Nature Medicines
From Spamwiki
Contents |
[edit] Introduction
| Nature Medicines is a fake pharmacy site first observed in December 2007. |
 |
 |
[edit] False Pretenses
[edit] Fake Verisign Security
The links at the bottom of the web site are not external.
For example, it purports to be a Verisign safe site, using https for security. However, when you mouse over the Verisign logo, you see it is about to run a Jave Script on the same site for checker2.php. Click on the logo, and you find in your address bar that you are still on the same site. For example, see http://organsail.com - and the link ends on http://organsail.com/checker2.php
This should take you to the Verisign site. Instead, the criminal has used false pretenses:
To ensure that this is a legitimate VeriSign Secure Site, make sure that: 1. The original URL of the site you are visiting comes from organsail.com . 2. The URL of this page is https://digitalid.verisign.com. 3. The status of the Server ID is Valid.
A legitimate Verisign text would be at https://digitalid.verisign.com, but clearly this criminal is trying to fake it. The site has no security, but falsely misleads the user into thinking it has. User details such as ID and Credit Card will not be protected.
[edit] Fake Better Business Bureau logo
The BBB logo is shown, but it is not a link to the BBB site. A visit to the BBB site shows no reference to this operation.
[edit] Faked FDA Approval
The FDA logo has a link, but as with the Verisign fraud, it links back to the same site and tries to defraud the user into thinking it has FDA approval. Clearly it does not. The approving CEO is quoted as
CEO/President: Kris Thorkelson 200-1765 West 8th Ave. Vancouver, BC, Canada V6J 5C6
The real Kris Thorkelson can be contacted, and has already expressed his disapproval of the misuse of the FDA in this manner.
[edit] False Claim - Canadian
Although this operation represents itself as being Canadian, the web sites are typically registered with the Chinese Registrar XIN NET TECHNOLOGY.
Billing Contact:
wang xiao
zhengzhoushi
zhengzhou Henan 450000
CN
tel: 0000000
fax: 0000000
john.mike@hotmail.com
Note the invalid phone and fax numbers in flagrant breach of ICANN regulations.
The name servers that resolve the site name to an IP address are on domain name slam12.com registered on Chinese registrar BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD and is billed to
Bill Name............ li yang Bill Address......... No 202 hedong Bill Address......... Bill Address......... Yongzhou Bill Address......... 425000 Bill Address......... HN Bill Address......... CN
The support line is at support@canadianpharmsupport.com, and this domain name is registered on Chinese registrar BIZCN.COM, INC.
The name server at ns1.slam12.com as at 1 January 2008 is running on IP address 221.5.41.37 administered by
CNCGROUP-GD CNC Group Guangdong province network China Network Communications Group Corporation No.156,Fu-Xing-Men-Nei Street, Beijing 100031 CN
The website running one sampled Nature Medicines host as at 1 January 2008 was on IP 79.143.178.5 administered by a contact in Syria:
Mohammed el Shakhatra Gavi-ayesh 34, p.o. 34053, Al Dirizor,Syria +90 543 3767728
There is a strong preference among criminal spammers to use registrars in China. If this were a genuine Canadian company, it would be reasonable to expect them to use local registrars and hosting facilities in Canada for their operations.
[edit] How to complain
The most effective tool is the Complainterator which will compose messages to the Name services provider requesting their removal.
[edit] Related spam operations
Canadian Pharmacy, PharmSite and Nature Medicines share many common functions, leading to the conclusion they come from the same perpetrator
- same registrars
- same name servers
- same online support number - +1 210 80 PHARM
- same email support address - sitesupport@pharmsupport.us
- same false claims
