Since that time, M86, a very well-known internet security company, has written a followup report [available here] which makes it clear not only based on that report but also on M86's own statistical analysis of ongoing spam trends, that Glavmed / Spamit and their by-now extremely well known "Canadian Pharmacy" brand are easily the #1 affiliate group for criminal spammers, occupying 60-70% of all spam sent anywhere in the world today.
M86 also draws connections between spam promoting Glavmed / Spamit products and virtually every single known botnet presently operating.
Prior to this, in July 2009, at a Cisco event in Thailand [details here] a report was presented by Navneet Singh, a Product Manager for Ironport, entitled "HTTP, Browsers And Web 2.0 -- A Criminal's Dream" [pdf], in which Spamit's name specifically can be related to:
- Glavmed (and this is important, since Glavmed repeatedly deny any connection whatsoever.)
- SQL injection attacks against public web servers for the purposes of redirecting to "Canadian Pharmacy" websites
- Connections between Storm Worm infections and the spamming of "Canadian Pharmacy" websites
- Yet another assertion that "Canadian Pharmacy" represents the majority of criminal spam in the world today.
They also offer some insight into how both Spamit and Glavmed's affiliate programs work, and how much money can be made as an affiliate of either group.
These reports are some of the most meticulously compiled evidence so far regarding Spamit and Glavmed, and especially damning since one of them now makes a very clear case that they are the same organization.
More and more security operations are starting to pay more attention to this story, which may indicate that more pressure will eventually be brought to bear against this group.
As I come across further evidence I will of course post it here.
SiL / IKS / concerned citizen
