spamrecipient]@[domain].com>
Subject: Create a windmill & solar power @ home!

Discover now how to create electricity at home. No gimmicks! It's just a simple science, and I believe you knew it. This is exactly what you need if you are interested of knowing how to generate power and reduce electricity bills at home.

All it takes are guts, the eagerness to read the manual and apply it real life.

Earth4Energy is the solution for our needs. It can reduce our power bills or even completely eliminate it. So why would you follow others who pay $1400 for the installation of Windmill & Solar Power at home? You can actually build your own!

See it on this site to discover it now!

Best Regards,
Dan Kittles
upandaway777@gmail.com

Notice: List is taken from "Dan's Corner". So this e-mail is NEVER sent unsolicited. You are receiving it
because you, or somebody purporting to be you and using your e-mail address, has asked to be added to this mailing list.

To be remove, please reply so. Then we'll remove you from the database.

Boy. Way to go on the copy writing there, moron.

You can see a full example also being reported for spamming at this website. Note that that version, from August 2009, didn't have to use URL shorteners, probably because they had yet to become blacklisted.

The line that says "See it on this site" links to a URL shortener, for obfuscation purposes, in violation of their terms of service regarding spamming:

http://to.ly/tKo

That in turn redirects to:

http://www.earthforenergy.com/

With the ultimate goal being to get you to purchase their "manual" via ClickBank's shopping cart functionality:

https://ssl.clickbank.net/order/orderform.html?time=1257866002&vvvv=656172746834&item=1&cbskin=48&vvar=cbskin%3D48

The site of course contains more breathless testimonials and unsubstantiated claims than even the most bogus pharmacy spam I've seen. That should be red flag #1 to anybody.

So that exposes the "thrust" of this spam campaign, and also the affiliate ID.

Note that not one person who has reported this to me has ever subscribed to "Dan's Corner", nor had they ever heard of either that list or this "product".

Any attempt to "opt out", has also been unsuccessful, as expected.

ClickBank is a fairly well-known "Pay Per Click" affiliate program, and they appear to offer affiliate promotion services for a wide array of products and services.

They also offer a shopping cart service, which is what this particular scam is out to abuse.

Note their extremely specific anti-spam clause in their terms of service:

You shall not directly or indirectly:

a Send, initiate or procure the sending of an Email to any Person who has either not explicitly requested to receive such messages specifically from You, including without limitation for the purposes of sending unsolicited bulk email, executing any "mass mailings" or "email blasts," or for the purpose of spamming any public forum, including without limitation, any blog, message board, classified listings, auction sites, altnet, newsnet, newsgroups, or similar service.

b Send, initiate or procure the sending of an Email to any Person who has explicitly requested to receive no further Emails from You or Your company.

c Employ any false or deceptive information regarding Your identity, or regarding the intent, subject, or origin of the message or fail to include accurate information regarding Your identity, and the intent, subject, and origin of the Email.

[source]

It continues from there, but we can see already: This message violates all three of those. There is no "Dan Kittles", and a search for that email address only returns further discussion of this particular spam campaign.

They began their SEO campaign at least as early as October 2007. The first research I could find regarding this dates from November 2008:

This disease is really getting out of control. Earth4Energy now gets 222,000 hits on Google (October 24, 2008), and it is all a fraud. There are even thousands of fake negatives, like "Don't buy Earth4Energy" and "Earth4Energy Sucks" that lead you to yet more sales pages. Negative reviews are totally drowned out by the massive, cancerous marketing campaign.

[source]

That same author has set up an extremely detailed page specifically criticizing all of this company's claims regarding Earth4Energy, and in my opinion it's definitely worth a read, especially the completely bold-faced threats that they against the author make regarding his negative review. (Read on, you'll see that his dissection is pretty much spot-on.)

Affiliates for this scam have also spammed Craigslist repeatedly, and continue to do so now. [example]

There is, of course, a link to the Earth4Energy affiliate program [affiliatematerial.com], and it becomes extremely obvious that this group do not care how you promote this crap. They don't care if you paint some random person's house with your domain name. There is no abuse process, no terms of service, nada. Just sign up, and (they allege) you can "start making money now!"

I tested out a signup, and their process doesn't include anything verifying that you have solid, opt-in-only lists, that you have whitelisted domains, etc. They just ask for a name and email, and you're in. Period.

Their "product" list looks like a veritable megastore of utterly useless crap. "Hair Extensions DIY", "Zero Chemicals", "DIY Hot Water", and of course the only product I or any of the people had contacted me had heard of, "Earth4Energy".

Note that in these examples they plainly list a ClickBank url. They don't reiterate ClickBank's terms of service, they don't say anything about not spamming people, and they don't warn against flooding other sites or forums with links to these promotional urls.

Now: add to this that I've actually been sent a copy of this alleged "manual". Let me tell you: it is extremely slim on any kind of technical details regarding the construction of either a solar panel or a windmill. It has very cursory descriptions of how to build each piece, but no schematics, no detailed parts lists with sample pricing, etc.

Check out this excerpt regarding how to secure your windmill in the event of strong winds:

but how do we stop it from rotating wildly during high winds or severe storms? This is not something we want as it could tangle the wires and damage them. The easiest home fix for this is to use a bungee cord. You may think this sounds like a cheap little fix, and you are right! It is a cheap fix and it works very well.

