Feeds

Spammers aim to profit from swine flu pandemic

Caution advised over modern day Harry Limes

Security for virtualized datacentres

Russian cybercrooks have laid the groundwork needed to build a business cashing in on swine flu panic-buying.

Tamiflu sales from dodgy unlicensed pharmaceutical websites are being promoted through spam email, search engine manipulation and a variety of other underhand techniques. Web affiliates, commonly based in Russia where they are called Partnerka, are driving traffic to dodgy pharmaceutical sites using a variety of spam and adware-related marketing tactics.

Hundreds of virtually similar so-called "Canadian pharmacy" sites exist. Although they claim to be based in Canada (a tactic designed to add a thin layer of legitimacy) the sites might be actually be located anywhere in the world.

Sophos reports that members of Glavmed, one of the more popular Russian affiliate networks, can earn an average of $16,000 a day promoting such dodgy pharmacy websites. These sites have begun advertising Tamiflu alongside more traditional products such as Viagra and Ciallis.

Responding to these spamvertised websites risks exposure to potentially dangerous drugs, while also handing over personal data to cybercrooks, net security firm Sophos warns.

This July witnessed a huge increase in UK internet searches for Tamiflu, at a time when concerns that global Tamiflu production was falling behind schedule. The northern winter could see a repeat of this interest, creating a demand that unlicensed online pharmacies are ready to exploit.

Rat boys

The business model of the cybercrooks is straightforward. Surfers searching for information online about Tamiflu are directed to specific online pharmacies where they are invited to buy a generic and (likely counterfeit) version of the drug. Cybercrooks have manipulated search engine results to drive as much online traffic as possible to illicit pharmacy websites using black-hat search-engine optimisation techniques. Cybercrooks are also bombarding web users with spam and messages from hacked accounts on social networking websites

Sites supplying the drug pay affiliates between 20-40 per cent of the value of any sale. Buyers typically receive some kind of drug as result of their purchase but the supplied pills are liable to be out of date or otherwise risky. In other cases users may receive only sugar-pill placebos. Sophos reckons the top five countries purchasing Tamiflu and other drugs from bogus sites are the US, Germany, UK, Canada and France.

"As more and more cases of swine flu in the UK come to light, it is essential that we all resist the panic-induced temptation to purchase Tamiflu online," said Graham Cluley, senior technology consultant at Sophos.

"The criminal gangs working behind the scenes at fake internet pharmacies are putting their customers’ health, personal information and credit card details at risk. They have no problem breaking the law to promote these websites, so you can be sure they’ll have no qualms in exploiting your confidential data or selling you medications which may put your life in danger.

"If you think you need medication go to your real doctor, and stay away from quacks on the internet."

Sophos's research into Partnerka spam affiliate networks more generally, presented at the Virus Bulletin conference back in September, can be found here (PDF).

The warning about spam promoting dodgy pharmaceutical sites coincides with the start of a campaign by drug firm Pfizer, warning that between 50-90 per cent of drugs sold through unlicensed sites are counterfeit. Pfizer has produced a hard-hitting TV advert - which is only allowed to be shown on British TV after 11 o'clock at night - that depicts a man throwing up a rat, as part of this campaign. It claims that rat poison can be one of the ingredients of "medicines" on offer from illegal websites.

In support of its public education push, the Viagra developer has also set up a website featuring less stomach-churning material at realdanger.co.uk. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
NASTY SSL 3.0 vuln to be revealed soon – sources (Update: It's POODLE)
So nasty no one's even whispering until patch is out
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
Forget passwords, let's use SELFIES, says Obama's cyber tsar
Michael Daniel wants to kill passwords dead
FBI boss: We don't want a backdoor, we want the front door to phones
Claims it's what the Founding Fathers would have wanted – catching killers and pedos
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.