 Pages: « 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 » : All |
 Author |
 Pharmacy express (currently 13,223 views) |
| MarkGiles |
| Posted on: Monday, November 27th, 2006, 3:52pm |
 |
|
Posts: 363
|
rx555 is no longer accessible. Its name servers can not resolve it
25.0% of queries will end in failure at 121.36.124.62 (ns0.hertunjinkdastion.com) - nameserver loop detected (XIN Net)
25.0% of queries will end in failure at 61.31.214.78 (ns0.vckionldesunjas.com) - query timed out (Beijing Innovative Linkage Technology)
50.0% of queries will end in failure at 203.86.5.34 (ns0.vckionldesunjas.com) - query timed out
For more details see the Site Advisor
http://siteadvisor.com/sites/rx555.com |
|
|
|
 |
Reply: 135 - 181 |
|
|
| MarkGiles |
| Posted on: Tuesday, November 28th, 2006, 2:58am |
|
|
Posts: 363
|
Dammit, the sucker is back. He moved one of the nameservers to another address
Nameserver 1 = ns0.vckionldesunjas.com [61.163.200.186] Working
Nameserver 2 = ns0.hertunjinkdastion.com [121.36.124.62] Timeout
The site that rx555.com is running on is the same as the first nameserver, 61.163.200.186 |
|
|
|
|
Reply: 136 - 181 |
|
|
| MarkGiles |
| Posted on: Wednesday, November 29th, 2006, 5:27am |
|
|
Posts: 363
|
And then again, today, they are both timing out.
Die, sucker, die.
----------
If this is bullet-proof, it's shot full of holes! |
|
|
|
|
Reply: 137 - 181 |
|
|
| spamannoyed |
| Posted on: Wednesday, November 29th, 2006, 1:00pm |
|
|
Posts: 3
|
i am in no way computer literate, but I am a victim of these spam emails.
I have read through the forums about Pharmacy Express and My Canadian Pharmacy, but i have become confused by recent posts claiming that they are NOT the same company. The website banner states 'Pharmacy Express' and the pharmacy checker window offers the company address (fake) as My Canadian Pharmacy. The 'registered' name of the company is quite simply Pharmacy.
So are they the same or not?
Just recieved another one, but i'm not sure how to access the information to find out who the server is to report them to. Pretty much a quiet day (so far) as i've only received 8 so far.
Also, could someone answer me this. By clicking on the emails link, will i receive even more spam?
Is it safer to copy and paste into explorer?
Sorry for being niave, but if I have to learn these things to stop spam, then so be it. |
|
|
|
|
Reply: 138 - 181 |
|
|
| spamannoyed |
| Posted on: Wednesday, November 29th, 2006, 1:50pm |
|
|
Posts: 3
|
I've just taken the link from the latest spam and put it in DNSstuff.com under WHOIS lookup. I'm not sure if this is of any use, but which part should i be looking at to find out who to email? Further searches with this information show that the actual email addresses blocked out are xxeqwe@hotmail.com.
Am I getting anywhere or just shooting in the dark?
Domain Name.......... neruijinkadesunhafun.com
Creation Date........ 2006-11-23 18:31:38
Registration Date.... 2006-11-23 18:31:38
Expiry Date.......... 2007-11-23 18:31:38
Organisation Name.... Bai Ming
Organisation Address. Bei Jing
Organisation Address.
Organisation Address. Bei Jing
Organisation Address. 100021
Organisation Address. BJ
Organisation Address. CN
Admin Name........... Bai Ming
Admin Address........ Bei Jing
Admin Address........
Admin Address........ Bei Jing
Admin Address........ 100021
Admin Address........ BJ
Admin Address........ CN
Admin Email.......... ******@hotmail.com
Admin Phone.......... +86.1076885548
Admin Fax............ +86.1076885548
Tech Name............ Bai Ming
Tech Address......... Bei Jing
Tech Address.........
