August 7th, 2009
Microsoft's Bing invaded by pharmaceutical scammers
Rogue online pharmacies have found a way to exploit Bing’s advertising program.
According to a recently released report by KnujOn and LegitScript, 90% of the Bing sponsored pharmacy ads were rogue ones, shipping counterfeit prescription drugs, with the bogus companies participating part of larger affiliate networks like this one analyzed last year.
The report also details a brand-jacking scheme allowing bogus advertisers the option to choose their own “Display URL” and a separate “Destination URL” for displaying their ads.
More findings:
- 89.7% of Internet pharmacy advertisements on bing.com that we reviewed are operating unlawfully. (Of the other 10.3%, about half are verified as legitimate, and half are “unverified” according to our standards.)
- The majority of Internet pharmacy ads, and all ten of the sample ads that we dissected, did not require a valid (or any) prescription. We successfully attempted a test buy in two cases, receiving drugs in both cases that appeared to come from India
- Some of the drugs sold via bing.com ads tested positive as counterfeit
- Most of the Internet pharmacy advertisements that we analyzed are members of affiliate networks controlled by organized crime in Russia and Eastern Europe
- In some cases, rogue Internet pharmacies have “hijacked” a legitimate Internet pharmacy’s domain name: the ad will look like it has been listed by a licensed, US-based pharmacy, but actually clicks-through to a rogue Internet pharmacy. This implies serious security holes in Microsoft’s advertising program
Despite that the research clearly demonstrates systematic abuse of a search engine that’s gaining momentum, it’s worth pointing out that these very same scammers are investing money in ads in between their main traffic acquisition tactic in their arsenal - blackhat SEO (search engine optimization) and spam.
On daily basis, hundreds of thousands of insecurely configured web servers become part of these campaigns, next to the systematic abuse of legitimate services such as Yahoo Groups, About.com forums, Scribd, SlideShare, LinkedIn, MyYearBook, and Digg — for starters. Collectively the traffic and sales that come from this abuse result in a positive return on investment for the scammers due to the efficient ways in which they abuse the services.
Say yes to your health, and don’t bargain with it.
Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog. See his full profile and disclosure of his industry affiliations.
Subscribe to Zero Day via Email alerts or RSS.
