Its quite frustrating in light of the fact that, as Microsoft pointed out recently in their semi-annual report on Internet safety, 97% of the email on the Internet is spam, and HALF of that email is pharmaceutical spam. For someone to decide that its not worth investigating lifestyle drugs (by which they mean Viagra, Cialis, and other sexual-experience related drugs) as vigorously as we investigate "Controlled Substances" has lead to our current status on the Internet as a world flooded with absolutely uncontrolled drug spam.
Nevertheless, knowing that there is a two-tiered system of investigation related to pharmaceutical spam, we've all learned that the way to get action is to point out sites that are selling things that are on the Class I, Class II, Class III, or Class IV Controlled Substance List.
Side Note - if you are looking for a Computer Forensics Research program interested in making an impact on pharmaceutical spam, that has as partners in its "Computer Science/Justice Science Working Group" forensic criminologists with their own Gas Chromotography Mass Spectrometer (GS/MS), and faculty and grad students trained in its use, please look no further than the University of Alabama at Birmingham.
That's one of the two reasons why this new spam cluster is especially interesting to me. We have more than 1450 spam emails in the UAB Spam Data Mine during March and another 1,069 so far during April that contain the word "Hydrocodone" in either the body or the subject. The subject line in today's case actually says "Hydrocodone For You", and pointed to a pharmacy site here:
http://show-advanced-individual.com/
which leads with Hydrocodone, Vicodin, Phentermine, Ambien, Valium, and Levitra. They have quite a few alternate payment methods, but most notably they do NOT accept Visa or Mastercard:
By accepting electronic checks, direct bank transfers, and Western Union payments, these dealers in fake drugs can move their money even faster than they move their drugs. The world of money laundering possibilities opens wide once you get Visa and MasterCard off the option list. That should also make it pretty clear to the potential buyers. This vendor wants to move your money Quickly, Untraceably, and most importantly Irreversibly. They want to make sure they get your money NOW, even though you may (or may not) get your drugs later, and that even if you do NOT got your drugs, there is no way your going to get your money back, or even figure out where your money went.
This particular domain was registered on March 20th via XIN NET Technology.
The IP is at 116.125.56.218 - Hanaro telecom, Korea
This is not a new IP address to us at the UAB Spam Data Mine.
March 23 - 116.125.56.218 (1 spammed domain)
March 24 - 116.125.56.218 (13 spammed domains)
March 25 - 116.125.56.218 (16 spammed domains)
March 26 - 116.125.56.218 (50 spammed domains)
March 27 - 116.125.56.218 (42 spammed domains)
March 28 - 116.125.56.218 (42 spammed domains)
March 29 - 116.125.56.218 (42 spammed domains)
March 30 - 116.125.56.218 (64 spammed domains)
March 31 - 116.125.56.218 (75 spammed domains)
(I'll update those stats with April data once its been caught up...)
The Hotmail address in the whois data is = na506@hotmail.com
Two hundred other hyphenated domain names are on the same Hanaro IP address, according to DomainTools:
Approach-amazing-day.com
Approach-amazing-year.com
Approach-coming-human.com
Approach-delightful-2009.com
Approach-delightful-memory.com
Approach-delightful-species.com
Approach-emotive-creature.com
Approach-emotive-kind.com
Approach-fresh-month.com
Approach-hopeful-second.com
Approach-hot-blooded-2009.com
Approach-hot-blooded-year.com
Approach-new-2009.com
Approach-nice-2009.com
Approach-pretty-hour.com
Approach-touched-second.com
Approachamazinghour.com
Approachdelightfulhour.com
Approachhopeful2009.com
Approachmysteriousspecies.com
Approachprettyyear.com
Approachsucessfulcreature.com
Cherish-coming-creature.com
Cherish-eminent-species.com
Cherish-emotive-species.com
Cherish-fresh-day.com
Cherish-hot-blooded-minute.com
Cherish-hot-blooded-year.com
Cherish-mysterious-month.com
Cherish-nice-creature.com
Cherish-pretty-second.com
Cherish-sucessful-kind.com
Cherishamazingminute.com
Cherishcomingmemory.com
Cherisheminenthuman.com
Cherishemotive2009.com
Cherishemotivebeing.com
Cherishfreshbeing.com
Cherishhopefulhuman.com
Cherishmysteriouskind.com
Cherishprettysecond.com
Cherishsurprisingkind.com
Enjoy-beautiful-second.com
Enjoy-coming-month.com
Enjoy-delightful-species.com
Enjoy-eminent-human.com
Enjoy-exciting-month.com
Enjoy-hot-blooded-human.com
Enjoy-pretty-memory.com
Enjoyaffectingsecond.com
Enjoybeautifulsecond.com
Enjoydelightfulsecond.com
Enjoyfreshyear.com
Enjoyhot-bloodedmonth.com
Enjoyniceyear.com
Enjoysucessful2009.com
Feel-sucessful-day.com
Feel-sucessful-hour.com
Feel-surprising-second.com
Feelhopefulmemory.com
Feelhopefulminute.com
Feelsucessfulsecond.com
Feelsurprisingmemory.com
Greet-amazing-human.com
Greet-amazing-kind.com
Greet-delightful-species.com
Greet-delightful-year.com
Greet-fresh-creature.com
Greet-nice-creature.com
Greet-nice-memory.com
Greet-sucessful-being.com
Greetamazingmemory.com
Greeteminentsecond.com
Greethot-bloodedcreature.com
Greethot-bloodedkind.com
Greethot-bloodedmemory.com
Greetnewspecies.com
Guide-developping-block.com
Guide-developping-corporation.com
Guide-developping-urban-area.com
Guide-incorruptible-institution.com
Guide-upright-individual.com
Guide-well-behaved-street.com
Guidedeveloppingblock.com
Guidedeveloppingcompany.com
Guidedeveloppinglane.com
Guideincorruptiblesquare.com
Guideopenstreet.com
Guidereliableinstitution.com
Guidewell-behavedcountry.com
Guidewell-behavedurban-area.com
Meet-amazing-minute.com
Meet-exciting-kind.com
Meet-fresh-being.com
Meet-hot-blooded-minute.com
Meet-pretty-being.com
Meetamazingmonth.com
Meetamazingsecond.com
Meetcomingbeing.com
Meetcomingcreature.com
Meetdelightfulhour.com
Meetemotivecreature.com
Meetexciting2009.com
Meethot-bloodedbeing.com
Meetsucessfulcreature.com
Meetsucessfulday.com
Meetsurprisingcreature.com
Meetsurprisingsecond.com
Reveal-advanced-corporation.com
Reveal-advanced-lane.com
Reveal-advanced-street.com
Reveal-civilized-country.com
Reveal-civilized-urban-area.com
Reveal-clean-institution.com
Reveal-developping-lane.com
Reveal-educational-unit.com
Reveal-frugal-alley.com
Reveal-neat-entreprise.com
Reveal-neat-institution.com
Reveal-peaceful-country.com
Reveal-spiritual-lane.com
Reveal-spiritual-street.com
Reveal-upright-organization.com
Reveal-upright-street.com
Reveal-well-behaved-corporation.com
Reveal-well-behaved-urban-area.com
Revealadvancedcompany.com
Revealadvancedindividual.com
Revealadvancedunit.com
Revealcivilizedentreprise.com
Revealcivilizedindividual.com
Revealculturalcity.com
Revealculturalstreet.com
Revealculturalunit.com
Revealdeveloppingcity.com
Revealincorruptibleindividual.com
Revealpeacefulunit.com
Revealreliableinstitution.com
Revealspiritualblock.com
Revealspiritualdistrict.com
Revealspiritualentreprise.com
Revealspiritualurban-area.com
Share-affecting-year.com
Share-amazing-species.com
Share-amazing-year.com
Share-beautiful-species.com
Share-beautiful-year.com
Share-coming-year.com
Share-delightful-kind.com
Share-eminent-being.com
Share-eminent-hour.com
Share-emotive-being.com
Share-emotive-minute.com
Share-fresh-2009.com
Share-pretty-creature.com
Share-sucessful-human.com
Share-surprising-2009.com
Share-surprising-year.com
Share-touched-year.com
Shareaffectingcreature.com
Shareaffectingmemory.com
Sharehopefulmonth.com
Sharemysterious2009.com
Shareprettycreature.com
Sharesucessfulday.com
Sharesurprisingminute.com
Show-advanced-individual.com
Show-civilized-entreprise.com
Show-civilized-organization.com
Show-civilized-square.com
Show-clean-block.com
Show-educational-citizen.com
Show-educational-corporation.com
Show-harmonious-mechanism.com
Show-harmonious-organization.com
Show-neat-urban-area.com
Show-spiritual-block.com
Show-tidy-lane.com
Show-upright-urban-area.com
Showadvancedurban-area.com
Showcleanentreprise.com
Showincorruptiblecountry.com
Showpeacefulorganization.com
Showtidyorganization.com
Showwell-behavedsquare.com
Treat-affecting-being.com
Treat-amazing-2009.com
Treat-beautiful-creature.com
Treat-exciting-year.com
Treat-fresh-memory.com
Treat-hot-blooded-second.com
Treat-mysterious-minute.com
Treat-surprising-memory.com
Treat-touched-kind.com
Treat-touched-month.com
Treathopefulday.com
Treathot-bloodedhour.com
Treatsucessful2009.com
Uideharmoniousalley.com
Welove-supersale.com
Over the weekend, a new Hydrocodone cluster emerged, distinct from the one above.
The new cluster used the following domain names in more than 1500 emails just over the last weekend:
aoisiis.com
aposoos.com
apsppew.com
blotbump.com
blotcare.com
blotcool.com
bumpflow.com
bumpfold.com
candark.com
canword.com
celitrre.com
dealrise.com
debaiteo.com
domefast.com
domerests.com
dometake.com
esperros.com
fecioos.com
felippie.com
fullmage.com
fullmeed.com
fullmend.com
fullruse.com
kaiffelt.com
lungsse.com
macrsoku.com
maghiarr.com
mailldeo.com
maingive.com
maltfame.com
maltfire.com
maltflip.com
maltlike.com
maltmain.com
maltmalts.com
maltplay.com
malttall.com
malttilts.com
marnarq.com
masciake.com
naryneat.com
nowdark.com
nowwall.com
pionname.com
pionnary.com
pionpick.com
pionrise.com
pollsies.com
ppoleiw.com
qalsibbe.com
qaselict.com
realpin.com
riennsi.com
ropeww.com
rpeusw.com
spoeii.com
tehsui.com
wallmay.com
wallrise.com
wallsdeals.com
wesleos.com
wposlles.com
yehsuue.com
The new cluster looks like another Viagra site at first:
but scrolling down, we see it really is selling Hydrocodone and other Class II and Class III Controlled Substances:
As with the first cluster we mention, Visa and MasterCard are conspicuously missing from this site. It now accepts ONLY American Express:
Fortunately, they are concerned about the High Incidence of Fraud. 8-) Haha!
0 comments:
Post a Comment