Swine flu fears making millionaires out of Russian hackers

Filed Under: Data loss, Malware, Social networks, Spam

As the number of reported swine flu cases climbs, it's time a strong message was sent out against buying Tamiflu over the internet.

Research published by Sophos exposes the profit model of the Russian cybercriminals making millions of pounds from counterfeit medicines, including Tamiflu.

An online pharmacy selling Tamiflu

Panic-induced stockpiling by individuals who aren't officially classified as being at risk of contracting swine flu, and therefore anxious they won't receive Tamiflu from the NHS, will not only line cybercriminals' pockets with millions of pounds in cash but also grant them access to sensitive personal data to be used for other crimes.

You can learn more about how these underground web affiliates, which form networks called the Partnerka, profit from online sales of drugs such as Tamiflu in a whitepaper published today by Sophos entitled "The Partnerka - what is it, and why should you care?" [PDF]

Spam message promoting Tamiflu on a pharmacy website

Working inside an organised criminal network alongside the businesses running online pharmacies, the Partnerka generate traffic to those sites for an agreed share of the profit. Many of these pharmaceutical sites brand themselves as "Canadian Pharmacy" in order to appear as a more trusted website to unsuspecting internet users.

This year, Sophos has intercepted hundreds of millions of fake pharmaceutical spam adverts and fake pharmaceutical websites, promoted by affiliate members. Working day and night, thousands of affiliates use criminal methods including spam, adware and malware to drive as much traffic to their partners' stores as possible, which then sell high-profit illegal goods as part of a multi-million dollar industry.

Tamiflu pharmacy website

The top five countries purchasing various drugs from the Canadian Pharmacy, and thus unwittingly assisting additional criminal activity, are:

1. United States
2. Germany
3. United Kingdom
4. Canada
5. France

Although the precise number of affiliates is ever-changing, it is projected that there are thousands in operation at any one time. Sophos's research has discovered that on one of the more popular affiliate networks operated out of Russia, it is possible to earn an average of $16,000 a day promoting pharmaceutical websites - totalling $5.8 million a year. But the criminals can be members of more than one affiliate network, and some have boasted of earning more than $100,000 per day.

Pharmacy website claiming to sell Tamiflu

Sophos is warning that concerns about the severity of swine flu, which has led to more than 6,500 deaths worldwide and may reach as high as 40,000 before the end of pandemic, has the potential to drive even greater volume of traffic and total sales to Partnerka websites.

The worrying trend of stockpiling Tamiflu has already been seen in Britain. Not only did large corporations come under fire for stockpiling Tamiflu this summer, Sophos further uncovered that this July, when concerns that global Tamiflu production were falling behind schedule, there was a 1400% increase in UK internet searches for Tamiflu.

The worry is that there's a very good chance that the swine flu pandemic has not yet hit its peak, and that more people might rush to the internet and unwittingly pass cash and personal details to Partnerka affiliates.

Affiliate banner

The business model for exploiting online purchases is fairly simple.

Once someone searches online for Tamiflu and other medicines, they are directed to online pharmacies to purchase a generic and very possibly counterfeit version of the drug. What most people don't know is that cybercriminals have often manipulated internet search engine results to drive as much online traffic as possible to these sites. Furthermore they bombard innocent users with adverts via spam email sent from hijacked botnet computers and hacked social networking accounts.

Pharmacy spam

Profits can range between 20% - 40% for each of the parties involved, depending on who has the upper hand in the relationship. Although unwitting buyers do often receive some kind of drug as result of the transactional exchange, at best the drug doesn't work and at worse it can pose serious health risks.

As more and more cases of swine flu in the UK come to light, it is essential that we all resist the panic-induced temptation to purchase Tamiflu online.

The criminal gangs working behind the scenes at fake internet pharmacies are putting their customers' health, personal information and credit card details at risk. They have no problem breaking the law to promote these websites, so you can be sure they'll have no qualms in exploiting your confidential data or selling you medications which may put your life in danger. If you think you need medication contact your real doctor, and stay away from quacks on the internet.

Learn more about how the Partnerka profits from online drug sales in Sophos's whitepaper: "The Partnerka - what is it, and why should you care?" [PDF]

, , , ,

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.