Tech Address......... Bei Jing
Tech Address......... 100021
Tech Address......... BJ
Tech Address......... CN
Tech Email........... ******@hotmail.com
Tech Phone........... +86.1076885548
Tech Fax............. +86.1076885548
Bill Name............ Bai Ming
Bill Address......... Bei Jing
Bill Address.........
Bill Address......... Bei Jing
Bill Address......... 100021
Bill Address......... BJ
Bill Address......... CN
Bill Email........... ******@hotmail.com
Bill Phone........... +86.1076885548
Bill Fax............. +86.1076885548
Name Server.......... ns0.hertunjinkdastion.com
Name Server.......... ns0.vckionldesunjas.com
|
|
|
|
|
Reply: 139 - 181 |
|
|
| Ryan |
| Posted on: Wednesday, November 29th, 2006, 2:03pm |
|
|
Spam Fighter 
Posts: 76
|
Hi spamannoyed,
Forget about e-mailing them, the hotmail addresses are randomly-generated addresses that have a 3-month time to live...
If you really want to stop these guys, you need to attack them by cutting off the nameservers and domains. We did this when they were registered with us, and that killed them for a while, but it looks like they have set up camp elsewhere.
You need to contact:
1) the registrar of the domain: file a false whois records complaint, and cite the domain for spam. An ICANN accredited registrar must act if the whois info is fake (looks fake to me). If a registrar has an anti-spam policy, then this can also help you cut off their site.
Their current registrar is:
Registrar: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
Referral URL: http://www.dns.com.cn
Which is bad. This registrar has 96.10% of all its registered active spamming nameservers still listed as of today (meaning, they don't care if they register spammers).
2) the web host (I don't know who this is off hand)...
In the event that their spamming activities is against the host sales contract,
Replying directly to a spam e-mail, or any address related to it is the best way to get **more** spam...  |
A computer once beat me at chess, but it was no match for me at kick boxing.
-- Emo Philips |
|
|
|
 |
Reply: 140 - 181 |
|
|
| spamannoyed |
| Posted on: Wednesday, November 29th, 2006, 3:00pm |
|
|
Posts: 3
|
Thanks for your very speedy reply Ryan. You advice is greatly appreciated.
Meanwhile i have contacted a police force and the Trading Standards Agency as we are fortunate in the UK to have had a few laws passed this year, which means they have more power to take action against these criminals.
The trading standards are quite interested in the 'pharmacutical' goods that this company (claims) to offer as they are looking to make an example of someone who offers counterfeit medicines.
Unfortunatley, as long as mugs, sorry, people, actually buy from these sites, then the criminals will always have a reason to be there.
Surely it's more embarrassing complaining to a stranger in a call centre that your credit card has been wrongly used for fraudelaunt purchases and then explaining how the criminals got your details rather than getting a prescription from your GP for 'down there' problems?
Maybe thats why Visa don't think/care that its a problem as not many of the victims contact them to admit how stupid/naive that they have been. |
|
|
|
|
Reply: 141 - 181 |
|
|
| MarkGiles |
| Posted on: Wednesday, November 29th, 2006, 7:48pm |
|
|
Posts: 363
|
Here are pharmacy scam sites attributed to Leo Kuvayev, Spamhaus #2 on the top 10 list of spammers
Pharmacy Express
Health Suite
ED Choice
Finest RX
Here are pharmacy and fake watch sites attributed to Alex Poyakov, Spamhaus #1
My Canadian Pharmacy
International Legal RX
US Drugs / American Pharmacy
Canadian Health&Care
Mortgage / Finance
HGH Life
Hoodia Life
Exquisite Replicas (fake watches)
Caviar
Those lists are not exhaustive.
The records for these two lowlifes is at spamhaus
http://www.spamhaus.org/statistics/spammers.lasso |
|
|
|
|
Reply: 142 - 181 |
|
|
| spamislame |
| Posted on: Wednesday, November 29th, 2006, 9:45pm |
|
|
Posts: 66
|
The website banner states 'Pharmacy Express' and the pharmacy checker window offers the company address (fake) as My Canadian Pharmacy. The 'registered' name of the company is quite simply Pharmacy.
