Feds Shut Down Major Spam OperationFeds Shut Down Major Spam Operation
Herbal King gang sent billions of spam messages pushing prescription drugs and phony male-enhancement products
October 14, 2008

The Federal Trade Commission (FTC) today shuttered one of the world's largest spamming operations. The Herbal King gang, aka Affking, is responsible for billions of spam messages selling prescription drugs and phony male-enhancement products.
The spam ring sent spam messages offering generic versions of Levitra, Cialis, Propecia, Viagra, Lipitor, Celebrex, Zoloft, and other drugs, as well as an herbal "permanent" male-enhancement pill called VPXL, through hundreds of unsavory Websites, according to the FTC. The spammers pushed their spam runs via the Mega-D/Ozdok botnet and other botnets.
A U.S. district court in Illinois ordered the gang to halt its spam operations and has frozen the assets of New Zealand resident Lance Atkinson and Jody Smith of Texas, as well as the four companies they run, Inet Ventures Pty Ltd., Tango Pay Inc., Click Fusion Inc., and TwoBucks Trading Limited. The FTC complaint charges that Atkinson is liable for product claims by the operation, and Smith for claims about the pharmaceutical products.
The spammers falsely claimed to sell medications as a U.S. licensed pharmacy that sells FDA-approved generic drugs, but the drugs were shipped from India and are potentially unsafe, The spammers used the Mega-D/Ozdok botnet to peddle the penis-enlargement pills as well as replica luxury items, according to FTC filings, but the FTC did not say which other botnets the spammers employed. "This is related to Mega-D/Ozdok, but it isn't saying the botnet was shut down -- rather, the affiliate [spam] program Mega-D was spamming for was shut down," says Joe Stewart, director of malware research for SecureWorks. "They've moved to Canadian Pharmacy's affiliate program and are still spamming away." Mega-D is one of the largest spamming botnets, and at one time could send 10 billion spam messages a day. But even with the legal actions taken against the spammers both by the FTC and authorities in New Zealand, the botnets that pumped out the spam are still standing, security researchers say. "No botnet has been taken down. Instead, what has been shut down is a large business that uses the services of spammers to promote its products," says Phil Hay, lead threat analyst for Marshal's TRACE Team, which assisted in the investigation. Meanwhile, adding insult to injury, the spammers also claimed to provide secure connections for transactions on their Websites. The pharmacy sites did not actually encrypt sessions with SSL as they claimed, according to the FTC. Other groups that assisted in the Herbal King investigation include the New Zealand Department of Internal Affairs; the Australian Communications and Media Authority; the Federal Drug Administration, Office of Generic Drugs and Division of Pharmaceutical Analysis; the Chicago-based National Association of Boards of Pharmacy; CastleCops; and the FBI. Garth Bruen, creator of KnujOn, which fights email abuse and online fraud, says the shutdown of Herbal King is "awesome." "The feds are waking from their slumber," Bruen says. "CastleCops, Spamhaus and others have done remarkable work. It's been years in the making, [and] these VPXL sleazebags have been raking the money in." (See Amid Controversy, Outed Steroid Sites Still Online and Hundreds of Websites Outed for Illegally Selling Steroids.)
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication Methods
Oct 26, 2023Modern Supply Chain Security: Integrated, Interconnected, and Context-Driven
Nov 06, 2023How to Combat the Latest Cloud Security Threats
Nov 06, 2023Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and Phishing
Nov 01, 2023SecOps & DevSecOps in the Cloud
Nov 06, 2023