Herbal King gang sent billions of spam messages pushing prescription drugs and phony male-enhancement products

The Federal Trade Commission (FTC) today shuttered one of the world's largest spamming operations. The Herbal King gang, aka Affking, is responsible for billions of spam messages selling prescription drugs and phony male-enhancement products.

The spam ring sent spam messages offering generic versions of Levitra, Cialis, Propecia, Viagra, Lipitor, Celebrex, Zoloft, and other drugs, as well as an herbal "permanent" male-enhancement pill called VPXL, through hundreds of unsavory Websites, according to the FTC. The spammers pushed their spam runs via the Mega-D/Ozdok botnet and other botnets.

A U.S. district court in Illinois ordered the gang to halt its spam operations and has frozen the assets of New Zealand resident Lance Atkinson and Jody Smith of Texas, as well as the four companies they run, Inet Ventures Pty Ltd., Tango Pay Inc., Click Fusion Inc., and TwoBucks Trading Limited. The FTC complaint charges that Atkinson is liable for product claims by the operation, and Smith for claims about the pharmaceutical products.

The spammers falsely claimed to sell medications as a U.S. licensed pharmacy that sells FDA-approved generic drugs, but the drugs were shipped from India and are potentially unsafe,

The spammers used the Mega-D/Ozdok botnet to peddle the penis-enlargement pills as well as replica luxury items, according to FTC filings, but the FTC did not say which other botnets the spammers employed. "This is related to Mega-D/Ozdok, but it isn't saying the botnet was shut down -- rather, the affiliate [spam] program Mega-D was spamming for was shut down," says Joe Stewart, director of malware research for SecureWorks. "They've moved to Canadian Pharmacy's affiliate program and are still spamming away."

Mega-D is one of the largest spamming botnets, and at one time could send 10 billion spam messages a day.

But even with the legal actions taken against the spammers both by the FTC and authorities in New Zealand, the botnets that pumped out the spam are still standing, security researchers say. "No botnet has been taken down. Instead, what has been shut down is a large business that uses the services of spammers to promote its products," says Phil Hay, lead threat analyst for Marshal's TRACE Team, which assisted in the investigation.

Meanwhile, adding insult to injury, the spammers also claimed to provide secure connections for transactions on their Websites. The pharmacy sites did not actually encrypt sessions with SSL as they claimed, according to the FTC.

Other groups that assisted in the Herbal King investigation include the New Zealand Department of Internal Affairs; the Australian Communications and Media Authority; the Federal Drug Administration, Office of Generic Drugs and Division of Pharmaceutical Analysis; the Chicago-based National Association of Boards of Pharmacy; CastleCops; and the FBI.

Garth Bruen, creator of KnujOn, which fights email abuse and online fraud, says the shutdown of Herbal King is "awesome." "The feds are waking from their slumber," Bruen says. "CastleCops, Spamhaus and others have done remarkable work. It's been years in the making, [and] these VPXL sleazebags have been raking the money in." (See

Amid Controversy, Outed Steroid Sites Still Online and Hundreds of Websites Outed for Illegally Selling Steroids.)

About the Author(s)

Kelly Jackson Higgins, Editor-in-Chief, Dark Reading

Kelly Jackson Higgins is the Editor-in-Chief of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise Magazine, Virginia Business magazine, and other major media properties. Jackson Higgins was recently selected as one of the Top 10 Cybersecurity Journalists in the US, and named as one of Folio's 2019 Top Women in Media. She began her career as a sports writer in the Washington, DC metropolitan area, and earned her BA at William & Mary. Follow her on Twitter @kjhiggins.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights