'Canadian Pharmacy' spam goes quiet as Spamit voluntarily shuts down, significantly reducing global spam volume.
In a rare bit of good news in the effort to reduce the relentless volume of
junk e-mail, Spamit has closed its doors, dramatically decreasing global spam
volumes, wrote a researcher on Cisco
Systems security blog.
"We don't often hear about spam getting better," IronPort Systems
Senior Security Researcher Henry Stern said in a phone call to eWEEK. "A
spammer shut down voluntarily. They decided they were done."
Spamit was the largest fake pharmacy affiliate program bombarding users over
the years with spam advertising pharmaceutical products from Canada,
but it has been recently declining, Stern said.
The "Canadian Pharmacy" Websites sell prescription drugs without
requiring a prescription. While there are thousands of these sites online,
experts say most of the drugs shipped to customers are exported from India
"The affiliate programs serve the spammers by designing Website
templates, operating hidden back-end order fulfillment servers, processing
credit card payments, [and] shipping and tracking the physical goods,"
Stern wrote. The programs "ultimately [pay] a substantial commission to
the spammer" out of their revenues.
Since Oct. 4, Stern said, there has been "no sign of spam advertising 'Canadian
Pharmacy' and our SenderBase
services are both showing a [20
percent] decrease in global spam volumes."
Independent security researcher Brian
wrote recently about Spamit administrators threatening to shut down
operations at the end of September, because it was receiving increased "negative"
Stern said he didn't think Spamit was facing any direct police action yet,
but thought the affiliate program wanted to disappear before the publicity
turned into a legal problem.
While Stern was "really glad to see them go," he was angry that it's
"a crime they don't have to answer for. They are basically getting away
with it," he said to eWEEK.
In a Sept. 10 blog post, Stern wrote:
Samosseiko, senior manager of SophosLabs Canada, wrote last year in his
excellent Partnerka paper (PDF) that
Spamit affiliates are thought to be responsible for managing some of the world's
most disruptive, infectious and sophisticated collections of hacked PCs or "botnets,"
including Storm, Waledec
and potentially Conficker."
Cisco Security Intelligence Operations proved "Spamit was providing
more than just fulfillment services for its affiliates" and was actively
spamming users via the Storm botnet through 2007 and 2008, Stern wrote in the
Oct. 5 post.
Fake pharmacy pills remain a lucrative scam for affiliate programs. There
was a good market for counterfeit drugs in regions where drugs like Viagra are
taboo, Stern said. Since customers placing orders were actually getting pills,
business was going well.
In the Oct. 5 post, Stern described how he and other Cisco researchers
placed orders with My Canadian Pharmacy, a site run by Spamit competitor
Bulker.biz, to see what resulted. In response to the first order they received a
pack of "eight anonymous blue pills" that turned out to be plain
tablets containing no pharmaceutical or controlled substances. The second
order, placed "a few months later," produced a pack of pills that
chemically contained the same compounds as Pfizer's Viagra, which Stern said indicated
the affiliate had switched suppliers.
Spam volumes leveled off and have been holding steady for the past 18
months, according to Stern. This is a result of various legal actions shutting
down botnets and administrators becoming savvier about implementing technology
that detects and rejects spam. With spam traffic not increasing, the closure of
a program as large and active as Spamit had a significant impact on total
"It almost seems too good to be true that Spamit would voluntarily
cease its operation and one can't help but wonder if the tales of its demise
are greatly exaggerated," Stern wrote.