Massive
spam scams infect whole world
Sunday,
July 29, 2007
BY JOHN BRANTON, Columbian staff writer
You're
going through your e-mails when you encounter one from "The United States
National Medical Association."
That
sounds promising, you think. No one can know too much about medical matters, right?
Hey,
it could save your life.
So
you open it up and find this message:
"Do
you buy pharmaceuticals online? The US NMA was specifically established to protect
the consumer. Our experts check every online shop for bogus medicines. The blacklist
of unreliable or simply fraud shops is updated every week. We strongly recommend
to (sic) visit our site before buying any medical products online."
What
a public service, you marvel! And coming in completely unsolicited, and free,
right to your computer, with a click of a mouse.
If
you're not suspicious yet, you should be.
Below
the message is a link, which appears to be, but isn't, www.us-nma.com .
So
you click on the link, and the pitch starts curving low and inside.
Up
comes not a blacklist of shady companies, but a slick, full-color Web site titled
"MyCanadianPharmacy." And the address isn't www.us-nma.com . It's viewsite.hk/p/?&pid=1359
. Or something else, each time you open one of these frequently arriving e-mails.
That's
odd, of course, but still the Web site catches your eye.
There's
a photo of two attractive, young, dedicated-looking doctors, dressed in white
and with stethoscopes around their necks.
The
Web site is offering name-brand prescription drugs ranging from Valium and Cialis
to Viagra and Xanax, at what look like great prices.
But
this is worlds away from a bargain.
According
to several reliable sources, including Forbes.com, the Better Business Bureau
and knowledge.wpcarey.asu.edu, it's one of the most notorious worldwide spam scams
to hit the ether since the Internet rearranged life as we know it.
In
what's being called a "giant spam attack," crooks are spraying the spurious
e-mails around the globe by the billions, experts say.
At
The Columbian, newsroom employees' e-mail addresses have been harvested off www.columbian.com
and sold in spam lists for many years. Several employees have been getting the
unsolicited MyCanadianPharmacy e-mails.
One
reporter has received them nearly every day for the past several weeks.
A
worldwide problem
In
a story titled "Spam Hunter," posted on Forbes' member Web site in July,
Victoria Murphy Barret tells how an Internet security expert with IronPort, a
Cisco company, detected the scope of the unprecedented spam attack. Barret is
an associate editor in Forbes' Silicon Valley bureau.
"On
a typical day IronPort's hardware, deployed at companies around the world, catches
5 billion spam e-mails, or 16 percent of all spam on the Internet," she wrote.
"But by noon on Memorial Day, the volume was already double the norm, and
new varieties were mutating rapidly to avoid detection.
"The
surge went on for two more weeks and turned out to be a single, coordinated blast
- 20 billion messages in all - designed to drive gullible buyers to 14 e-commerce
sites, such as MyCanadianPharmacy.info and ExclusiveCaviarOnline.com, hawking
fake Viagra, Rolexes and Russian caviar."
The
story goes on to tell how the IronPort expert, Patrick Peterson, ordered Viagra
and received an envelope from India. An analysis of the pills found they contained
nothing but filler, not the drug that powers Viagra.
The
story says Peterson never caught the crooks, but he learned how they operate,
and how to protect computer systems from them.
IronPort,
which recently was acquired by Cisco for $830 million, according to Forbes, also
has released its own report, "Internet Security Trends for 2007."
The
report, written by Tom Gillis, IronPort's chief marketing officer, says the company
learned the spam attack was being sent out from more than 100,000 mail servers
in 119 countries.
Many
of the servers were ordinary personal computers that had been "infected by
either a virus or spyware and use 'zombies' to relay spam," Gillis wrote.
Gillis
added that IronPort analysts traced Viagra tablets they ordered to "an apartment
in Mumbai, India - near a pharmaceuticals plant with a reputation for producing
knock-off drugs."
Investigators
also traced MyCanadianPharmacy's address "to a vacant lot in a rough part
of Toronto," Gillis wrote.
Another
online bogus drug company the same scam artists were using is Pharma Shop, the
report said.
Compounding
the fraud, and the confusion, the high-tech scam artists stole the name MyCanadianPharmacy
from a valid pharmaceutical company, Canada Drugs, headquartered in Winnipeg.
Canada
Drugs is the legal owner of the name MyCanadianPharmacy. In fact, those who visit
www.mycanadianpharmacy.com will arrive at Canada Drugs' Web site, www.canadadrugs.com.
Canada
Drugs has been working with the FBI, Federal Trade Commission and the Better Business
Bureau for six years to fight online crooks posing as legitimate Canadian pharmacies,
an employee told The Columbian.
The
Better Business Bureau two years ago issued an international alert, saying that
the people who operate MyCanadianPharmacy are using a logo that falsely claims
it is listed with the BBB.
A
visit to www.bbbonline.org/consumer shows that Canada Drugs is a member of the
bureau, and MyCanadianPharmacy is not.
A
BBB reliability report about My Canadian Pharmacy Corp. says it had an unsatisfactory
record. The main reason: "Company cannot be located."
The
Columbian also was unable to make contact with the company, independently or via
its Web site.
The
unknown people who are sending all those e-mails, beginning with the bogus page
from "The United States National Medical Association," also ripped off
that name.
The
real National Medical Association, headquartered in Washington, D.C., is a nationwide
group representing the interests of thousands of physicians and patients of African
descent, according to its Web site, www.nmanet.org .
And
the www.us-nma.com link that leads to MyAmericanPharmacy is what those knowledgeable
about computers call a redirect, which can be detected by placing the cursor on
it, doing a right click and selecting properties to see the real address.
If
you left-click on the link, you think you're going to where the link indicates.
But you're actually going to the redirect address, which could be anyone, anywhere
on the planet.
'No
end in sight'
The
report by IronPort says total "spam volumes have doubled and tripled annually,
with no end in sight."
One
of the two main surges of spam is trafficking of illegal pharmaceuticals, as with
MyCanadianPharmacy, the report says. The other main surge is a stock scam called
"pump and dump," the report says. In this one, an unscrupulous investor
will buy "a lightly traded stock with small market capitalization,"
then send out perhaps a billion e-mails saying the stock is undervalued and will
rise.
If
all those spam messages convince a tiny percentage of recipients to buy it, and
the stock's value rises a bit, the scam artist quickly sells it for a profit.
The
bottom line, officials say: Folks should be wary of spam e-mails, which can rip
them off or inject viruses, "malware" and other software problems into
their computer systems.
"It's
probably not in their best interest to even open an unsolicited e-mail,"
said Sgt. Tim Bieber, the case-management officer with the Clark County Sheriff's
Office. "If it's a source they don't recognize."
And
even if it looks like it's from a company or person you recognize ? well, let's
just say that looks can be deceiving.
So
if you want to go to your bank's Web site, or that of another reputable company,
type its Web address in yourself, rather than clicking on a link in an unsolicited
e-mail.
