US Drugs

From Spamwiki
Jump to: navigation, search

Description

USD2.jpg

This purports to be a US licensed pharmacy.

However, it is widely believed to be a credit card theft scam - fronted by a fake pharmacy retailer.

Learn more about this criminal gang's operations at the Spamhater web site.

US DRUGS: ROKSO listed #1 most wanted Cyber criminal Alex Polyakov's site, used for identity theft and credit card theft. If any product ever gets delivered, it has been found to contain placebos (sugar pills).

The whole site is full of lies.


False Claims

US Drugs displays a fake license, LICENSE NO 03161490 from the Minnesota Board of Pharmacy. No such license exists when you look it up online.

  • The web sites run on criminally hijacked servers.
  • Their name servers run on other criminally hijacked servers.
  • Link to FDA is a fake. There is no such listing.
  • Link to Verisign is fake, the site is not secure.
  • The website is not Verified by Visa.
  • Minnesota Board of Pharmacy License is faked.
  • The ordering transaction is not secure.
USDrugs trailer.jpg

WARNING: Placing an order on this site is giving your full credit card details to the Internet's worst criminal. If you have made that mistake, cancel your credit card immediately.

The license can be viewed online at the site's front page at the "View License File" link. Later, the site switched to a license issued out of Texas, which is also a fake, in fact, the link to display it fails.

The license link on the site, links back to the same site, and displays a certificate supposedly issued by the State of Minnesota's "Minnesota board of pharmacy" (sic). The image shown here has the same site name as the fake pharmacy site in the address bar.


Proof of fake license

USDrugs license.jpg

The actual Minnesota Board of Pharmacy has stated clearly that the license on the US Drugs site is a fake, and pointed out all of the discrepancies in it.

Comment from the Minnesota Board of Pharmacy:

We are very much aware of this issue. It has been an ongoing
issue for over a year. I have turned over information to our
state's attorney general office and have had conversations 
with FDA investigators. The problem, as you are probably aware,
is that it appears that whoever is behind this is operating 
outside the United States.

The fake "license" shows clear indications that it is not valid. There
are misspellings, sentences run together, Board of Pharmacy is not
capitalized.

Anyone who did some comparison shopping would also find that the
websites charge several times more for drugs than legitimate websites.
For example, tramdol sells for $0.64 on Walgreens.com but $2.17 on
bestusdrugs.com.

I will consider putting a statement on our website. Not sure what good
it will do because I have a hunch that many people who actually try to
purchase drugs from these websites already know they aren't legitimate -
and don't care. As long as there are people willing to respond to spam
that they know is illegimate, the spammers will keep operating.

Cody Wiberg, Pharm.D., R.Ph.
Executive Director
Minnesota Board of Pharmacy

Further information is found at the LegitScript report

Fake registration

Like other Yambo family sites, US Drugs uses identity theft to register its sites. Victims whose personal information has been used to register one of these sites should follow the steps outlined here.

History

US Drugs runs hand-in-hand with My Canadian Pharmacy, International Legal RX, and VIP Pharmacy, sharing the same methodology:

  • Hijacked name servers
  • Hijacked web sites
  • Hijacked image servers
  • All use the same name servers
  • Name servers are typically 4 in number, and are registered with a subset of registrars
  • Up to 24 new sites are registered and spamvertized every day
  • Hijacked sites use identical proxy servers to redirect DNS and http requests to back-end servers
  • Hijacked sites have a firewall setting to prevent access from specific addresses such as FBI and Visa

Sample spams

Buy Must Have medications at Canada based pharmacy.
No prescription at all! Same quality!
Save your money, buy pills immediately!

http://bwnqms.abdolverit.com/?aeijmqcdidfu
Subject: No fraud anymore!

Dear Customer,

Unfortunately, I am writing to warn you - warn you about the poor quality of the meds sold on the Web.
Please, be more careful while choosing where to get your drugs from, because the wrong choice can be
dangerous both for your health and your life.

So far I found only one USA Web pharmacy that offers generic drugs of really good quality. It is USDrugs.
It has been operating at the American medication market for quite a long time and managed to make
a good name for itself.

If you don't mind, I will keep on informing you about the Web pharmacies that don't cheat their clientele.

Sincerely yours, Dr Johnson.
Dear valued member!

We are writing to inform you about the result of the recent research concerning the quality of the drugs sold on the Internet.

Not all the meds offered in numerous Web pharmacies are as qualitative as you might wish them to be.
According to the results of the official research made by our Association only one (USDrugs) out of
46 online drugstores analyzed offers drugs of true generic quality.

Hope that you’ve found the information provided in the letter useful.

Please click here for more information.

With Best Regards, Phillip Newsome
USDrugs B.V.

Sample sites and registrars sponsoring them

BIZCN.COM, INC.

pharcms.com

HTTP.NET INTERNET GMBH

salepillshighest.com

NETLYNX, INC.

myrxgenerics.com
streetinsidertab.in

PSI-USA, INC. DBA DOMAIN ROBOT

rxcareproducts.com

TODAYNIC.COM, INC.

getaprescriptiononline.org

How to Report this Spam

The Complainterator is configured to report this spam to the registrars. It performs a "whois" lookup on the domain names used by the name servers that resolve access to the web site. It discovers the registrars that are sponsoring the access to the web site. It prepares a complaint to the sponsoring registrars.

Removal instructions

web site domains
- the registrar needs to set the status of the domain to

  • clientHold
  • clientUpdateProhibited
  • clientDeleteProhibited
  • clientTransferProhibited

name server domains
- the registrar needs to set the status of each of the name server domains to

  • clientHold
  • clientUpdateProhibited
  • clientDeleteProhibited
  • clientTransferProhibited

In addition, to remove them as name servers, the subdomain address records (eg for ns1 and ns2) need to be changed to a non-routable address, such as 0.0.0.0 or a blackhole address within their own address space.

Bulker.biz is the sponsor organization behind this type of site. They pay spammers to promote it, and they don't shut down illegal spammers.

Related spam operations

See: Bulker.biz

Further Reading