Glavmed
From Spamwiki
Contents |
[edit] Description
This was learned from postings on bulkerforum.biz by username "kref", who would invite users to promote for their properties. kref is also known as "fakir f" (his Skype username.)
Glavmed (Spamit) is believed to be based out of Moscow, and thought to be very closely related to the "Russian Business Network", or "RBN.
[edit] False Claims
There is evidence on the Glavmed forum that they are well aware that these claims are false. Here is a snippet from a conversation posted in January, 2008:
http://forum.glavmed.com/showthread.php?t=2360
Old 25-01-2008, 06:35 #1 andrian Member : 10-01-2008 : 4 Does anyone know the ID of glavmed's pharmacychecker.com? Does anyone know any of glavmed's website like officialmedicines.com of their pharmacychecker.com id? 15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET) Old 25-01-2008, 09:22 #2 Andy Administrator Andy : 29-05-2007 : 303 we dont have pharmacychecker 15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET) Old 25-01-2008, 17:07 #3 andrian Member : 10-01-2008 : 4 On public there is the pharmacychecker.com at the bottom. Can i have the id cause i need to use it for google adwords saintd : 25-01-2008 ? 19:06. 15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET)15:57, 6 March 2008 (CET) Old 25-01-2008, 18:14 #4 Andy Administrator Andy : 29-05-2007 : 303 andrian On public there is the pharmacychecker.com at the bottom. Can i have the id cause i need to use it for google adwords again. _we dont have pharmacychecker_ its fake.
So: they know that their use of that logo and claim that they are "sponsored" by Pharmacy Checker is false. This highlights this organization's callous disregard for the public's safety and general ill will.
[edit] Joining Glavmed / Spamit
Registration to the Glavmed program is by invitation only. Bulkerforum featured several postings from "kref" looking for reliable mailers with good references. This highlights the secretive nature of their process, and the fact that they wanted mailers with the largest possible lists (compliant or otherwise) to perform their mailing on Glavmed's behalf.
Here is what a typical invitation email looked like from Glavmed's representative "Michael Sun" (also known as "Michael Sun2k"):
Hi, Glavmed Affiliate program is: · Accurate, REAL-TIME statistics, 24/7 · 24/7 tech support · bi-weekly payments · unique incentives and rewards for strong performance The program unites 4 sites with the most popular (viagra, cialis, xanax, soma, propecia, meridia, levitra and others) medication, that many other affiliate programs do not have. Earn up to $250 or 30-40% of the sales. How to get started? Glavmed appreciates its web-masters that is why the registration can only be made with the invitation code which can be obtained from registered webmasters. This system safeguards from carders and increase the conversion of honest webmasters. For invites please contact: Michael@glavmed.com YIM: Michael_sun2k or ICQ: 461-549-103 In your account you can check the statistic, control traffic, and optimize campaigns. After the registration, please send the registration info to Michael@glavmed.com YIM: Michael_sun2k or ICQ: 461-549-103 and your personal manager will contact you. When I get paid and what is the minimum sum? Payments are made bi-weekly (1-15, 16-31) Fethard, PayPal, WebMoney, Wire Transfer .Minimum sum is $100. I have more questions... We are glad to help you and answer your questions. Please contact support: YIM: Michael_sun2k ICQ: 461-549-103 or Michael@glavmed.com
As with most other sponsors, they only ever deal in online payment methods. No cheques, and no genuine personal data appears to ever change hands. Their commission rate of 40% is in keeping with most of the other illegal spam sponsors we have seen.
It is important to note that they don't rely only on email spam to promote these sites. We have seen banner ads, comment spam and blog spam setups in the promotion of Canadian Pharmacy.
[edit] Response to Complaints
All complaints to Glavmed regarding illegal spamming practices have gone unanswered. It is clear from the multiple discussions on numerous forums, including the Glavmed forum, that this operation is well aware that it pays illegal spammers to send to millions of people who do not want to hear about their "products", and that they condone the outright lies which their websites state on virtually every single page.
