Largest Canadian Pharmacy Spammer Spamit Shuts Down
'Canadian Pharmacy' spam goes quiet as Spamit voluntarily shuts down, significantly reducing global spam volume.In a rare bit of good news in the effort to reduce the relentless volume of junk e-mail, Spamit has closed its doors, dramatically decreasing global spam volumes, wrote a researcher on Cisco Systems security blog. "We don't often hear about spam getting better," IronPort Systems Senior Security Researcher Henry Stern said in a phone call to eWEEK. "A spammer shut down voluntarily. They decided they were done."
Spamit was the largest fake pharmacy affiliate program bombarding users over the years with spam advertising pharmaceutical products from Canada, but it has been recently declining, Stern said.
"Dmitry Samosseiko, senior manager of SophosLabs Canada, wrote last year in his excellent Partnerka paper (PDF) that Spamit affiliates are thought to be responsible for managing some of the world's most disruptive, infectious and sophisticated collections of hacked PCs or "botnets," including Storm, Waledec and potentially Conficker."Cisco Security Intelligence Operations proved "Spamit was providing more than just fulfillment services for its affiliates" and was actively spamming users via the Storm botnet through 2007 and 2008, Stern wrote in the Oct. 5 post. Fake pharmacy pills remain a lucrative scam for affiliate programs. There was a good market for counterfeit drugs in regions where drugs like Viagra are taboo, Stern said. Since customers placing orders were actually getting pills, business was going well. In the Oct. 5 post, Stern described how he and other Cisco researchers placed orders with My Canadian Pharmacy, a site run by Spamit competitor Bulker.biz, to see what resulted. In response to the first order they received a pack of "eight anonymous blue pills" that turned out to be plain tablets containing no pharmaceutical or controlled substances. The second order, placed "a few months later," produced a pack of pills that chemically contained the same compounds as Pfizer's Viagra, which Stern said indicated the affiliate had switched suppliers. Spam volumes leveled off and have been holding steady for the past 18 months, according to Stern. This is a result of various legal actions shutting down botnets and administrators becoming savvier about implementing technology that detects and rejects spam. With spam traffic not increasing, the closure of a program as large and active as Spamit had a significant impact on total volume. "It almost seems too good to be true that Spamit would voluntarily cease its operation and one can't help but wonder if the tales of its demise are greatly exaggerated," Stern wrote.