Feeds

Spammers aim to profit from swine flu pandemic

Caution advised over modern day Harry Limes

Website security in corporate America

Russian cybercrooks have laid the groundwork needed to build a business cashing in on swine flu panic-buying.

Tamiflu sales from dodgy unlicensed pharmaceutical websites are being promoted through spam email, search engine manipulation and a variety of other underhand techniques. Web affiliates, commonly based in Russia where they are called Partnerka, are driving traffic to dodgy pharmaceutical sites using a variety of spam and adware-related marketing tactics.

Hundreds of virtually similar so-called "Canadian pharmacy" sites exist. Although they claim to be based in Canada (a tactic designed to add a thin layer of legitimacy) the sites might be actually be located anywhere in the world.

Sophos reports that members of Glavmed, one of the more popular Russian affiliate networks, can earn an average of $16,000 a day promoting such dodgy pharmacy websites. These sites have begun advertising Tamiflu alongside more traditional products such as Viagra and Ciallis.

Responding to these spamvertised websites risks exposure to potentially dangerous drugs, while also handing over personal data to cybercrooks, net security firm Sophos warns.

This July witnessed a huge increase in UK internet searches for Tamiflu, at a time when concerns that global Tamiflu production was falling behind schedule. The northern winter could see a repeat of this interest, creating a demand that unlicensed online pharmacies are ready to exploit.

Rat boys

The business model of the cybercrooks is straightforward. Surfers searching for information online about Tamiflu are directed to specific online pharmacies where they are invited to buy a generic and (likely counterfeit) version of the drug. Cybercrooks have manipulated search engine results to drive as much online traffic as possible to illicit pharmacy websites using black-hat search-engine optimisation techniques. Cybercrooks are also bombarding web users with spam and messages from hacked accounts on social networking websites

Sites supplying the drug pay affiliates between 20-40 per cent of the value of any sale. Buyers typically receive some kind of drug as result of their purchase but the supplied pills are liable to be out of date or otherwise risky. In other cases users may receive only sugar-pill placebos. Sophos reckons the top five countries purchasing Tamiflu and other drugs from bogus sites are the US, Germany, UK, Canada and France.

"As more and more cases of swine flu in the UK come to light, it is essential that we all resist the panic-induced temptation to purchase Tamiflu online," said Graham Cluley, senior technology consultant at Sophos.

"The criminal gangs working behind the scenes at fake internet pharmacies are putting their customers’ health, personal information and credit card details at risk. They have no problem breaking the law to promote these websites, so you can be sure they’ll have no qualms in exploiting your confidential data or selling you medications which may put your life in danger.

"If you think you need medication go to your real doctor, and stay away from quacks on the internet."

Sophos's research into Partnerka spam affiliate networks more generally, presented at the Virus Bulletin conference back in September, can be found here (PDF).

The warning about spam promoting dodgy pharmaceutical sites coincides with the start of a campaign by drug firm Pfizer, warning that between 50-90 per cent of drugs sold through unlicensed sites are counterfeit. Pfizer has produced a hard-hitting TV advert - which is only allowed to be shown on British TV after 11 o'clock at night - that depicts a man throwing up a rat, as part of this campaign. It claims that rat poison can be one of the ingredients of "medicines" on offer from illegal websites.

In support of its public education push, the Viagra developer has also set up a website featuring less stomach-churning material at realdanger.co.uk. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Blood-crazed Microsoft axes Trustworthy Computing Group
Security be not a dirty word, me Satya. But crevice, bigod...
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.