Since that time, M86, a very well-known internet security company, has written a followup report [available here] which makes it clear not only based on that report but also on M86's own statistical analysis of ongoing spam trends, that Glavmed / Spamit and their by-now extremely well known "Canadian Pharmacy" brand are easily the #1 affiliate group for criminal spammers, occupying 60-70% of all spam sent anywhere in the world today.
M86 also draws connections between spam promoting Glavmed / Spamit products and virtually every single known botnet presently operating.
Prior to this, in July 2009, at a Cisco event in Thailand [details here] a report was presented by Navneet Singh, a Product Manager for Ironport, entitled "HTTP, Browsers And Web 2.0 -- A Criminal's Dream" [pdf], in which Spamit's name specifically can be related to:
- Glavmed (and this is important, since Glavmed repeatedly deny any connection whatsoever.)
- SQL injection attacks against public web servers for the purposes of redirecting to "Canadian Pharmacy" websites
- Connections between Storm Worm infections and the spamming of "Canadian Pharmacy" websites
- Yet another assertion that "Canadian Pharmacy" represents the majority of criminal spam in the world today.
They also offer some insight into how both Spamit and Glavmed's affiliate programs work, and how much money can be made as an affiliate of either group.
These reports are some of the most meticulously compiled evidence so far regarding Spamit and Glavmed, and especially damning since one of them now makes a very clear case that they are the same organization.
More and more security operations are starting to pay more attention to this story, which may indicate that more pressure will eventually be brought to bear against this group.
As I come across further evidence I will of course post it here.
SiL / IKS / concerned citizen
Think politics. Spamit.com is a job for both sides of cybercrime, it makes money for the security and white hats and on the other hand it makes money for the criminals and hackers.
ReplyDeleteNiether side really wants it to stop. Money is a strong motive when buisnesses are involved.
More over as a security savy person(unite member) in my view it is only easy targets who get hit by botnets and spam will always be there even if there was a succesfull effort to beat spamit.com there is no real enforcment or resource management that could prevent the next spamit.com, and certain parties might have an interest to have something like spamit.com working.
Security vendors do not aim to eliminate all malware and do not aim to make decisive blows with enough impact to hurt their income. People need to be either hurt by viruses or see a lot of spam do buy a security product and most do not even care about malware, it is geek stuff.