The after-shocks continue from this operation.
Many spams use redirections to the "target" or landing pages on pharmacy scams. That's to avoid Internet blacklists that track domain names found in spams. However, there is currently a high failure rate in this process as the coordinated effort continue.
Take an example -
pillsbu.comThere are many Russian redirectors to this site; one example is medichemr.ru
Domain Name: PILLSBU.COM registered in Pakistan with registrar: PAKNIC (PRIVATE) LIMITED
Status: ok
Updated Date: 06-oct-2011
Creation Date: 08-sep-2011
From the status it is clear that this registrar has taken no effective action to suspend this fraud pharmacy.
(Pharmacy Express).Registrant details from a look-up in whois:
Sergey Zaharcev
[email protected] Olimpiyskaya str. 7-30
Cherepovec, Cherepovec 672103
RU
Phone: 1.73531827217 Ext:
Hosting IP address: 222.187.220.250
The hosting ISP is in China
CHINANET jiangsu province network
China Telecom
A12,Xin-Jie-Kou-Wai Street
Beijing 100088
Name servers are registerd in the Ukraine and in Russia
NS1.KNDDNS.COM.UA [222.187.220.250]
NS2.DNSMX.RU [94.63.149.237]
The first name server is hosted at the same address as the web site, and the second is in Romania
SC CORAL IT OFFICE SRL
Calea Vitan Nr. 4, Bl. 161
Sector 3, Bucuresti
RO
Email:
[email protected]However, at this moment, around the world only about half the attempts to load this site result in failure.
Summary:To counter this fraud, Interpol needs to have cooperation from operatives in Pakistan, Russia, the Ukraine, China and Romania. All of these operatives are being abused, and until they take action to prevent the abuse, they are contributing to the problem by sponsoring the crime.
Posted: Tue Oct 04, 2011 2:43 pm 
