Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/4/2010
02:29 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Report: U.S. Internet Registrars Continue To Host Phony Online Pharmacy

How a major fake online pharmacy out of Russia is able to continue selling drugs despite evidence of criminal operations

Not even a letter from a national pharmacy licensing board identifying a license on EvaPharmacy's Website as fake could pressure a handful of domain registrars -- some in the U.S. -- to cut off their paid services to the phony pharmacy, which sells drugs like Viagra and OxyContin without a prescription.

A new report, published today by Internet pharmacy verification organization LegitScript, gives the inside story on how Russia-based EvaPharmacy -- which until recently encompassed more than 8,000 online pharmacies -- has remained afloat for so long, despite efforts to expose its illegal activities. LegitScript and antifraud organization KnujOn during the past five months sent 16 domain registrars evidence that their services were being abused by phony pharmacies. The evidence included verifications that the sites' licenses were fake and screenshots demonstrating how the sites were selling prescription drugs -- without a prescription.

While that prompted 11 of the domain registrars to drop the rogue pharmacies from their services, the other five, Washington state-based eNom (DemandMedia), Utah-based UK2Gropu, Moniker (with locations in Florida, California, and Oregon), CentroHost, and Realtime Register, are still hosting some of these phony pharmacies, including EvaPharmacy, according to the report.

LegitScript says EvaPharmacy poses as a U.S. and Canada-based operation.

"The [fake online pharmacy] domains in question also have their WHOIS records concealed by a privacy service, a practice called 'material falsification,'" says Garth Bruen, president of KnujOn. Bruen says this could constitute a breach of eNom's contract with ICANN, which he says has yet to respond in "a meaningful way."

Even so, LegitScript and KnujOn declared victory in convincing the other 11 registrars, which included GoDaddy, Directi, and Network Solutions, to drop EvaPharmacy from their services.

Getting a domain registrar or ISP to drop a suspicious customer or online criminal operation traditionally hasn't been easy: For legal reasons, most registrars and ISPs are hesitant to cut off service to any customer. For example, it took a federal court order secured by Microsoft to require VeriSign to cut off 277 Internet .com domains that were serving as the connections between the now-defunct Waledac's command-and-control (C&C) servers and around 60,000 to 80,000 bots or infected machines it had recruited to spew its spam. Waledac -- considered the second-generation of the infamous Storm botnet -- is best-known for its online pharmacy, phony products, jobs, and penny stock spam scams.

The full report from LegitScript is available here (PDF) for download.

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Cloud Security Threats for 2021
Or Azarzar, CTO & Co-Founder of Lightspin,  12/3/2020
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Assessing Cybersecurity Risk in Todays Enterprises
Assessing Cybersecurity Risk in Todays Enterprises
COVID-19 has created a new IT paradigm in the enterprise and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-27772
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in coders/bmp.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned int`. This would most likely lead to an impact to application availability, but could po...
CVE-2020-27773
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/gem-private.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type `unsigned char` or division by zero. This would most likely lead to an impact to appli...
CVE-2020-28950
PUBLISHED: 2020-12-04
The installer of Kaspersky Anti-Ransomware Tool (KART) prior to KART 4.0 Patch C was vulnerable to a DLL hijacking attack that allowed an attacker to elevate privileges during installation process.
CVE-2020-27774
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/statistic.c. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of a too large shift for 64-bit type `ssize_t`. This would most likely lead to an impact to application availability, but co...
CVE-2020-27775
PUBLISHED: 2020-12-04
A flaw was found in ImageMagick in MagickCore/quantum.h. An attacker who submits a crafted file that is processed by ImageMagick could trigger undefined behavior in the form of values outside the range of type unsigned char. This would most likely lead to an impact to application availability, but c...