|Pharma-fraud escalates dramatically|
|Sunday, 17 May 2009 15:22|
When I was at Webroot Software in Boulder, Colorado there was a clever criminal who managed to acquire the domain name spysweeper.com. He created a site that looked like it was selling Webroot’s anti-spyware product, Spysweeper, but was just a way to steal credit card and banking info. Going to the site would lead you to an order form that asked for your address, phone numbers, credit card, bank account, even your birthday. Why bother selling an actual product online when you can just trick people into giving up their identity?
This week I had an interesting conversation with eSoft, another Colorado security company. eSoft is fast becoming one of the top research groups in the area of web security. They use one of the most effective ways to research URL’s and thus provide up to the minute threat assessments. They gather information from the UTM devices they have deployed around the world to identify new sites and then evaluate them using various automated techniques. The 10% of sites that do not succumb to automated analysis are passed on to eSoft’s research team that does an in depth analysis of the new site. When a category or a threat is determined they push the URL back out to their clients as well as the many OEM partners that use their database for their own content filtering solutions.
eSoft has determined that there has been a major spike in fraudulent pharmacy sites just this past week. Much like the fake SpySweeper site these pharma-fraud sites present a convincing storefront that appears to sell Viagra and Cialis. They have a sophisticated shopping cart system and take your money but do not bother with actually fulfilling orders.
eSoft provided me with data on seven different templates they have discovered. The quantity is amazing. In four days last week they detected:
That is 543 of these sites per day over four days — and only for these seven templates.
The other major outfit is Rx Partners/Rx-Commission Networks/ Stimul Cash and they have websites:
Here are some recent (last 4 days) examples of these sites:
Here are some sites they have learned to detect with some new techniques they have developed but have not yet dug into to determine ownership, etc.
Development System Examples
eSoft says this is just the tip of the iceberg. Some major effort is being put into developing these fraudulent sites. I wonder what is next? Fraudulent pornography and online gaming sites? Fraudulent Father’s Day gift sites? The possibilities are endless.
The bank merchant card services are going to have to start monitoring the activity of their merchants to catch these. Of course, if the Russian Mafia is involved expect to see these stolen credit cards used in so called carding schemes where counterfeit credit cards are manufactured using the data collected from these sites. End users will have to be very careful when using their credit cards to purchase anything. The threats to ecommerce are escalating.
Thanks and kudos to eSoft’s research team for providing me with all this data.
Post from: ThreatChaos
Listen to this week's
For bulk orders send me an email