Microsoft’s Bing search engine is currently taking some heat over sponsored search results for fake or illegal pharmacies. A report from LegitScript, an online pharmacy verification service, and KnujOn, an Internet compliance company, blasts Microsoft for allowing rogue pharmacies to participate in online advertising through Bing.
The report from LegitScript and KnujOn outlines how Microsoft’s advertising program actually enables fraud and health risk by allowing rogue Internet pharmacies to pay for high placements depending on keywords. Moreover, some of the ads displayed by Bing were for legitimate pharmaceuticals but, once clicked, redirected the user to an illegal operation.
“Inexplicably, these dangerous websites are allowed to sell prescription drugs with the imprimatur of Microsoft approval. The problem is, some Internet users looking for a safe, legitimate Internet pharmacy might assume that if it is “sponsored” by Microsoft on bing.com (as online advertisements are said to be), it is okay to use it, since Microsoft is a reputable company,” LegitScript mentioned in an outline of the report.
During the research, 90 percent of the sites were acting unlawfully in some way. Each of the illegal sites was tested, and controlled medicines were ordered without any need for a prescription. When the purchased medicines arrived, they were submitted for testing, and all were found to be counterfeit.
Taking counterfeit drugs is dangerous. Depending on what it is you are taking, such as fake heart medicine, it could ultimately lead to death, according to a medical professional consulted by The Tech Herald who asked to remain anonymous.
“Depending on the compounds used in the drug,” the consultant explained, “it could have a reaction to another medicine you are taking. It could cause an allergic reaction in your body. [It] could cause any number of issues up to and including anaphylactic shock.”
Like other search engines, Microsoft’s Bing relies on advertising revenue to operate. However, LegitScript and KnujOn teamed-up and released their report in the hope that Microsoft would become more proactive on the issues it covers.
“In short, Microsoft has the ability, and responsibility, to make sure it isn’t displaying, much less profiting from, Internet ads for websites engaged in illegal activity— like selling prescription drugs without a license or a prescription,” said LegitScript.
The full report is online and can be found here. On page two and three, we dig a little deeper into one of the companies we came across while reading the LegitScript and KnujOn report.
One of the sites mentioned in the report is K2Med.com. K2Med.com appeared in an ad placement claiming to be Dailymedrx.com, a legitimate operation based out of Indianapolis. However, when the ad was clicked during testing, the redirection kicked in and K2Med.com suddenly appeared. K2Med.com is linked to Russian crime group '33 Drugs'.
In the report, K2Med.com and nine other Web sites are highlighted because of clear violations of both U.S. law and Microsoft’s advertising policy. Considering that K2Med.com claimed to be an Indianapolis-based company (where this writer is based), The Tech Herald duly set out to ask some serious questions -- it was helpful that 'Ashley' and 'Paris Hogan' were around online to talk with us.
Below is the transcript of the first chat, during which we were informed that K2Med.com is operating out of London, England, but ships its drugs from India. After looking for details, we were unable to locate any business records for K2Med aside from domain registrations.
This next chat started with us asking about ordering 90 days worth of prescriptions in a single purchase. When we spoke to 'Ashley', we were told we would need to answer questions during our order and a doctor would determine if we needed a prescription form. However, according to 'Paris', they are required to ask the questions, but we wouldn't need to speak to a doctor or use any medical prescription, just pay up and get the drugs.
As mentioned, we found no business information on K2Med.com. However, we did discover that the domain was registered by domainsareforever.net, which now directs to Moniker. Moniker is a registrar based in Pompano Beach, Florida. Moniker is also the reason K2Med.com’s WHOIS information is masked.
The fact Moniker is connected to this criminal operation isn’t malicious, as you cannot expect it to check every domain that registers for the privacy options during the automated sign-up process. Like many registrars, most of the registration and ordering is automated and rarely will a human actually examine domain purchases.
When K2Med.com claimed it was operating from London, this wasn’t a complete lie, as the server IP is registered to BlueConnex Ltd. (AS29550), located in Berkshire, just east of Reading, and a stone's throw from the capital.
It is interesting that, along with K2Med.com, the same IP is linked to another fake RX site, bestrxcanada.com.
Digging into this site, since the IP was used for K2Med, we found more links. One of them, as it appeared on bestrxcanada.com’s A-Record list, labhost.ru, stood out.
Looking into labhost.ru, we were able to link 70 sites back to the original source of our digging, K2Med.com.
The spider-like nature of IP addresses used for hosting, the mix of nameserver addresses, and domains discovered all hang on one central theme, which is fraud. Each of the sites we viewed after we started digging into K2Med.com led us to several domains ripping people off in one form or another.
These sites offered Warez (illegal software, often pirated), more illegal RX sites, fraudulent financial sites and investment schemes, and naturally a range of porn-based sites offering almost anything one can imagine. Sadly, the majority of the sites are still active and, during our research, more than one attempted to serve Malware.
Even if they were all taken down, the criminals behind them would simply start over in a new location.
To help with the research and digging, we used Robtex.com. An example of the report we used for labhost.ru can be viewed here. Note that these reports change over time as things are refreshed online.
If you would like the list of domains discovered, and are a researcher or IT administrator, use your business address and request it from [email protected].
Want regular updates from The Tech Herald? Follow us on Twitter.
Interested in a more interactive TTH? Join our Facebook Group.