Tuesday, September 1, 2009

SpamIt Criminal Evidence: An introduction.

Hello and welcome to my third blog documenting evidence specifically regarding Spamit.com / Spamit.ru / Spamit.biz, and of course their renowned properties:

  • Canadian Pharmacy
  • Canadian Healthcare

Here are some links to further reading regarding each of these items:

Spamtrackers Wiki: Spamit
Spamtrackers Wiki: Canadian Pharmacy

Canadian Healthcare was a relatively recent addition to their spammable properties, as such there needs to be a new entry for the Spamit version of this, since "Canadian Healthcare" was previously a SanCash or Affking property from 2007 through 2008.

Today's evidence, which I fully expect to keep amassing over the next weeks and months until the ISP's hosting these sites wake up and patch their apache installs, is a series of hacked public websites which Spamit operatives have chosen to hijack and use within their spam campaigns:

http://assistbc.co.nz/ntaqc.html
http://193.86.3.170/~lattner/k.html
http://przetwornice.cp5.win.pl/safemodifypils.html?oHNhw
http://www.zipzapnet.com.br/safemodifypils.html
http://abambae.com.br/safemodifypils.html

In each of those cases, an exploit has been run against each of those domains to allow the upload of one single HTML file which is then used in a widespread spamming campaign to promote the well-known Canadian Pharmacy website.

Here are where each of these are redirecting us, respectively:

http://qajtogap.cn/
http://guzjacix.cn/
http://railhill.com/
http://markvary.com/
http://aceamong.com/

Canadian Pharmacy is, of course, one great big lie. It is not Canadian, it's not hosted in Canada (sites are registered and hosted in China), the pills you buy from it are not from Canada (they're from India, made in a substandard and illicit factory) and the owners and operators are not from Canada (they're from Russia or Ukraine) nor do they reside or operate businesses within Canada.

Each of those domains is hosted on what is known as a "fast flux" botnet platform. Each of the ip addresses the domains resolve to are known to be infected with some form of trojan which allows the sites to be hosted whether the computer owner is aware of this or not.

For each of the ".cn" domains, there is no contact information posted within the WHOIS record. This is a violation of ICANN registrar regulations regarding the appropriate registration of any domain name.

For each of the ".com" addresses, there is contact information, however it is provably fake. This is a further violation of ICANN registrar regulations regarding the appropriate registration of any domain name.

This posting's evidence:

1) Hacking of computers they do not own, and never have owned.
2) Lying throughout their sites
3) Selling dangerous pairings of pharmaceuticals which can have severe health effects for consumers.
4) Using maliciously infected home users' computers to provide them with "free" hosting for each of their domains.
5) Each of their domains are registered either using no contact information, or using fake contact information.

Each of these on their own are a serious offense. All of them together is willful misconduct and a serious danger to the public.

Don't buy products from these criminals. They are lying to you, and you are funding criminal activity.

Spamit must fall!

SiL / IKS / concerned citizen.

4 comments:

  1. Malicious hacking for the purposes of posting the rogue websites to market potentially-lethal counterfeit drugs is one (or more) set of issues -- which is to say nothing of all the illegal actions behind the attacks upon third-party mail servers and the public's in-boxes. I worked for a company with gigabit ethernet, one machine on which was infected with one of Spamit's trojans, and it was pumping Canadian Pharmacy spam at a furious rate to everyone on the network until one of our network engineers put a filter in place on our exchange server -- but even then, everyone in the infected machine's address-book (our customers and vendors among them) continued to be victimized.

    ReplyDelete
  2. SiL, I'd be happy to provide You with:

    -full info and bio on who runs Spamit/Glavmed. Bio's, names, adresses, company names,phone numbers, etc, translations on all info published on that group in Russia by Russian newspapers (dozens and dozens of publications),info how every affiliate member has been cheated in Spamit/Glavmed and much more of what can not be said here before You get it.

    All Your questions will be answered.

    Drop me an email please at:
    despduck@gmail.com

    ReplyDelete
  3. Microsoft just give a shit about conficker.
    I have all the evidence here that Mario Fiege wrote the conficker.
    Nobody was intressted to see the proof.
    This guy is a child fucker , he have a 15 year old girlfriend since 2 years.They life like husband and wife. the philippinen goverment also gives a shit about that.Maybe he earn that much with his email spam that he can pay all that crok's.

    ReplyDelete
  4. rolf: you never provided me a means of contacting you, and I have changed the commenting process for this blog, which I neglected to secure. If you care to comment again, I will not publish it. I will instead be notified. Please consider contacting me to provide further information.

    SiL

    ReplyDelete