Ignoring for the moment that this would violate numerous building and safety codes, there is no legitimate construction manual I have ever seen in my life that would recommend this solution. Especially not one that is a digital download being sold for $49 USD.

It is also rife with spelling and grammatical mistakes which make it clear that this is definitely a money grab.

In comparison to the plethora of actual forums and discussions regarding DIY electrical generation (there are dozens of them out there,) I find it very hard to believe that anyone would seriously think that this "manual" is worth the money being paid. It certainly appears that more than mere "guts" are required, and the manual itself makes it extremely unlikely that anyone would "apply it real life."

The affiliate company behind this operation has been extremely active at responding to any negative commentary regarding this product. (Again: note their threats against a detailed analysis of why their product could be bogus.) The moment anyone complains about it being a scam, there is immediately a response saying that perhaps they didn't do it right, or stating that the person complaining just didn't bother to build it. This of course seeds doubt regarding the claims, so the sites are continually allowed to exist and be promoted. You can see a series of examples of this here.

I would have to say in the strongest possible terms: this product is a scam. It is worthless. Do not waste your money on it. As with any "product" being promoted via unwanted spam, it is utter crap, and not worth anyone's time, energy, or money.

SiL / IKS / concerned citizen

P.S. Update: it turns out that the nlcpr.com dissection already included lots of info from the actual pdf file these scammers sell. He does a very thorough job of refuting literally every claim in this so-called "manual." Again: do not waste your money. Thanks to readers who sent me this update.

Thursday, November 5, 2009

InBoxRevenge.com: DDOS #3




As many of you may now be aware, the forum I assist in maintaining known as InBox Revenge is down at the moment.

That's because someone out there (you can imagine who) seems to have randomly gotten pissed off at my team's research. Which research in particular? I have no idea. It wasn't a particularly busy month so far.

The attack is ongoing and likely costing someone lots of money. The good news about that is: this has become a great means of logging the attack as much as possible for both law enforcement agencies and the security community.

If you're a member of that community, feel free to contact me via comments. (I won't publish them if you don't want me to.) This attack already answers several questions that a lot of security websites were asking back in February.

As for our research: it's still ongoing. The forum has only been one of numerous ways we stay in touch.

Thanks to those who got in touch with me already about this, and thanks for your patience if you're a regular reader of that forum.

I'd also like to recommend our hosting company, Servint.net, who provide excellent uptime as well as fantastic security and support services.

More as it happens.

SiL / IKS / concerned citizen

Wednesday, November 4, 2009

SEO Comment Spammer Without A Clue

Looks like some "SEO" spammers have decided to bombard this blog with "comments" to boost their sites' page rankings.

Let's take a look shall we?

Starting on Nov. 2nd, I began receiving comment postings as follows:

deepak has left a new comment on your post "I just won the Microsoft, Toyota, Yahoo and MSN Lo...":

it's a really nice blog thanks for add my comment...

Welcome to Thebettingonline. We are here for to be the most online betting. For read our online casino gambling and betting guide click on www.thebettingonline.com. We also suggest you types of betting action Opening bets, Calling, Rising, Checking, it will help you to win the Bet.Online Poker Betting


Then on Nov. 4th, the same idea only with a different Blogger account:

mukesh has left a new comment on your post "I just won the Microsoft, Toyota, Yahoo and MSN Lo...":

it's a really nice blog thanks for add my comment...

Club casino online is a place where you can play the best and most popular online casino games. Here you will enjoy the very finest in online casino entertainment presented today, you may be sure of a secure and sound, helpful and friendly environment. If you want to play Blackjack, Pontoon, Baccarat, Casino War, Desert Treasure, A night Out, Ways Royal, 4 Line Jacks Or Better, Aces and Faces and more online casino games then just visit on clubcasinoonline.com.Online Casino Games


In each case the spammer was of course attempting to get this blog to link to each of his domains:

thebettingonline.com
clubcasinoonline.com

Deepak's profile is here:

http://www.blogger.com/profile/15774993016293932083

Mukesh's profile is here:

http://www.blogger.com/profile/06060353648109596325

Both were created solely to create these annoying, repetitive comments in an attempt to boost page ranks. (Though with such ridiculous copy, I can't imagine anyone having the slightest interest in clicking on anything this moron posts.)

The sites themselves don't "do" anything. They just sit there, being linked to via comment spam.

A bit further digging shows that my blog is not the only one affected by this mentally-challenged individual. A search for one of the phrases turns up ten entries which have the same posting. A search for the other turns up only four.

Further searches for the domains he's trying to link to pulls up even further sites where he's comment spammed repeatedly.

Notice of course that none of these sites that this idiot is "commenting" on have the slightest thing to do with gambling.

Of course, this blog comment spammer also uses Google Analytics on that first domain to track the inbound traffic to his scammy little setup. His account id is UA-10919767-14

But without links to anything, what is the point?

The second site lists yet another domain name -- bestbettingcasino.com -- but doesn't link to it. Why? (That site is also using his Google Analytics account, using id: UA-10919767-16)

All of this is a roundabout attempt to... create traffic. For what?

This is one of the stupidest attempts I've seen by anyone to try to drum up linked traffic with no monetization. Keep up the horrible work, "Deepak".

SiL / IKS / concerned citizen