Wednesday, August 1, 2007

My Canadian Pharmacy on hijacked servers as usual

Received spam from "The United States National Medical Association",, explaining how many online pharmacy shops are unreliable and simply frauds... well who else than the spammers themselves has first hand knowledge of this.

When clicking on link in the message you are instead redirected twice. First to and then from there to which is a My Canadian Pharmacy site, not to be confused with Canadian Pharmacy sites. is registered at Xin Net Technology Corporation,, not surprisingly with forged registratation information. A complaint is sent to them. The domain is used in a botnet so it resolves to different addresses with a few minutes interval. Too much work to report them all as they can be large amount of zombie computers.

Regarding the My Canadian Pharmacy site then the SpamWiki has dissected this, so read more here:

The domain is registered at LLC, The domain information used is very likely to be forged because it's the address of one of the directors of the Kentucky Secretary of State and I doubt she is involved in spamming. A complaint was sent that they chosed to delete without reading, I have reminded them that I will report that fact here to see if they change their mind.

As usual then My Canadian Pharmacy are using more servers to host their site and probably all of the frontend servers we see are hijacked. Site itself is located which is assigned to Koc Net, Turkey, Images is placed on a range of addresses all at port 8080:,,,, Abuse reports have been sent to hosting/network providers assigned to all of the 6 addresses.

I mentioned that the redirection to was done from the address and this of course made me curious to see what showed up if you just went to another redirection this time to which is a Health Nation site.

So it appears we have a spammer here which is probably running mailing campaigns for both these sites. There is quite a lot to report about this Health Nation site as it's the first time I see that one so I will leave that for a seperate post.

1 comment:

Anonymous said...

There are more of these -- just got spam email for
also had a bogus charge on my credit card on - so now I am looking for these sites and wondering if they are the same.