Bulker.biz

From Spamwiki

Contents 1 Description 2 Acquisition of new spammers / mailers 3 Hijacked Unix / Linux Servers 4 Identity Theft and Credit Card Fraud 5 Products Bulker.biz promotes

[edit] Description

Bulker.biz is the organization which sponsors spammers to promote sites within what has been referred to as the Yambo Financials group of web properties. These include My Canadian Pharmacy, International Legal RX, Canadian Health&Care Mall, US Drugs and (new as of August 2009) Canadian Family Pharmacy.

This was learned from postings on bulkerforum.biz by username "ebulker", who would invite users to promote for their properties.

Please note that as of late 2008, they changed their domain name to bulkerbiz.com, since a rash of domain shutdowns terminated the bulker.biz domain. bulkerbiz.com still shows all the original branding of bulker.biz.

On or around April 14th, 2009, bulkerbiz.com suddenly announced that they were yet again changing domains, leaving the ICQ address of the individual known as "ebulker" [333192431].

Site is closed. Please contact ICQ 333192431 for new address.

According to Knujon and LegitScript, the brands previously part of the Bulker.biz affiliate program are now part of an operation called "EvaPharmacy."

Bulker.biz homepage, Sept. 2008

Evapharmacy.ru homepage, July 2010

Eva Pharmacy brand websites were first discovered in 2007 loading content from Bulker.biz sites. User EvaPharmacy made the first announcement of an affiliate program by that name on the antichat.ru forum in November 2009.

Although the public terms of service for EvaPharmacy state that spamming is not permitted, the affiliate program buys ad banners on forums like antichat.ru, on which members openly discuss spamming and hacking.

The website for Bulker.biz, in contrast, openly advertised that affiliates were permitted to spam.

[edit] Acquisition of new spammers / mailers

Here is a posting from Mar. 14th, 2007 found on bulkerforum.biz, posted by ebulker. It directly connects this operation to the abovementioned sites, and outlines their commission structure:

ebulker

Joined: 19 Sep 2006
Posts: 28

Posted: Wed Mar 14, 2007 10:00 am
Post subject: Bulker.biz newsletter for February 2007.

Last news:
- New portal "Men's Health" is going to be launched next Monday!
- "My Canadian Pharmacy" redesign will be rounded off soon.
- Next popular products were added in February:
norvasc, zyban, cymbalta


====== Features of Bulker.biz =========

Resemble our feautures:
1. Daily payouts for all the affiliates (or on demand)
2. We pay wires, WebMoney, and Fethard
3. Popular sites with a great choice of products and high ratio (beginning from 1:30)
4. 5% referral system
5. Free personal domains (ability to add your domains to our servers)
6. We pay probable refunds & chargebacks ourselves
7. Live support (icq, skype messenger & e-mail)
8. "Bonus Timer" program. Bonus-money for the three best affiliates EVERY DAY
9. Free geocities accounts

================ TOP Products =============================

- Viagra
- Cialis Soft
- Cialis + Viagra
- Viagra Soft
- Cialis
- Ambien
- Soma
- HGH

================ TOP Domains ===============================

- yahoo.com
- aol.com
- hotmail.com
- comcast.net
- sbcglobal.net
- cox.net
- earthlink.net
- bellsouth.net
- msn.com
- gmail.com


Best Regards, Bulker.Biz Team

Mailto: support@bulker.biz
ICQ: 333192431
Skype: BulkerSupport
_________________
Bulker biz is:

- 40% affiliates comission
- Lot of very popular pharma products
- Daily payments
All you need for huge earnings!
ICQ: 333192431; e-mail: support@bulker.biz

[edit] Hijacked Unix / Linux Servers

As discuss in the My Canadian Pharmacy entry in detail, Bulker.biz domains used in their spam campaigns are all hosted via hijacked, publicly owned Unix or Linux servers without their owners' knowledge or consent. This is achieved by gaining root access to these poorly-secured and often abandoned servers, and installing two custom-written Unix binaries known (as of this writing) as "tirqd" and "uirqd". These binaries act as proxy web hosts, drawing content from an as-yet-unknown third party server (tirqd), and a DNS proxy server (uirqd), often providing DNS services for hundreds of spamvertisable domains. This renders the cost of their web hosting to virtually zero, since they are in fact stealing the bandwidth from an unwitting third party who is usually unaware that their server has been compromised in any way.

[edit] Identity Theft and Credit Card Fraud

Bulker.biz domains are routinely registered using the identity of an unwitting third party, using their name, address and phone number, and registering using their credit card. Information gathered via independent research has shown that in many cases these individuals are very ill and not computer literate, and often don't know what "domain registration" is. This research is ongoing but has uncovered several hundred such individuals who were unaware their contact information was used for the WHOIS data for hundreds of illicit "My Canadian Pharmacy" (and other bulker.biz property) domains.

Notably the email address is always one which someone or some group at bulker.biz have created to handle email questions only.

[edit] Products Bulker.biz promotes

The list of products known to be promoted by this sponsor are:

• My Canadian Pharmacy
• International Legal RX
• Canadian Family Pharmacy
• Canadian Neighbor Pharmacy
• Toronto Drug Store
• US Drugs
• International_Rx
• US Pharmacy
• VIP Pharmacy ("Viagra + Cialis")
• Canadian Health&Care Mall
• Men Health (Men+ Health)
• Exclusive Caviar Online
• Double Your Dating