[edit] Products Glavmed Promotes
- Canadian Pharmacy
- US Pharmacy
- Downloadable Software
- PharmSite
- Official Medicines
[edit] Glavmed and Spamit
Spamit is the actual sponsorship and affiliate program which is more directly tied to the email spam promotion of products such as Canadian Pharmacy and Downloadable Software, and which appears to be responsible for the propagation of emails attempting to infect users with the Storm Worm. Glavmed is the more public-facing entity which never mentions anything related to email spam, focusing instead on website, SEO and banner advertising. This is a pattern we have noticed between Glavmed / Spamit (public / private programs) as well as GenBucks / SanCash (another competing public / private sponsorship, responsible for a larger array of competing products.)
It is more correct to state that the spam we have all been seeing for these above-mentioned products is on behalf of Spamit, versus Glavmed, who tend to focus on discussions related to website, SEO or banner advertising. They are definitely related companies, they just attempt to remain far more underground and less easy to investigate, compared with Glavmed.
[edit] Domain Registration
Glavmed.com was registered in March 2006 by Registrant:
Canadian Meds LLC 200-1765 West 8th Ave. Vancouver, British Columbia V6J 5C6 CA CA 866-420-707
The administrative and technical contact is listed as
Smirnov, Andrey whois@pharmashopsupport.com 200-1765 West 8th Ave. Vancouver, British Columbia V6J 5C6 CA CA 866-420-707
The same registrant details are listed on the registration for the Canadian Pharmacy support site rx-cs3.com
In February 2009, the registrant for glavmed.com was observed and recorded as
PHARMOS LIMITED Email: info@glavmed.com Organization: PHARMOS LIMITED Address: 177 WHALLEY RANGE City: BLACKBURN State: LANCS ZIP: BB1 6NL Country: GB Phone: +1.8778062747 Fax: +1.8778062747
The email address for the registrant was on the domain pharmashopsupport.com but there has been a problem with its registration, so it has been suspended for false pretenses
Domain Name: PHARMASHOPSUPPORT.COM Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. Registrant: Directi False Whois Suspended Account Directi False Whois Suspended Account (inaccuratewhois@suspended-domain.com) This Domain is Suspended Due to inaccurate Whois Contact Support Desk
Therefore the web site provides an alternative means of contact:
E-Mail: support@glavmed.com
ICQ: 397061228
404194376
487686066
Spamit.com, registered June 2004, has the same registrant, but with different postal addresses and phone.
Domain: spamit.com - Domain History Cache Date: 2008-01-17 Registrar: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM Registrant: MEDIA CAPITAL LTD Suite B, 29 Harley street London, NA W1G 9QR GB 4402070604540 Domain Name: SPAMIT.COM Administrative Contact: Smirnov, Andrey admin@spamit.com Suite B, 29 Harley street London, NA W1G 9QR GB 4402070604540
And again in February 2008
Domain: spamit.com - Domain History Cache Date: 2008-02-22 Registrar: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM
Registrant: MEDIA CAPITAL LTD Suite B, 29 Harley street London, NA W1G 9QR GB +41.225330843 Domain Name: SPAMIT.COM Administrative Contact: Smirnov, Andrey extorminus@gmail.com Suite B, 29 Harley street London, NA W1G 9QR GB +41.225330843
[edit] Registration updates, July 2009
glavmed.com
Registrant: PHARMOS LIMITED Email: info@glavmed.com Organization: PHARMOS LIMITED Address: 177 WHALLEY RANGE City: BLACKBURN State: LANCS ZIP: BB1 6NL Country: GB Phone: +1.8778062747 Fax: +1.8778062747
spamit.com
Administrative Contact, Technical Contact:
Smernov, Andrej n82jw54g64j@networksolutionsprivateregistration.com
ATTN: SPAMIT.COM
c/o Network Solutions
P.O. Box 447
Herndon, VA 20172-0447
570-708-8780
Record expires on 22-Jun-2015.
