Today saw the announcement of a huge $15 million fine imposed upon a spammer by a US federal judge. The action marked the final stage of Operation Herbal King, an investigation by the US Federal Trade Commission, the New Zealand Department of Internal Affairs, and other agencies. We at M86 Security Labs were involved in supplying data to the various agencies during the investigation.
The spammer, Lance Atkinson, A New Zealand citizen who resides in Australia, was the ringleader of a group that organized and paid affiliates around the world to send spam emails marketing a range of branded pharmaceutical products. These were manufactured and shipped by Tulip Lab of India, through a business known as the Genbucks (aka SanCash) affiliate program. This business was operated by Genbucks Ltd, a company incorporated in the Republic of Mauritius.
Initial action against the group was back in October 2008, when the group’s assets were seized. Our blog at the time noted that this gang was behind some of spam’s most voluminous and notorious brands, such as “VPXL”, “ManSter”, “MegaDik”, and “King Replica”. At the time one particular spamming botnet, the now-familiar Mega-D , was almost exclusively promoting these brands and was responsible for a whopping 32% of spam we were seeing. Other botnets, including Pushdo and Rustock, were also in on the act.
The interesting aspect of latest action is that the FTC charged them on false and deceptive marketing of pharmaceutical products, not necessarily the actual spamming:
“…the defendants’ spam messages deceptively marketed a male-enhancement pill, prescription drugs, and a weight-loss pill in violation of federal law. They falsely claimed that the medications came from a U.S.-licensed pharmacy that dispenses FDA-approved generic versions of drugs such as Levitra, Avodart, Cialis, Propecia, Viagra, Lipitor, Celebrex, and Zoloft. In fact, the defendants do not operate a U.S.-licensed pharmacy, and the drugs they sold were shipped from India, had not been approved by the FDA, and were potentially unsafe.”
The legal action, and corresponding hefty fines, is important. Its sends a strong signal to these gangs about the possible consequences of their actions. Unfortunately, the spamming underworld has moved on since Genbucks. Affiliate programs constantly morph, or get replaced by new ones. Spam output remains high, and the major botnets just keep pumping out spam of alternative affiliate programs. Currently, one of the most notorious affiliate programs is the Canadian Pharmacy program, which we reported on here.