Concerted international effort on fake pharmacies

A compendium of news related to spammers, spam arrests, spam legislation, forum spamming, cybercrime and related issues.

Concerted international effort on fake pharmacies

Postby Red Dwarf » Tue Oct 04, 2011 2:43 pm

There has long been a call for a coordinated effort across national and international boundaries to deal effectively with cyber-crime. September saw a realization that this could be achieved. The Interpol press release in the following link is well worth reading.

Ref http://www.interpol.int/News-and-media/ ... 2011/PR081
29 September 2011 - Media release
Global operation strikes at online supply of illegal and counterfeit medicines worldwide

Operation Pangea IV (20-27 September)

A combination of police, customs and national regulatory agencies with support from Internet Service Providers (ISPs), payment systems providers and delivery services has resulted in an international crackdown on fake pharmacies.

It was coordinated by INTERPOL, the World Customs Organization (WCO), the Permanent Forum of International Pharmaceutical crime (PFIPC), the Heads of Medicines Agencies Working Group of Enforcement Officers (HMA WGEO), the Pharmaceutical Security Industry (PSI) and the electronic payments industry.

Other links
The BBC http://www.bbc.co.uk/news/uk-northern-ireland-15109004
Over 80 countries took part in Operation Pangea IV which saw £5m of drugs recovered worldwide and 13,000 websites closed down.

The Register (UK) http://www.theregister.co.uk/2011/09/30 ... addresses/
Over 2.4 million potentially harmful counterfeit pills, worth about £4m, were seized in raids between 20 and 27 of September, Interpol said. Confiscated medicines included everything from diet pills to anti-cancer drugs

Belfast Telegrah http://www.belfasttelegraph.co.uk/news/ ... 57118.html
A major crackdown in Northern Ireland has resulted in the seizure of £150,000 worth of counterfeit drugs which had been sold over the internet

National Post http://www.belfasttelegraph.co.uk/news/ ... 57118.html
The criminals sell the potentially hazardous products through legitimate-looking pharmacy websites run from Russia with their IT infrastructure routed through China to try to evade detection
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10518
Joined: Tue Jun 27, 2006 2:01 am

Re: Concerted international effort on fake pharmacies

Postby spamislame » Tue Oct 04, 2011 3:27 pm

This is huge news!

I'm spreading the word. Seeing this kind of careful, strategic coordination is really inspiring.

Well done. :silthumb:

SiL
User avatar
spamislame
Site Admin
 
Posts: 5057
Joined: Tue May 09, 2006 9:18 am

Re: Concerted international effort on fake pharmacies

Postby Red Dwarf » Tue Oct 04, 2011 5:32 pm

It is called Pangea ("entire Earth") because that is the name given to the theoretical union of all continents into one land mass
http://en.wikipedia.org/wiki/Pangaea

It is called Operation Pangea IV because this is number four in a series of similar operations conducted by Interpol. This and the three earlier operations are detailed at
http://www.interpol.int/Crime-areas/Pha ... ion-Pangea

They each took place in the latter half of 2008, 2009, 2010 and now 2011
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10518
Joined: Tue Jun 27, 2006 2:01 am

Re: Concerted international effort on fake pharmacies

Postby Red Dwarf » Sat Oct 08, 2011 3:43 pm

The after-shocks continue from this operation.

Many spams use redirections to the "target" or landing pages on pharmacy scams. That's to avoid Internet blacklists that track domain names found in spams. However, there is currently a high failure rate in this process as the coordinated effort continue.

Take an example - pillsbu.com
There are many Russian redirectors to this site; one example is medichemr.ru
Domain Name: PILLSBU.COM registered in Pakistan with registrar: PAKNIC (PRIVATE) LIMITED
Status: ok
Updated Date: 06-oct-2011
Creation Date: 08-sep-2011
From the status it is clear that this registrar has taken no effective action to suspend this fraud pharmacy. (Pharmacy Express).

Registrant details from a look-up in whois:
Sergey Zaharcev moradenmark@yahoo.com
Olimpiyskaya str. 7-30
Cherepovec, Cherepovec 672103
RU
Phone: 1.73531827217 Ext:

Hosting IP address: 222.187.220.250
The hosting ISP is in China
CHINANET jiangsu province network
China Telecom
A12,Xin-Jie-Kou-Wai Street
Beijing 100088

Name servers are registerd in the Ukraine and in Russia
NS1.KNDDNS.COM.UA [222.187.220.250]
NS2.DNSMX.RU [94.63.149.237]
The first name server is hosted at the same address as the web site, and the second is in Romania
SC CORAL IT OFFICE SRL
Calea Vitan Nr. 4, Bl. 161
Sector 3, Bucuresti
RO
Email: admin@xnetworkin.com

However, at this moment, around the world only about half the attempts to load this site result in failure.

Summary:
To counter this fraud, Interpol needs to have cooperation from operatives in Pakistan, Russia, the Ukraine, China and Romania. All of these operatives are being abused, and until they take action to prevent the abuse, they are contributing to the problem by sponsoring the crime.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10518
Joined: Tue Jun 27, 2006 2:01 am

Re: Concerted international effort on fake pharmacies

Postby Red Dwarf » Sat Oct 08, 2011 4:12 pm

Access to the IP address (94.63.149.237) in Romania times out from many geographies, in the upstream router in Germany at
xe-6-1-0.buc10.ip4.tinet.net (89.149.184.166)
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10518
Joined: Tue Jun 27, 2006 2:01 am

Re: Concerted international effort on fake pharmacies

Postby spamislame » Fri Oct 14, 2011 11:19 am

In a related story, UK domain registrar Nominet shuttered 13,000 domains used for fake pharmacy spamming:

http://www.allspammedup.com/2011/10/reg ... 0-domains/

Good times.

SiL
User avatar
spamislame
Site Admin
 
Posts: 5057
Joined: Tue May 09, 2006 9:18 am


Return to Spam In The News

Who is online

Users browsing this forum: No registered users and 1 guest

cron