Record created on 11-Feb-2009.
rx-cs3.com
Registrar: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM Whois Server: whois.directnic.com Referral URL: http://www.directnic.com Name Server: NS1.NS-NAMESERVER.COM.DIRECTIDELETEDDOMAIN.COM Name Server: NS3.NS-NAMESERVER.COM.DIRECTIDELETEDDOMAIN.COM Status: clientDeleteProhibited Status: clientTransferProhibited Status: clientUpdateProhibited Updated Date: 05-jul-2009 Administrative Contact: Smirnov, Andrey whois@pharmashopsupport.com 200-1765 West 8th Ave. Vancouver, British Columbia V6J 5C6 CA CA 866-420-707
[edit] Key Canadian Pharmacy sites
- online-meds1.com
- online-pharm1.com
- online-rx1.com
- pharm-bill.com
- pharm-charge.com
- pharm-help.com
- pharm-online1.com
- pharmacy777.com
- rx-charge.com
Registrant details
Registrant: Canadian Meds LLC 200-1765 West 8th Ave. Vancouver, British Columbia V6J 5C6 CA CA 866-420-707 Administrative Contact: Smirnov, Andrey whois@pharmashopsupport.com 200-1765 West 8th Ave. Vancouver, British Columbia V6J 5C6 CA CA 866-420-707
[edit] Web site hosting
At February 15, 2009, the following data was recorded.
glavmed.com has address 74.86.34.144 ns1.glavmed.com has address 82.146.39.44 ns2.glavmed.com has address 75.126.22.245
By comparison, a whois lookup on spamit.com shows an IP address in common for ns2.spamit.com
ns1.spamit.com 78.24.219.53 ns2.spamit.com 82.146.49.44
For the web site address, 74.86.34.144 - this IP was the property of:
CustName: Andrew Bogdanov (In 2009 this changed to Dmitry Fedorov) Address: Ivanov st. 31 City: Moscow StateProv: PostalCode: 125725 Country: RU RegDate: 2009-01-27 Updated: 2009-01-27 (later this became 2009-03-19) NetRange: 74.86.34.144 - 74.86.34.151 CIDR: 74.86.34.144/29 NetName: NET-74-86-34-144 NetHandle: NET-74-86-34-144-1 Parent: NET-74-86-0-0-1 NetType: Reassigned Comment: Send abuse issues to abuse@softlayer.com (SoftLayer Technologies Inc. - Plano, Texas) RegDate: 2009-01-27 Updated: 2009-01-27
For the first name server at 82.146.39.44
person: Peter A Svistunov address: ISPsystem, Raduzhny 34a address: Irkutsk, 664017, Russian Federation phone: +7 3952 525789 person: Alexandr Brukhanov address: PoBox30, 664017, Irkutsk, Russia phone: +7 495 727 38 79 remarks: ************************************** remarks: * For spamming or other abuse issues remarks: * please send your requests to remarks: * abuse@ispserver.com remarks: **************************************
These are the same contacts for the IP addresses used by spamit.com and ns1.spamit.com on 78.24.219.53
For the second name server at 75.126.22.245
network:Class-Name:network network:ID:NETBLK-SOFTLAYER.75.126.0.0/19 network:Auth-Area:75.126.0.0/19 network:Network-Name:SOFTLAYER-75.126.0.0 network:IP-Network:75.126.22.240/29 network:IP-Network-Block:75.126.22.240-75.126.22.247 network:Organization;I:Private Residence network:Street-Address:1950 Stemmons Freeway Suite 2043 network:City:Dallas network:State:TX network:Postal-Code:75207 network:Country-Code:US network:Tech-Contact;I:sysadmins@softlayer.com network:Abuse-Contact;I:abuse@niokr.ru network:Admin-Contact;I:IPADM258-ARIN
Note that the IP of the glavmed.com host, and the IP of both of its name servers have pointers to Russia.
[edit] Contact details
From the web site, July 2009
E-Mail: support@glavmed.com ICQ: 383835814 397061228
[edit] Further reading
- The Glavmed site itself www.glavmed.com
- The Glavmed support forum (in Russian)
- Experts link flood of 'Canadian Pharmacy' spam to Russian botnet criminals By Ellen Messmer, Network World, 07/16/2009
- Invitation to get a code to join Glavmed - from bizdev@bizmajors.com (Lithuania)
- Canadian Pharmacy and Glavmed: An Open Letter To Law Enforcement, The FTC And The FDA Monday, February 2, 2009