So are they the same or not? |
From an operational and functional standpoint: no.
In terms of where the money trail appears to lead: no.
My Canadian Pharmacy (and the dozens of other sites related to it including US Drugs, International Legal RX, etc.) are part of the Yambo Financials spam gang. There is ample evidence of this, all documented at Spamhaus.
Yambo usually means: Alex Polyakov, but it's a group of indeterminate size. Those sites are alleged to be fronts for credit card and identity theft. Nobody has ever received any actual product after placing an order on these sites.
Their URLs are fairly distinct in nature and are almost always a ".info" domain. They're also shorter in length than the ones for Pharmacy Express. Their "order processing" is extremely non-distinct and offers no confirmation info, even for genuine, legitimate orders.
Pharmacy Express is known to be operated by Leo Kuvayev, part of the Pavka/Artovit gang. These sites apparently do actually ship their (illegal, fake) pharmaceuticals after orders are placed, and there is a highly sophisticated order tracking system behind these sites. The domains which are spamvertised for these sites are identical in naming convention to those being used as command and control of the recently-discovered spamthru bot virus. (aka warezov)
This first link draws the distinct comparison between the two:
http://www.f-secure.com/weblog/archives/archive-112006.html#00001018
The rest are essentially monitoring new variants:
http://www.f-secure.com/weblog/archives/archive-112006.html#00001029
http://www.f-secure.com/weblog/archives/archive-112006.html#00001027
If you've seen Pharmacy Express domains lately, the format of those urls should be recognizable.
So yes: they are different and distinct from a number of different viewpoints.
Recently we've seen some odd behavior in that some urls are spamvertised which either redirect to a US Drugs site, or act like a Pharmacy Express site. This is interesting in that it may mean: they're both from the same place. Or: it could mean that Yambo and BadCow are joining forces.
Just recieved another one, but i'm not sure how to access the information to find out who the server is to report them to. Pretty much a quiet day (so far) as i've only received 8 so far. |
They have been pretty slow lately. I am seeing a lot more for Man-XL sites. Besides stocks that's about it.
Reporting them: they never give a working email address at any point. Not on the sites themselves, not in the domain registration, not in the DNS server registration.
You can report the DNS servers to the appropriate registrars (search on any of the postings by Mark Giles on this forum, he outlines the process in great detail.) That so far does eventually work.
Also, could someone answer me this. By clicking on the emails link, will i receive even more spam? |
Nothing makes any difference. Not clicking on any link doesn't decrease it.  I've clicked on almost every single link for the past eight months and I saw no difference whatsoever. The only ones I would ever alter are those with tracking subdomains. EDChoice is the most recent example of that feature. Removing the subdomain presents a so-called "opt out" page (which - guess what? - doesn't work.)
Is it safer to copy and paste into explorer? |
Wait, what? You just said "Explorer" and "safer" in the same sentence. 
I would never recommend anyone EVER use Explorer. If an exploit is one day run on any of these sites: Explorer will run it. Period. Use FireFox. I can't stress that enough. MUCH safer browser.
And no: copying and pasting has absolutely no effect on the resulting url's operation.
Sorry for being niave, but if I have to learn these things to stop spam, then so be it. |
Understood.
You definitely should stop using IE if you plan on investigating any of this stuff.
Sorry to go on but you did ask for whether they were different and that's not easy to answer briefly.
SiL |
|
|
|
|
Reply: 143 - 181 |
|
|
| Ryan |
| Posted on: Wednesday, November 29th, 2006, 11:46pm |
|
|
Spam Fighter
Posts: 76
|
I would never recommend anyone EVER use Explorer. If an exploit is one day run on any of these sites: Explorer will run it. Period. Use FireFox. I can't stress that enough. MUCH safer browser.
|
Double that!
