Online companies use botnets to send email newsletters, exposing themselves to scammers

News by Dan Raywood

Legitimate pharmaceutical companies are using botnets to send out mailings, leaving potential customers to decide between genuine and spam messages.

Legitimate pharmaceutical companies are using botnets to send out mailings, leaving potential customers to decide between genuine and spam messages.

Bradley Anstis, director of technology strategy at Marshal8e6, claimed that pharmaceutical companies are using botnets to distribute information on available medication to potential customers. Meanwhile cybercriminals are using the same templates to steal money from unsuspecting recipients.

The publication of the TRACElabs report from Marshal8e6 revealed that pharmaceutical messages are now making up 75 per cent of all spam. Anstis revealed that Canadian Pharmaceutical, a company that Marshal8e6 has found to be linked with no fewer than eight spam botnets, offers generous commissions to other websites that successfully promote its products and has been able to generate profits in the order of U $150million.

Anstis said: “Canadian Pharmaceutical is selling the real thing and we have detected that they are using eight different botnets, they know that they can shift things this way, the same has been detected in India.

“The sort of people who typically buy from online pharmacies can be embarrassed to go to their GP and it is also a lot cheaper to organise. If you need drugs you need to get a prescription that needs to be processed, if you can go online it is much easier and it is anonymous.”

So does the company not realise that by using spambots their messages are often being spoofed by spammers, who use the same messages to scam unsuspecting users into giving their bank and credit card details?

“Canadian Pharmaceutical is taking a gamble by doing it this way, but the recipient has no idea of what they are doing. They could buy a mailing list but that would be very controlled, by doing it this way they can cast the net wide and become a worldwide name," said Anstis. 

“This problem is that the web is such a medium for business that telling the difference between a genuine message and a spam one sent from the same place is difficult. But the truth is any internet transaction requires a level of trust, look at ebay, that is similar to what this is as you give someone money and hope that they send you the product.”

The TRACElabs report revealed that with the use of the resources of millions of compromised, virus-infected personal computers worldwide; spammers can keep their costs low and their profits high.

Even with only two per cent of people responding to spam, these botnet operators can capture sufficient business to keep the whole spam machine churning out millions of messages an hour, eating into the bandwidth of every computer user on the planet.

To help protect themselves, Anstis recommended users speak to a bank or credit card provider to find out what sort of protection they offer.
“If you let them know who you are purchasing from they may be able to monitor the transaction to see whether it goes through, but they may know what you are buying. It is another way, but it is no silver bullet,” said Anstis.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews