Canadian Pharmacy Actually 51 Websites in China, Malaysia, Vietnam, Ukraine and Others
Geo-locations of botnet IPs
Source: https://www.incapsula.com/blog/viagra-spam-botnet.html
Email spam is one of the curses of our online lives. At the very least, it is a nuisance, and at its worst, it distributes false information, dangerous malware, and phishing messages. TG Daily recently reported how one company determined that there was not an online Canadian pharmacy behind email spam messages, but a massive botnet operating out of countries multiple around the world.
A botnet is a group of devices that can access the internet and have been infected with malware, allowing the devices to be remotely controlled. Usually, the owner does not know that their device is now part of the botnet. The creator of the botnet can apply the collective resources of all the devices to spread malware, steal data, and perform other malicious or profitable activities. The two best-known examples of botnet activities are DDoS attacks and spam campaigns.
Incapsula, a company that provides their clients’ websites with a cloud-based enterprise-grade security system, investigated after receiving an unusually high number of requests that triggered their security rules. They discovered a three-pronged spam attack:
- The first was a slew of encoded commands that would modify .htaccess configuration files on compromised sites.
- A custom-made malware infected the servers that the websites were on.
- The malware would then start to receive payloads from the botnet containing information needed to send out spam emails.
What advertised itself as a Canadian pharmacy was really 51 websites used by the spammers to sell counterfeit drugs. The websites were in China, Malaysia, Vietnam, Ukraine, France, Taiwan, Russia, Indonesia, and Romania. By tracing back the IPs of those websites, over 1,005 more active domains were found, with over 70% hosted in Russia and the remainder hosted in France. In only 14 days, 86,276 unique IPS worldwide were used by the botnet.
In 2015, the World Health Organization estimated that 50% of fake online pharmacies sell counterfeit drugs containing ingredients such as rat poison, brick dust, and paint materials. They also estimated that counterfeit medicines were a $431 billion per year industry with demonstrated tied to organized crime. When the National Association of Boards of Pharmacy reviewed 11,299 Internet websites offering prescription medication for sale and discovered that “10,823 (95.8%) were found to be operating out of compliance with state and federal laws and/or NABP patient safety and pharmacy practice standards.”
Purchasing from a fake online pharmacy threatens more than a person’s physical health. Consumers who purchased from spam-advertised fake online pharmacies have also been the subjects of theft of credit card, and personal information, as well as exposing their computers and those of their online contacts to malware attacks and system infection.