Largest Canadian Pharmacy Spammer Spamit Shuts Down
In a rare bit of good news in the effort to reduce the relentless volume of junk e-mail, Spamit has closed its doors, dramatically decreasing global spam volumes, wrote a researcher on Cisco Systems security blog.
"We don't often hear about spam getting better," IronPort Systems Senior Security Researcher Henry Stern said in a phone call to eWEEK. "A spammer shut down voluntarily. They decided they were done."
Spamit was the largest fake pharmacy affiliate program bombarding users over the years with spam advertising pharmaceutical products from Canada, but it has been recently declining, Stern said.
The "Canadian Pharmacy" Websites sell prescription drugs without requiring a prescription. While there are thousands of these sites online, experts say most of the drugs shipped to customers are exported from India and China.
"The affiliate programs serve the spammers by designing Website templates, operating hidden back-end order fulfillment servers, processing credit card payments, [and] shipping and tracking the physical goods," Stern wrote. The programs "ultimately [pay] a substantial commission to the spammer" out of their revenues.
Independent security researcher Brian Krebs wrote recently about Spamit administrators threatening to shut down operations at the end of September, because it was receiving increased "negative" public attention.
Stern said he didn't think Spamit was facing any direct police action yet, but thought the affiliate program wanted to disappear before the publicity turned into a legal problem.
While Stern was "really glad to see them go," he was angry that it's "a crime they don't have to answer for. They are basically getting away with it," he said to eWEEK.
In a Sept. 10 blog post, Stern wrote:
"Dmitry Samosseiko, senior manager of SophosLabs Canada, wrote last year in his excellent Partnerka paper (PDF) that Spamit affiliates are thought to be responsible for managing some of the world's most disruptive, infectious and sophisticated collections of hacked PCs or "botnets," including Storm, Waledec and potentially Conficker."
Cisco Security Intelligence Operations proved "Spamit was providing more than just fulfillment services for its affiliates" and was actively spamming users via the Storm botnet through 2007 and 2008, Stern wrote in the Oct. 5 post.
Fake pharmacy pills remain a lucrative scam for affiliate programs. There was a good market for counterfeit drugs in regions where drugs like Viagra are taboo, Stern said. Since customers placing orders were actually getting pills, business was going well.
In the Oct. 5 post, Stern described how he and other Cisco researchers placed orders with My Canadian Pharmacy, a site run by Spamit competitor Bulker.biz, to see what resulted. In response to the first order they received a pack of "eight anonymous blue pills" that turned out to be plain tablets containing no pharmaceutical or controlled substances. The second order, placed "a few months later," produced a pack of pills that chemically contained the same compounds as Pfizer's Viagra, which Stern said indicated the affiliate had switched suppliers.
Spam volumes leveled off and have been holding steady for the past 18 months, according to Stern. This is a result of various legal actions shutting down botnets and administrators becoming savvier about implementing technology that detects and rejects spam. With spam traffic not increasing, the closure of a program as large and active as Spamit had a significant impact on total volume.
"It almost seems too good to be true that Spamit would voluntarily cease its operation and one can't help but wonder if the tales of its demise are greatly exaggerated," Stern wrote.