Study Links Storm Botnet's Growth To Illegal Drugs 207
talkinsecurity writes "Researchers at IronPort today published a study which claims to have found the 'smoking gun' that links the rapid growth of the Storm botnet to spammers that sell prescription drugs illegally over the Internet. The study shows that more than 80 percent of Storm-generated spam is advertising online pharmacy brands, and further investigation showed that spam templates, credit card processing, product fulfillment and customer support are all being provided by a 'Russian criminal organization' that operates in conjunction with Storm. This criminal organization recruits botnet spamming partners to advertise their illegal pharmacy Websites, which receive a 40 percent commission on sales orders. IronPort went as far as to do pharmacological testing on the products, and found that two-thirds of the drugs contained the wrong dosage of the active ingredient, and the rest were placebos."
Re:Link provided goes to big Flash page (Score:3, Informative)
Admittedly it's annoying; in fact the first attempt to go there crashed my browser.
Fake. Not placebo. (Score:3, Informative)
So shop at Walmart (Score:4, Informative)
The real draw to these online pharmacies are the drugs like Viagra and Cialis which are not available in a generic formula. What drives these sales is not the cost it is the embarrassment. Men do not want to go ask the family doctor for E.D. meds they would rather risk going online, picking some up in Mexico or going without. Interestingly enough their Dentist buddy or their vet could just as easily write them a script for any of the above legally.
Re:There will always be suckers (Score:3, Informative)
Oh god, don't remind me. Up until about 3 years ago, I ran my own mail server (DSL, fixed IP, old PC). One of the things I did was enable SASL authentication for SMTP (which requires logging in with a username and password before outgoing mail will be accepted for relay). Within a matter of months, spammers around the world figured out that I had a live SMTP server running on port 25. SASL AUTH or not, more and more spammers kept hammering away trying (unsuccessfully) to relay. My router's NAT table started to periodically overflow (crashing the router's firmware), and the endless incoming requests effectively were like a constant denial of service attack.
In retrospect, I could have probably gotten away with changing the SMTP server to a different port, but I was so fed up with the experience I ended up leasing a dedicated server for $30/month... partly, because once I knew what to look for, I noticed that I was ALSO getting hit by a staggering number of incoming http requests for various exploit-related URIs. The exploits themselves didn't bother me (I was running Tomcat as a standalone server), but on more than a few occasions I was getting hit with more than a hundred bogus http requests per minute.
Once I had my ISP change my IP address to a new one, my throughput more or less tripled, because I was no longer being DOS'ed 24/7 by bots, spammers, and worms. I pity anyone who has to maintain a live web/mail server today. ~10 years ago (when I used to wear both admin and developer hats at work) keeping a Linux server running was no big deal, and any halfway intelligent developer could do a decent part-time job of it. It was analogous to private security guards trying to keep kids from skateboarding in downtown parking garages. Now, it's more like trying to safeguard a business from looting during a riot.
Re:It's True (Score:3, Informative)
Re:Prescription and danger (Score:4, Informative)
Link (Score:3, Informative)