Experts link flood of 'Canadian Pharmacy' spam to Russian botnet criminals

science at University of California at San Diego, who has studied botnet activity, says it’s difficult to know exactly what GlavMed is up to.

But “there is a great deal of spam for the 'Canadian Pharmacy' template, that is, the sites look the same, sent by different botnets” Savage notes this same template is also provided by GlavMed to its affiliates.

Savage adds that GlavMed could claim that its “templates were stolen and they aren’t behind it all.,” but there is strong circumstantial evidence linking them.

Some online groups, such as Spamtrackers, are keeping their own notes about "Canadian Pharmacy" and Glavmed, he points out. Opinions at Spamtrackers are severe, claiming fraud on several accounts and a connection to Russian cybercrime.

The "Canadian Pharmacy" spam started about four or five years ago, says Joe Stewart, director of security research at Atlanta-based firm SecureWorks. GlavMed does appear to be a spam sponsor and most of the spammers are Russians, he says.

GlavMed has come up with a “turn-key campaign” model for pushing fake meds that appears to be working, and because GlavMed doesn't appear to actually send the spam, “they put all the risk on the affiliates that are spamming — they distance themselves from crimes going on.” He adds it's uncertain if this type of spamming activity would even be considered illegitimate in Russia.

Spammers making hits with "Canadian Pharmacy" counterfeit drugs are usually paid by GlavMed via what’s called WebMoney, says Peterson.

WebMoney is an online payments system that also has offices in Russia and Eastern Europe, that can be described as “PayPal meets Western Union,” he says. WebMoney , owned by WM Transfer Ltd, offers payments in dollars, Russian rubles, Euros and other monetary units. “It’s probably also used for legitimate things as well as being attractive to criminals,” Peterson adds.

The U.S. Federal Trade Commission (FTC) has taken steps in the past to halt operations of international spam networks peddling prescription drugs and bogus male-enhancement products.

In October last year, the FTC participated in an international effort with New Zealand and Australian authorities and the FBI to shut down what was called the “Target Pharmacy” (and later “Canadian Healthcare”) operation that used botnet spamming to sell counterfeit meds that were shipped from India.

The FTC indicates it made undercover purchases from what it says was not a bona fide pharmacy, was never asked for a prescription, and found the drugs the agency investigators purchased were not approved by the Food & Drug Administration and were potentially unsafe.