Get this now: http://www.mozilla.com/en-US/firefox/
I will go one step further: get a Mac! (the new generation will let you install Window$ as well...so you can keep your XP apps)
I use the 3 major OS (Mac, Linux, and to reproduce client error messages, Window$), and I can tell you that the first two are without any question the safest (for various technical and social reasons).
Spamislame is totally correct: nobody has *any* business using Internet Explorer these days.
|
A computer once beat me at chess, but it was no match for me at kick boxing.
-- Emo Philips |
|
|
|
| |
Reply: 144 - 181 |
|
|
| conolan |
| Posted on: Thursday, December 7th, 2006, 3:05am |
|
|
Posts: 1
|
| I'm forwarding my pharmacy express emails to askvisausa@visa.com. Pharmacy Express say they take Visa only. Can we lean on Visa and get thme to stop providing merchant services? |
|
|
|
|
Reply: 145 - 181 |
|
|
| spamislame |
| Posted on: Monday, December 11th, 2006, 10:33am |
|
|
Posts: 66
|
I'm forwarding my pharmacy express emails to askvisausa@visa.com. Pharmacy Express say they take Visa only. Can we lean on Visa and get thme to stop providing merchant services? |
I have been attempting to do just that since May of this year. I receive no response whatsoever. The more immediate problem is finding out who is actually processing their orders for them. Since that all occurs on the back end only, we may never know.
Credit card companies always market themselves as "looking out for consumers" when it comes to fraud or personal data. In reality I notice that they never respond to ANY complaint regarding illegal or fraudulent activity on these sites. I'll never understand that.
If you have any better luck, post about it here.
SiL |
|
|
|
|
Reply: 146 - 181 |
|
|
| phrodude |
| Posted on: Thursday, December 14th, 2006, 2:28pm |
|
|
Posts: 2
|
A question that I was wondering about?
Can't we/someone just spam the spamers? We know who 'they' are, Leo Kuvayev and co. I'm sure there is a way to get their own email addresses as I'm sure this problem does affect some people who are capable of finding them...
|
|
|
|
|
Reply: 147 - 181 |
|
|
| Ryan |
| Posted on: Thursday, December 14th, 2006, 3:40pm |
|
|
Spam Fighter
Posts: 76
|
Sure, one can spam them, and indeed it is not difficult to get one of their real e-mail addresses. However that is not really a solution, because it does not provide an incentive for them to change their behavior.
It is like a parent yelling at a kid to stop yelling...What does the kid learn, but that he who yells loudest and longest wins...
Spammers will be stopped when that activity is no longer rewarded by suckers who 'purchase' the products, when it is made illegal to do so in every corner of the globe, when the trustee authorities and registrars come together with a clear objective to block such activity, when all web hosts or contacts of registered servers are held liable for the spamming activity that willingly condone, and when it is easier to pursue spammers legally across international borders.
There are some problems though: free speech (and what that means to various countries and how it influences their laws), free markets, capitalist forces (ethics vs. greed), human nature, slow market evolution, conflicting cultural and international regulatory aims regarding domain name registration rules, technological barriers, different laws and systems of government between states and nations, the windows operating system. 
We just have to take it one step at a time, and across international borders (though pretty much all the spam originates in the United States: http://www.spamhaus.org/statistics/countries.lasso )
|
A computer once beat me at chess, but it was no match for me at kick boxing.
-- Emo Philips |
|
|
|
| |
Reply: 148 - 181 |
|
|
| MarkGiles |
| Posted on: Thursday, December 14th, 2006, 3:40pm |
|
|
Posts: 363
|
Shutting down their bizzniss has more effect.
Anyone can defeat a spam attack by
1. change email address and let just your friends know
2. effective filters |
|
|
|
|
Reply: 149 - 181 |
|
Pages: « 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13 » : All |
Logged
Locked Board