Criminal Prescription: Fake Pharmacies Haunt Bing

Illegal pharmacies have long been a staple of the Internet, despite the efforts of regulators, public and private, aimed at removing them from the Web.

Newly published research into ad results provided by Microsoft’s recently launched Bing search engine find that the unauthorized sites are still popping up all over the place, however.

The uncertified businesses are recognized as a major problem by everyone from groups such as the U.S. FDA, who have been unable to effectively stem the flow of counterfeit prescription drugs and illegal steroids provided by the pharmacies, to IT security researchers who have uncovered some of the URLs as nothing more than identity theft and malware distribution fronts.

According to new figures published by anti-spam effort KnujOn — which has long focused its efforts on putting the heat on Web hosting companies who allow the pharmacies to do business, and on ICANN to better enforce it’s own rules in pursuing such law breakers — Bing search results currently produce reams of illegal pill-pushing ads.

Garth Bruen, KnujOn’s founder said that other search engines also generate large numbers of shady pharmaceutical ad results, but he said that Bing’s advertising programs are clearly being games by fraudsters.

Working with LegitScript, an clearinghouse effort focused solely on identifying and pursuing illegal pharmacies, KnujOn said that it found that a whopping 89.7 percent of Internet pharmacy advertisements on Bing.com are operating unlawfully.

Of the other 10.3 percent of sites, only about half could be verified as legitimate, while the other 50 percent remain unverified, according to the researchers.

Further, a majority of Internet pharmacy ads returned by Bing, and all ten of the sample ads that KnujOn investigated further, did not require a valid (or any) prescription to receive materials that legally require a doctor’s approval. In the two cases where researchers went through with a purchase from the sites, they said they received drugs that appeared to come from India, some of which tested positive as counterfeits.

In terms of their backing, many of the pharmacy sites reviewed by the researchers were found to be linked to affiliate networks controlled by organized crime in Russia and Eastern Europe.

In other cases, other Internet pharmacies have “hijacked” the domain names of legitimate companies in the space, making their ads appear as if they have been listed by a licensed, U.S. pharmacy, which of course they have not.

While recognizing that other search engines still struggle with the problem, KnujOn pointed out that their findings indicate “serious security holes” in Microsoft’s advertising program for Bing.

“We’re not “picking on” Microsoft — it’s just that this is the first in a series of reports, and we have to start somewhere,” Bruen said. “Microsoft has been made aware of some of these specific cases previously and has been sent a copy of this report. We have little internal knowledge of Microsoft’s Internet pharmacy verification policy and cannot comment on it. However, we have encouraged Microsoft to investigate how some of these Internet drug outlets were granted entrance into the Live.com/Bing.com advertising program.”

I’d bet it’s time for someone in Redmond to take their medicine.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.