Monday, January 31, 2011

Spammers Are Now Using Verified By Visa

It's been a while since I posted anything here. It's been a really busy two years, all in really good ways.

I've begun receiving tons (as usual) of spam promoting a new "Viagrow" site setup. This same spammer also sends me Ultimate Replica spam and spam messages promoting "Online Pharmacy" (I don't know the affiliate program for that one.)

Viagrow is of course yet another in a long line of utterly fake penis enlargement products. (I have to wonder why these spammers, all predominantly Russian, have such a fixation on penises, but that's probably a topic for another day.)

I decided to check out the new "Viagrow" site setup in terms of examining their order processing methods and was stunned to discover that they actually use the Verified by Visa process. This is a first, and is especially surprising given how frequently spam affiliate programs have been abusing the Verified by Visa brand over the past six years.

Spammed site:

http://[randomtext].change-your-life1.com/

Presents two forms to the user to capture personal details including full credit card details. It does so (of course) using no security whatsoever.

Posting the second form leads to this spam operation's custom payment processing domain:

http://cyber-pay.biz/paynet/payment.html

Which in turn passes the form's values to the actual Verified by Visa domain, using Visa's proprietary encryption.

Since I began researching criminal spam operations and the forms their sites use to snare personal details from victims (ahem) "customers", Visa - or more likely the third-party "high-risk" merchants who perform the processing - has never canceled any processing for these sites. This is going all the way back to 2002 or earlier. MasterCard and American Express have repeatedly denied service to pro-spam websites, but never Visa.

Now the Verified by Visa program, one which is directly operated by Visa itself, is allowing payments to be processed directly, essentially sending the message that Visa as a company is a-ok with criminals using their services.

cyber-pay.biz is registered with Directi and hosted on 67.228.177.168, provided by SoftLayer. Softlayer is now owned by ThePlanet. Softlayer has provided hosting, dns and domain registration to online criminals for many years now, so it's probably not going down anytime soon. Directi, in my experience, has been very helpful with spam complaints so we'll see what happens in that department.

change-your-life1.com is registered with bizcn, hosted on 93.114.40.213 by Voxility in Bucharest, Romania.

If anyone knows of any Verified by Visa contacts I'd be extremely interested to see if anyone over there would care to respond regarding their support of a criminal spamming operation.

SiL / IKS / concerned citizen

3 comments:

Anonymous said...

You seem to have had an effect on change-your-life1.com

DNS:
ns1.privenowtoo.com [Status: clientHold]
ns2.privenowtoo.com [Status: clientHold]
ns3.gogetsuperr.com [Status: clientHold]
ns4.gogetsuperr.com [Status: clientHold]

Web site domain name is unresolved after these actions by registrar BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN

IKillSpammerz said...

I wish it were me. :)

The point is: they re-create new domains in the hundreds per day. They'll still continue to use this payment processing method unless Visa actually does something about it.

SiL

Anonymous said...

Evidently the merchant certification is contracted by Visa to a third party security company -- have you read the privacy & security statement on the Verified by Visa site? http://usa.visa.com/personal/security/vbv/privacy.html ?

There are also some contacts at
http://www.visaeurope.com/en/about_us/contact_us.aspx