Internet pharmacies identified as acting illegally

The other day there was a disturbing report  that found that nearly 90 percent of all pharmacy ads appearing on Bing’s sponsored search engine results were illegal pharmacies … Yikes! … well most of us already know that “Sponsored Results” are not to be trusted …

I certainly don’t think Bing is the only one at fault here … since the FBI states – “More than 80,000 “portal” websites currently sell ad space for these medications and link to one of more than 1,400 “anchor” websites that allow customers to place orders through illegal pharmacies“.

The full report is here … (.pdf) and in that report “klikadvertising” is mentioned … these culprits are also involved in many of the Fraudware Antispyware scams currently on the Internet. Anyway LegitScript also released their Top 10 so I thought I’d check them out and possibly add those to the HOSTS file. Now I have no intension of adding all these illegal pharmacy sites as there are just too many, and nothing malicious happens when you visit these sites.

The best way I feel to protect users is to add their payment sites to the HOSTS file … at least that way it would protect users from making ill-advised purchases … or worse … just imagine what’s in those counterfeit drugs! I started visiting these sites and found my own disturbing trend which was not mentioned in any of the articles … (see below)


Image edited for display purposes

The above site is listed as one of the Top 10 (above) … when you click the “Next step” …


Image edited for display purposes

 As you can see you are redirected to “rx-secure.com” via a certain certificate … I’m not even going to comment.

 Visiting another of the above mentioned Top 10 which is described as “The website claims to sell drugs from Canada, but the authors submitted an order, and received counterfeit Cialis, without a prescription from India.” If you read the full report LegitScript put a lot of time and effort into their finding. Going so far as to actually purchase products and have them tested …


Image edited for display purposes

 Another certificate from the same source as above and a Truste icon … ouch!

Again we see a redirect from “expressdelivery.biz” to “secure.mymedcenter.net”

== Server Certificate ==========
[Subject]
  CN=secure.mymedcenter.net, OU=Comodo EV SGC SSL, O=RX Corp, STREET=3155 Hickory Hill Rd, L=Memphis, S=TN, PostalCode=38115, C=US, OID.2.5.4.15=”V1.0, Clause 5.(b)”, OID.1.3.6.1.4.1.311.60.2.1.2=Tennessee, OID.1.3.6.1.4.1.311.60.2.1.3=US, SERIALNUMBER=0582044

[Issuer]
  CN=COMODO EV SGC CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

[Serial Number]
  00FD665970D8D5E8D59EE06A23F621AAF5

Now to be fair I also found a Verisign certificate for “seal.buysafe.com” … so please don’t nag me about I’m picking on one vendor …

== Server Certificate ==========
[Subject]
  CN=seal.buysafe.com, OU=Terms of use at www.verisign.com/rpa (c)05, OU=buySAFE IT, O=buySAFE Inc, L=Arlington, S=Virginia, C=US

[Issuer]
  OU=www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign, OU=VeriSign International Server CA – Class 3, OU=”VeriSign, Inc.”, O=VeriSign Trust Network

[Serial Number]
  2AAA3F4A7F8054FA9DD70D7AAA5650BF

You can view a very short video LegitScript posted on YouTube for expressdelivery.biz … there are several others as well … I also found another site that contains “illegal pharmacies identified by the FDA, HealthPricer and other official bodies”

First on their list was “allpills.net” which redirects to “canadian-drugshop.com” which redirects to … “rx-secure.com”

== Server Certificate ==========
[Subject]
  CN=rx-secure.com, OU=Comodo InstantSSL, O=Pharmos Limited, STREET=Leningradsky prospekt 143-26, L=MOSCOW, S=MSK, PostalCode=149501, C=RU

[Issuer]
  CN=UTN-USERFirst-Hardware, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

[Serial Number]
  00A84B9E3913DFC8BE5D7355B8EEFD59CE

Seems canadian-drugshop.com is hosted on the same IP block as several other scam sites … most using “rx-secure.com” as their “check out” payment service.

# [Moskvacom][AS2118][195.95.155.0 – 195.95.155.255] (Google Diagnostic report for AS2118)
127.0.0.1  canadian-drugs-shop.com
127.0.0.1  www.canadian-drugshop.com
127.0.0.1  canadian-healthcare-shop.com #[ScamFraudAlert.Pharmacy]
127.0.0.1  canadian-pharmacy-store.com
127.0.0.1  edmedsnow.com
127.0.0.1  hqedpills.com
127.0.0.1  mens-medication.com #[Spamdexing]
127.0.0.1  official-canadian.com
127.0.0.1  professional-meds-online.com #[ScamFraudAlert.Pharmacy]
127.0.0.1  rx-top.com
127.0.0.1  shopedmedsonline.com

Many of the other sites HealthPricer listed no longer exist …

Hopefully these certificate issuers and Truste will take a better look into the activities of the sites that were mentioned … after all illegal activities are illegal!



Comments are closed.