How a major fake online pharmacy out of Russia is able to continue selling drugs despite evidence of criminal operations

Dark Reading Staff, Dark Reading

May 5, 2010

2 Min Read

Not even a letter from a national pharmacy licensing board identifying a license on EvaPharmacy's Website as fake could pressure a handful of domain registrars -- some in the U.S. -- to cut off their paid services to the phony pharmacy, which sells drugs like Viagra and OxyContin without a prescription.

A new report, published today by Internet pharmacy verification organization LegitScript, gives the inside story on how Russia-based EvaPharmacy -- which until recently encompassed more than 8,000 online pharmacies -- has remained afloat for so long, despite efforts to expose its illegal activities. LegitScript and antifraud organization KnujOn during the past five months sent 16 domain registrars evidence that their services were being abused by phony pharmacies. The evidence included verifications that the sites' licenses were fake and screenshots demonstrating how the sites were selling prescription drugs -- without a prescription.

While that prompted 11 of the domain registrars to drop the rogue pharmacies from their services, the other five, Washington state-based eNom (DemandMedia), Utah-based UK2Gropu, Moniker (with locations in Florida, California, and Oregon), CentroHost, and Realtime Register, are still hosting some of these phony pharmacies, including EvaPharmacy, according to the report.

LegitScript says EvaPharmacy poses as a U.S. and Canada-based operation.

"The [fake online pharmacy] domains in question also have their WHOIS records concealed by a privacy service, a practice called 'material falsification,'" says Garth Bruen, president of KnujOn. Bruen says this could constitute a breach of eNom's contract with ICANN, which he says has yet to respond in "a meaningful way."

Even so, LegitScript and KnujOn declared victory in convincing the other 11 registrars, which included GoDaddy, Directi, and Network Solutions, to drop EvaPharmacy from their services.

Getting a domain registrar or ISP to drop a suspicious customer or online criminal operation traditionally hasn't been easy: For legal reasons, most registrars and ISPs are hesitant to cut off service to any customer. For example, it took a federal court order secured by Microsoft to require VeriSign to cut off 277 Internet .com domains that were serving as the connections between the now-defunct Waledac's command-and-control (C&C) servers and around 60,000 to 80,000 bots or infected machines it had recruited to spew its spam. Waledac -- considered the second-generation of the infamous Storm botnet -- is best-known for its online pharmacy, phony products, jobs, and penny stock spam scams.

The full report from LegitScript is available here (PDF) for download.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights