- 1 Description
- 2 False Claims
- 3 History
- 4 Sample spams
- 5 Sample sites and registrars sponsoring them
- 6 How to Report this Spam
- 7 Sponsor Organization
- 8 Related spam operations
- 9 Further Reading
Description[edit | edit source]
This purports to be a US licensed pharmacy.
However, it is widely believed to be a credit card theft scam - fronted by a fake pharmacy retailer.
US DRUGS: ROKSO listed #1 most wanted Cyber criminal Alex Polyakov's site, used for identity theft and credit card theft. If any product ever gets delivered, it has been found to contain placebos (sugar pills).
The whole site is full of lies.
False Claims[edit | edit source]
US Drugs displays a fake license, LICENSE NO 03161490 from the Minnesota Board of Pharmacy. No such license exists when you look it up online.
- The web sites run on criminally hijacked servers.
- Their name servers run on other criminally hijacked servers.
- Link to FDA is a fake. There is no such listing.
- Link to Verisign is fake, the site is not secure.
- The website is not Verified by Visa.
- Minnesota Board of Pharmacy License is faked.
- The ordering transaction is not secure.
WARNING: Placing an order on this site is giving your full credit card details to the Internet's worst criminal. If you have made that mistake, cancel your credit card immediately.
The license can be viewed online at the site's front page at the "View License File" link. Later, the site switched to a license issued out of Texas, which is also a fake, in fact, the link to display it fails.
The license link on the site, links back to the same site, and displays a certificate supposedly issued by the State of Minnesota's "Minnesota board of pharmacy" (sic). The image shown here has the same site name as the fake pharmacy site in the address bar.
Proof of fake license[edit | edit source]
The actual Minnesota Board of Pharmacy has stated clearly that the license on the US Drugs site is a fake, and pointed out all of the discrepancies in it.
Comment from the Minnesota Board of Pharmacy:
We are very much aware of this issue. It has been an ongoing issue for over a year. I have turned over information to our state's attorney general office and have had conversations with FDA investigators. The problem, as you are probably aware, is that it appears that whoever is behind this is operating outside the United States. The fake "license" shows clear indications that it is not valid. There are misspellings, sentences run together, Board of Pharmacy is not capitalized. Anyone who did some comparison shopping would also find that the websites charge several times more for drugs than legitimate websites. For example, tramdol sells for $0.64 on Walgreens.com but $2.17 on bestusdrugs.com. I will consider putting a statement on our website. Not sure what good it will do because I have a hunch that many people who actually try to purchase drugs from these websites already know they aren't legitimate - and don't care. As long as there are people willing to respond to spam that they know is illegimate, the spammers will keep operating. Cody Wiberg, Pharm.D., R.Ph. Executive Director Minnesota Board of Pharmacy
Further information is found at the LegitScript report
Fake registration[edit | edit source]
Like other Yambo family sites, US Drugs uses identity theft to register its sites. Victims whose personal information has been used to register one of these sites should follow the steps outlined here.
History[edit | edit source]
- Hijacked name servers
- Hijacked web sites
- Hijacked image servers
- All use the same name servers
- Name servers are typically 4 in number, and are registered with a subset of registrars
- Up to 24 new sites are registered and spamvertized every day
- Hijacked sites use identical proxy servers to redirect DNS and http requests to back-end servers
- Hijacked sites have a firewall setting to prevent access from specific addresses such as FBI and Visa
Sample spams[edit | edit source]
Buy Must Have medications at Canada based pharmacy. No prescription at all! Same quality! Save your money, buy pills immediately! http://bwnqms.abdolverit.com/?aeijmqcdidfu
Subject: No fraud anymore! Dear Customer, Unfortunately, I am writing to warn you - warn you about the poor quality of the meds sold on the Web. Please, be more careful while choosing where to get your drugs from, because the wrong choice can be dangerous both for your health and your life. So far I found only one USA Web pharmacy that offers generic drugs of really good quality. It is USDrugs. It has been operating at the American medication market for quite a long time and managed to make a good name for itself. If you don't mind, I will keep on informing you about the Web pharmacies that don't cheat their clientele. Sincerely yours, Dr Johnson.
Dear valued member! We are writing to inform you about the result of the recent research concerning the quality of the drugs sold on the Internet. Not all the meds offered in numerous Web pharmacies are as qualitative as you might wish them to be. According to the results of the official research made by our Association only one (USDrugs) out of 46 online drugstores analyzed offers drugs of true generic quality. Hope that you’ve found the information provided in the letter useful. Please click here for more information. With Best Regards, Phillip Newsome USDrugs B.V.
Sample sites and registrars sponsoring them[edit | edit source]
BIZCN.COM, INC.[edit | edit source]
HTTP.NET INTERNET GMBH[edit | edit source]
NETLYNX, INC.[edit | edit source]
PSI-USA, INC. DBA DOMAIN ROBOT[edit | edit source]
R01-RU[edit | edit source]
TODAYNIC.COM, INC.[edit | edit source]
How to Report this Spam[edit | edit source]
The Complainterator is configured to report this spam to the registrars. It performs a "whois" lookup on the domain names used by the name servers that resolve access to the web site. It discovers the registrars that are sponsoring the access to the web site. It prepares a complaint to the sponsoring registrars.
web site domains
- the registrar needs to set the status of the domain to
name server domains
- the registrar needs to set the status of each of the name server domains to
In addition, to remove them as name servers, the subdomain address records (eg for ns1 and ns2) need to be changed to a non-routable address, such as 0.0.0.0 or a blackhole address within their own address space.
Sponsor Organization[edit | edit source]
Related spam operations[edit | edit source]