Thursday, June 12, 2008
The LATimes reports on the amount of money that spammers who sell fake prescription drugs, including viagra (I am sure that you have seen some of the ads in your e-mail) and how such spam will only increase. There is no discussion of the potential health issue - the focus is on the creativity of the spammers in creating their business model. Joseph Menn writes,
Cyber-crime pays. But selling counterfeit drugs apparently pays better. Some of the world's most prolific spammers used to tout products for a few pennies per million e-mails or con consumers into forking over credit card information. But these groups have found that the most profit and growth potential lies in actually shipping the fake Viagra and other products they're hawking, according to a study scheduled for release today by a top security researcher.
For consumers, the evolution means that what had been an annoyance and a drag on productivity will get worse. The new commercial operations use the same combination of cutting-edge technology and best practices, including customer service and supply-chain management, that have brought riches to Amazon.com Inc. and Dell Inc. . . . .
In the study, Peterson links the Storm system to a Russian drug maker called GlavMed, which uses factories in India and China to churn out knockoffs of Viagra and other popular drugs. GlavMed didn't respond to an interview request. Cyber-criminals have learned not only how to outwit the computer-security industry, but how to become self-sustaining businesses with substantial budgets for researching and developing new ways to deliver their merchandise. . . .
Security firm MessageLabs Inc. estimates that spam already comprises three-quarters of all e-mail. And an estimated 1 in 6 Internet-connected personal computers has been infected by programs that turn them into zombie armies of spam-senders.
Organized crime is exploiting software flaws and human curiosity to increase those numbers. For example, Storm, which emerged last year, uses a wide range of tricks to get users to download it. Instead of including suspicious-looking attachments, Storm sends e-mail with links to fake holiday cards and YouTube videos. When visited, those websites look for security holes in the computer user's Web browser and other programs. If they don't find those holes, they ask the user to download a purported video player or other software that infects his or her machine with the Trojan horse. To make the e-mails more enticing, Storm uses headings related to current events, such as the winter storm in Europe that inspired researchers to give the enterprise its name. . . .
About 80% of that spam now touts drugs from such websites as MyCanadianPharmacy.com, which Peterson estimates takes in $150 million each year. Most of those who place orders will get pills from Mumbai, India, or Shanghai that contain 100% to 110% of the advertised dose of the active ingredient. Exactly who is in charge of Storm remains a mystery. The few arrests and limited improvements in anti-virus software might have taught the remaining practitioners whom and what to avoid.
Just like the overuse of antibiotics can produce more resistant strains of human viruses, Peterson said, "We've generated these super-gangs in Eastern Europe that have moved way outside the jurisdiction of any law enforcement. They have created a criminal ecosystem that completely isolates them from the security community."