Toronto Drug Store

From Spamwiki

Jump to: navigation, search

Contents

[edit] Description

Image:Toronto-Drug-Store.jpg

Toronto Drug Store (TDS) is a new Bulker.biz/EvaPharmacy property, observed in August 2010. More complete discussion of the fraudulent nature of these sites is on the pages for their other brands. Control of this organization has been attributed to the spammer using the pseudonym Alex Polyakov. The same group of scam pharmacy brands is referred to as "Yambo Financials" by Spamhaus.

TDS uses a secure payment system at checkout, on https://checkoutpharamcysafe.com

 Domain Name: CHECKOUTPHARAMCYSAFE.COM
 Registrar: KEY-SYSTEMS GMBH
owner-fname: Andrey
owner-lname: Polev
owner-street: ul. Krasnaya d.117 kv.119
owner-city: Solnechnogorsk
owner-state: Moskovskaya oblast
owner-zip: 199538
owner-country: RU
owner-phone: 7.4963612199
owner-fax: 7.4963612199
owner-email: dress@freenetbox.ru

The checkout site uses an SSL certificate issued by

PositiveSSL CA
Comodo CA Limited

Like other Bulker.biz/EvaPharmacy sites, just about every claim made on CNP sites is a lie.

[edit] False Pretenses

[edit] Fake Staff

Image:TDSstaff.jpg

As usual with Bulker.biz/EvaPharmacy sites, their supposed staff physicians are actually models whose photos are available from Getty Images.


[edit] Fake Locations

Image:TDSContact-Us.jpg

The address given for their supposed main office is 155 Front Street West, Toronto, Ontario. The clumsy English on the page makes one immediately suspicious about whether these people have ever set foot in Canada:

We have decided to move the general stream of information to our online Support 
Department, so 90% of all inquiries are processed online. A special contact ticket 
system would be a helping hand for our clients while trying to contact us by any 
reason. Still if you want a face to face audience with one of our managers, you may 
visit our main Headquarters or secondary offices from 10 a.m. till 6 p.m. local 
time. We are always glad to meet you!

And sure enough, Google street view shows the data centre at 151 Front Street West extends the length of the block. There is certainly nothing resembling the building in the TDS website photo.

Image:155frontstw.jpg




[edit] Fake License

The pharmacy has no real location and no real pharmacists. But like other EvaPharmacy/Bulker.biz pharmacies, they have forged an imaginary license for their pharmacy. It's obviously fake, since it is displaying the same imaginary address.

Image:TDSlicense.jpg

The Ontario College of Pharmacy has a website that allows you to look up their licensees. Not surprisingly, Toronto Drug Store isn't listed.




[edit] Fake American Pharmacists Association Certificate

This task apparently fell to one of the non-native English speakers, because it is quite clumsily worded:

All the drugs sold at Toronto Drug Store are considered to be approved by 
the American Pharmacists Association (APhA).

This bulletin certifies that Toronto Drug Store (License Number 05671274) 
sells high-quality medications that are presented by certified online shop. We 
ensure that Toronto Drug Store team has the highest standards of practice 
carried out by its members.

The American Pharmacists Association (APhA) is the organization whose members are 
recognized in society as essential in all patient care settings for optimal 
medication use that improves health, wellness, and quality of life.

Date: 07/04/10     Signature: Harold N. Godwin

This certificate appears to be dated on July 4, 2010. July 4 is one of the most popular public holidays in the U.S. -- nobody would come in to work to do routine bureaucratic functions like issuing certificates. Actually, whoever did the forgery was unfamiliar with the fact that in the U.S., dates are in month-day-year format, rather than day-month-year. They were trying to make it look like an April 7, 2010 date. They've simply used the same certificate they forged for Canadian Neighbor Pharmacy and changed the name and number.

The license number is the same one used on the Ontario College of Pharmacy forgery. Anyone who has to get licensed by multiple agencies will tell you it's never going to be that easy -- you get a different number from each one. When asked if this certificate was fake, the reply from the American Pharmacists Association was

Yes, this is a fake. Thanks for passing along to us.

Sharon Corbitt
External Communications Director
American Pharmacists Association
2215 Constitution Ave.
Washington, DC 20037-2895


The APhA does not license pharmacies or approve the quality of medications. The logo they display is wrong as well, resembling the Glavmed logo instead.

CNP vesion of APhA logo/APhA logo from their website
Image:Aw apha.gifImage:APHA-HP blue band.jpg





[edit] Hijacked servers

See the discussion at Canadian Neighbor Pharmacy. TDS sites load images from hijacked servers in the same way.


[edit] Sample sites and registrars sponsoring them

[edit] HTTP.NET INTERNET GMBH

baldwinviagracialis.com
levitrawelnessteel.com
newpharmacyherbal.com
thepharmacysale.com

[edit] NAMESILO, LLC

shirazrx.com

[edit] NAUNET-REG-RIPN

drugstorepillstablets.ru
kabrod.ru
pharmacypillspharmacy.ru


[edit] PSI-USA, INC. DBA DOMAIN ROBOT

canadiancanadaviagra.net
rxmdsmyelodysplastic.net
ryanairemedies.net

[edit] TODAYNIC.COM, INC.

canadianpharmacygenerics.com
cheapcanadianpharmacy.org
safecanadianpills.com
toronto-drug-store.org

[edit] How to Report this Spam

The Complainterator is configured to report this spam to the registrars. It performs a "whois" lookup on the domain names used by the name servers that resolve access to the web site. It discovers the registrars that are sponsoring the access to the web site. It prepares a complaint to the sponsoring registrars.

Removal instructions

web site domains
- the registrar needs to set the status of the domain to

  • clientHold
  • clientUpdateProhibited
  • clientDeleteProhibited
  • clientTransferProhibited

name server domains
- the registrar needs to set the status of each of the name server domains to

  • clientHold
  • clientUpdateProhibited
  • clientDeleteProhibited
  • clientTransferProhibited

In addition, to remove them as name servers, the subdomain address records (eg for ns1 and ns2) need to be changed to a non-routable address, such as 0.0.0.0 or a blackhole address within their own address space.

[edit] Sponsor Organizations

Bulker.biz also known as EvaPharmacy is the criminal sponsor organization behind this type of site.

[edit] Related spam operations

See: Category:Yambo family

The product list, the pricing and the product descriptions for Toronto Drug Store are identical with that of My Canadian Pharmacy

The image showing the Managed Care Organizations refers to other known fraud brands, Canadian Family Pharmacy and My Canadian Pharmacy

image:TDS.jpg

[edit] Further Reading

LegitScript report, May 2010

Personal tools