Feeds

Spammers aim to profit from swine flu pandemic

Caution advised over modern day Harry Limes

SANS - Survey on application security programs

Russian cybercrooks have laid the groundwork needed to build a business cashing in on swine flu panic-buying.

Tamiflu sales from dodgy unlicensed pharmaceutical websites are being promoted through spam email, search engine manipulation and a variety of other underhand techniques. Web affiliates, commonly based in Russia where they are called Partnerka, are driving traffic to dodgy pharmaceutical sites using a variety of spam and adware-related marketing tactics.

Hundreds of virtually similar so-called "Canadian pharmacy" sites exist. Although they claim to be based in Canada (a tactic designed to add a thin layer of legitimacy) the sites might be actually be located anywhere in the world.

Sophos reports that members of Glavmed, one of the more popular Russian affiliate networks, can earn an average of $16,000 a day promoting such dodgy pharmacy websites. These sites have begun advertising Tamiflu alongside more traditional products such as Viagra and Ciallis.

Responding to these spamvertised websites risks exposure to potentially dangerous drugs, while also handing over personal data to cybercrooks, net security firm Sophos warns.

This July witnessed a huge increase in UK internet searches for Tamiflu, at a time when concerns that global Tamiflu production was falling behind schedule. The northern winter could see a repeat of this interest, creating a demand that unlicensed online pharmacies are ready to exploit.

Rat boys

The business model of the cybercrooks is straightforward. Surfers searching for information online about Tamiflu are directed to specific online pharmacies where they are invited to buy a generic and (likely counterfeit) version of the drug. Cybercrooks have manipulated search engine results to drive as much online traffic as possible to illicit pharmacy websites using black-hat search-engine optimisation techniques. Cybercrooks are also bombarding web users with spam and messages from hacked accounts on social networking websites

Sites supplying the drug pay affiliates between 20-40 per cent of the value of any sale. Buyers typically receive some kind of drug as result of their purchase but the supplied pills are liable to be out of date or otherwise risky. In other cases users may receive only sugar-pill placebos. Sophos reckons the top five countries purchasing Tamiflu and other drugs from bogus sites are the US, Germany, UK, Canada and France.

"As more and more cases of swine flu in the UK come to light, it is essential that we all resist the panic-induced temptation to purchase Tamiflu online," said Graham Cluley, senior technology consultant at Sophos.

"The criminal gangs working behind the scenes at fake internet pharmacies are putting their customers’ health, personal information and credit card details at risk. They have no problem breaking the law to promote these websites, so you can be sure they’ll have no qualms in exploiting your confidential data or selling you medications which may put your life in danger.

"If you think you need medication go to your real doctor, and stay away from quacks on the internet."

Sophos's research into Partnerka spam affiliate networks more generally, presented at the Virus Bulletin conference back in September, can be found here (PDF).

The warning about spam promoting dodgy pharmaceutical sites coincides with the start of a campaign by drug firm Pfizer, warning that between 50-90 per cent of drugs sold through unlicensed sites are counterfeit. Pfizer has produced a hard-hitting TV advert - which is only allowed to be shown on British TV after 11 o'clock at night - that depicts a man throwing up a rat, as part of this campaign. It claims that rat poison can be one of the ingredients of "medicines" on offer from illegal websites.

In support of its public education push, the Viagra developer has also set up a website featuring less stomach-churning material at realdanger.co.uk. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.