Feds Shut Down Major Spam Operation

Herbal King gang sent billions of spam messages pushing prescription drugs and phony male-enhancement products

The Federal Trade Commission (FTC) today shuttered one of the world's largest spamming operations. The Herbal King gang, aka Affking, is responsible for billions of spam messages selling prescription drugs and phony male-enhancement products.

The spam ring sent spam messages offering generic versions of Levitra, Cialis, Propecia, Viagra, Lipitor, Celebrex, Zoloft, and other drugs, as well as an herbal "permanent" male-enhancement pill called VPXL, through hundreds of unsavory Websites, according to the FTC. The spammers pushed their spam runs via the Mega-D/Ozdok botnet and other botnets.

A U.S. district court in Illinois ordered the gang to halt its spam operations and has frozen the assets of New Zealand resident Lance Atkinson and Jody Smith of Texas, as well as the four companies they run, Inet Ventures Pty Ltd., Tango Pay Inc., Click Fusion Inc., and TwoBucks Trading Limited. The FTC complaint charges that Atkinson is liable for product claims by the operation, and Smith for claims about the pharmaceutical products.

The spammers falsely claimed to sell medications as a U.S. licensed pharmacy that sells FDA-approved generic drugs, but the drugs were shipped from India and are potentially unsafe,

Herbal King was ranked as the No. 1 spammer by Spamhaus, which listed India as the location of the ring's operations. It describes Herbal King as a "massive affiliate spam program for snakeoil body enhancement scams" that also sells pharmaceuticals, porn, and luxury items. It "spams via botnets, bulletproof hosting offshore and even uses fast flux hosting" according to Spamhaus.

The spammers used the Mega-D/Ozdok botnet to peddle the penis-enlargement pills as well as replica luxury items, according to FTC filings, but the FTC did not say which other botnets the spammers employed. "This is related to Mega-D/Ozdok, but it isn't saying the botnet was shut down -- rather, the affiliate [spam] program Mega-D was spamming for was shut down," says Joe Stewart, director of malware research for SecureWorks. "They've moved to Canadian Pharmacy's affiliate program and are still spamming away."

Mega-D is one of the largest spamming botnets, and at one time could send 10 billion spam messages a day.

But even with the legal actions taken against the spammers both by the FTC and authorities in New Zealand, the botnets that pumped out the spam are still standing, security researchers say. "No botnet has been taken down. Instead, what has been shut down is a large business that uses the services of spammers to promote its products," says Phil Hay, lead threat analyst for Marshal's TRACE Team, which assisted in the investigation.

Meanwhile, adding insult to injury, the spammers also claimed to provide secure connections for transactions on their Websites. The pharmacy sites did not actually encrypt sessions with SSL as they claimed, according to the FTC.

Other groups that assisted in the Herbal King investigation include the New Zealand Department of Internal Affairs; the Australian Communications and Media Authority; the Federal Drug Administration, Office of Generic Drugs and Division of Pharmaceutical Analysis; the Chicago-based National Association of Boards of Pharmacy; CastleCops; and the FBI.

Garth Bruen, creator of KnujOn, which fights email abuse and online fraud, says the shutdown of Herbal King is "awesome." "The feds are waking from their slumber," Bruen says. "CastleCops, Spamhaus and others have done remarkable work. It's been years in the making, [and] these VPXL sleazebags have been raking the money in." (See Amid Controversy, Outed Steroid Sites Still Online and Hundreds of Websites Outed for Illegally Selling Steroids.)

  • Federal Trade Commission
  • SecureWorks Inc.
  • Marshal Inc.