Description[edit | edit source]
|International Legal RX Medications is one of the spam "brands" promoted on behalf of the sponsor known as Bulker.biz. It was formerly associated with
Alex Polyakov and Yambo Financials but those entities are less tangible than the actual sponsor, who is known to be actively promoting this site. All share certain identifying characteristics; for example, they are hosted on the same hijacked servers. Other members of this spam family include My Canadian Pharmacy, US Drugs, VIP Pharmacy ("Viagra + Cialis"), Men Health, and Canadian Health&Care Mall.
Discussion[edit | edit source]
You may follow the discussion of this spam here.
Sample Spams[edit | edit source]
Dear Customer, We bet that either you or your friends have at least once been disappointed by the quality of the medication purchased on the Web. Everyone knows that selling generic drugs is never as paying as selling fake. Time to stop it! LegalRXmedications offers 100% generic drugs at a really low price - the price that definitely turn out to be a surprise for you! We are looking for short-time profits because all we care about is your satisfaction! Sincerely yours, LegalRXmedications!
Vi.a.g.r.a - > $2.07(Achi:eve more se.x.u.a.l activ:ity) C.i.a.l.i.s - > $2.78(Tre:at agai:nst impo:tence) S.o.m.a - > $1.52(Pa:in Kil:ler) L.e.v.i.t.r.a - >$2.67)Ha:rder erect:ions) (domain deleted by spamtracker admin)
Evidence of fraud[edit | edit source]
False claims[edit | edit source]
See criminal record for "Alex Polyakov" at Spamhaus.org's Registry of Known Spam Operations (ROKSO) link Alex Polyakov
- Link to BBB is a fake. No such listing. Better Business Bureau publicly disavows them.
- Link to Best Pharma site award is fiction.
- Verisign secure? It is not.
- Link to Verisign is a fake.
(Verisign states that the link is only valid if 1. The URL of the pop-up window is https:seal.verisign.com/. (It is not)
- Verified by Visa? No.
- Has no license to sell pharmaceuticals, despite the claims.
- Fake pharmacy license
A search for the license number 04192537 displayed on the license ( http://www.pharmacy.ca.gov/online/verify_lic.shtml ) proves that it does not exist:
Search Results for Pharmacies
This information is updated Monday through Friday - Last updated: APR-04-2014
To see all the information for a licensee, click on the highlighted name. This will also include disciplinary actions if any are present.
No records returned
False headquarters locations[edit | edit source]
The website includes photos of their purported headquarters buildings
However the second and third pictures and addresses are fakes.
The first picture is of a building housing a Data Center at 600 W 7th St, Los Angeles
The second picture is actually the Radisson Hotel at LAX airport, 6225 West Century Blvd, Los Angeles, CA 90045, United States
The third picture is not located in India. It is actually a building extension located in the Netherlands. They have added a logo using PhotoShop.
Sample sites[edit | edit source]
- healthcarepill.com registered with PSI-USA, INC. DBA DOMAIN ROBOT (InterNetX, Germany)
- internationallegalrxmedications.com registered with Todaynic
Hijacked Servers[edit | edit source]
HISTORICAL INFORMATION - NO LONGER APPLICABLE
Like other Yambo sites, this one used the tirqd Unix infection to hijack servers for hosting the websites, their images, and their nameservers. A given hijacked machine may be serving images to all sites in the Yambo family at one time:
- International Legal Rx Medications:
- My Canadian Pharmacy:
- Men+ Health:
- Canadian Healthcare and Mall:
- VIP Pharmacy ("Viagra + Cialis"):
- US Drugs:
Similarly, the servers used to host the website and nameservers for Yambo sites are swapped around among sites during their frequent changes.
Domain Registration Information[edit | edit source]
While ILRx and other Yambo sites formerly used known false aliases and addresses to register their domains (e.g., "Paul Gregoire"), of late they have taken to identity theft. By using real victims' personal information, it is more time consuming for registrars processing thousands of new registrations to spot the Yambo domains.
In at least some instances, a victim's financial information was also stolen to pay for the registration. Anyone who finds their personal information used in the registration information of a spam website should take several steps:
- Check the "whois" information for details such as the registrar of the site and the date of registration. There are many sites on the internet that provide that information, such as Who.is , Namespace, or Internic. Type in the domain name to get the registration whois information. If contact information for the registrar is not included, check the list of ICANN accredited registrars
- Contact the registrar to have the site suspended. Ask for information about how the registration was paid for. (The registrar may need written documentation of your identity to release the latter information, but if your address in the registration is current, you may be able to convince the registrar to mail it there.)
- Check statements for any of your credit cards and debit cards for unidentified charges around the date of registration. They will be fairly small charges. It doesn't matter how small: once your credit or debit card numbers are in the hands of spammers, the card needs to be cancelled immediately.
- Request a credit report from one of the credit reporting bureaus. You do not have to pay to obtain a report in a case of identity theft. Recheck several months later. Consider placing a fraud alert on your account to make it more difficult for someone with your personal information to apply for new credit cards.
- Attempt to identify the means the spammer used to obtain your information. It may have been from public information such as telephone or real estate listings. But there is the possibility that you or someone you know has a computer virus that is sending the spammer information from computer address books or that is collecting information being typed into banking websites.
How to Report this Spam[edit | edit source]
Sponsor Organization[edit | edit source]
Related spam operations[edit | edit source]