Spam Alert
 
 Full Report: /My_Canadian_Pharmacy_spam194422.html
 
 Changed status to confirmed spam.

edikalpeng.com is one of the sites for the spam operation, "MyCanadianPharmacy." This site and its spam are violating US law:
* It offers medications which may not be dispensed without a prescription, including Provigil, and sometimes Valium, Meridia, Xanax and Ambien, which are federal contolled substances, without requiring any prescription. Xanax in particular has high street value. See /My_Canadian_Pharmacy_spam114.html for example of the expanded offerings in controlled substances on this site at the time of the first SIRT report for My Canadian Pharmacy.
* Its site advertises generic versions of drugs like Viagra which are still under patent protection. Therefore, any generics are by definition counterfeit.
* Its site includes "certificates" claiming endorsement from the Better Business Bureau, Verisign, Visa, The Canadian International Pharmacy Association, and PharmacyChecker. As noted by http://www.spamtrackers.eu/wiki/index.php?title=My_Canadian_Pharmacy , all of these claims are outright falsehoods and violations of these agencies' trademarks. See also the BBB alert at http://www.bbbmwo.ca/commonreport.html?bid=1134034
* It is not located in Canada anywhere anyone has been able to find it, and the address it lists for itself is a strip mall with no buildings resembling the one pictured on its website. It is not connected to the actual pharmacy mycanadianpharmacy.com . See also information collected on this operation at http://www.rickconner.net/spamweb/spam_drugs.html
* There is doubt whether they actually sell anything; the website may only be collecting credit card numbers.
* It violates US law by offering drugs for sale to US residents that they may not legally import from pharmacies outside the US, and it offers them for sale without prescription. See http://www.fda.gov/oc/buyonline/faqs.html
* It offers for sale to US residents drugs that have not been approved by the FDA for sale in the US, like rimonabant.
* Its site offers for sale antiepileptic medications like Neurontin, Depakote, Lamictal, Trileptal, Keppra, and Topamax. Given the documented fact that even when spamvertised pharmacies deliver medications, they are subpotent or completely inactive about half the time, well-controlled epileptics taking these pills could have seizures while driving, causing an accident that could kill or seriously injure themselves or others, or at very least, lead to loss of their drivers' licenses.
* Its site offers for sale anticancer agents like casodex and nolvadex. Again, even when spamvertised pharmacies deliver medications, they are subpotent or completely inactive about half the time. The first indication people taking these medications would have that they are taking inactive drug would be recurrence of their cancers.
* Its site offers for sale antibiotics like Levaquin, Amoxicillin, Augmentin, Cipro, Zithromax, and Suprax. As My Canadian Pharmacy does not even claim to offer overnight delivery, the only reason to order these drugs without prescription from a pharmacy that takes weeks to deliver (if it ever delivers at all), is to keep it at home "just in case." As most people are unaware that viral illnesses do not respond to antibiotics, are not aware of which organisms are most likely to cause which infections nor which antibiotics will cover those organisms, and do not have the ability to perform culture and sensitivity testing to confirm empiric treatment, this practice is highly likely to select for drug resistant organisms like CA-MRSA (community acquired methicillin resistant staphylococcus aureus, a particularly aggressive variety of staph that causes recurrent skin boils and has a 50% mortality when it causes pneumonia). As Cipro and Levaquin also have anti-tubercular activity, their use can select for drug resistant tuberculosis. Extended drug resistant mycobacterium tuberculosis (XDR-TB) is extracting nearly 100% mortality in South Africa at present.
* Its site offers for sale Coumadin, a narrow therapeutic index drug that requires very frequent blood testing to determing the correct dose, and continued monitoring to readjust dose due to interactions with food and other medications. The consequence of too much OR too little can be stroke or death.
* Its site offers for sale major antipsychotic medications like Seroquel, Abilify, and Risperdal. In addition to the fact that inactive drug could cause a patient to relapse, leading to consequences like loss of employment, even if these pills contain real medication and the correct quantity of real medication, they are only sold by prescription because patients taking them must be monitored for possible side effects like diabetes.
* Its site offers for sale the fertility medication clomid which carries the risk of multiple pregnancy, visual disturbances, and ovarian tumors, especially if used in excess.
* Their spam messages violate the CAN-SPAM act because they have forged "from" and "reply to" addresses, are sent from hijacked computers without the knowledge or permission of the owners, do not include valid information identifying who has sent the spam or how to opt out, and do not honor opt-out requests on their websites. Addresses are collected by bots spidering the internet for email addresses.
* Sites in this spam family (My Canadian Pharmacy, International "Legal" Rx, Canadian Health&Care Mall, Men+ Health, US Drugs, VIP Pharmacy/"Viagra+Cialis") utilize hijacked Unix servers using the tirqd trojan. See:
http://www.spamtrackers.eu/wiki/index.php?title=My_Canadian_Pharmacy#The_tirqd_Unix_infection
* In each case in which this reporter was able to contact the person named in the whois information in the domain registration of one of these sites, that person denied having any knowledge of his/her personal information being used to register any domains. Some victims had already been aware of fraudulent charges on their credit cards for domain registrations. See documentation at http://spamtrackers.eu/wiki/index.php?title=Fake_yambo_whois
In this case I spoke to the person whose name was used to register this site. She denied having registered it and reported that she had to cancel a debit card because there were fraudulent charges for domain registrations.

Online prices for warfarin 5mg x 90 tabs (generic coumadin, a blood thinner) on 4/13/08:
Rite Aid (drugstore.com): US $35
CVS US $46
My Canadian Pharmacy US $227

The only reason for someone to order warfarin via an illegal pharmacy is to avoid having to see a doctor and get blood tests done to obtain a prescription. Warfarin is derived from a natural compound and has a complex metabolism and many food/drug interactions. Not only is there a very narrow range between the dose that prevents clots and the dose that causes excessive bleeding, the dose is different from person to person and even varies at different times for the same person. There is an extremely high risk of someone having complications like bleeding or strokes if he/she is not getting regular blood tests to check whether the dosage needs to be changed.

SiteAdvisor review at http://www.siteadvisor.com/sites/edikalpeng.com


edikalpeng.com is located at IP address 200.171.178.11
but it loads images from port 8080 of five of the following servers:
http://58.241.87.130:8080/p/images/weship.jpg
http://79.135.167.10:8080/p/images/weship.jpg
http://82.140.67.171:8080/p/images/weship.jpg
http://84.253.77.6:8080/p/images/weship.jpg
http://193.231.163.125:8080/p/images/weship.jpg
http://194.67.66.10:8080/p/images/weship.jpg
http://203.24.211.11:8080/p/images/weship.jpg
http://212.154.24.78:8080/p/images/weship.jpg
http://212.154.24.88:8080/p/images/weship.jpg
http://212.154.24.92:8080/p/images/weship.jpg
http://219.232.117.210:8080/p/images/weship.jpg

Sites in this spam family (My Canadian Pharmacy, International "Legal" Rx, Canadian Health&Care Mall, Men+ Health, US Drugs, VIP Pharmacy/"Viagra+Cialis") will often block traffic from IP addresses associated with legal, financial and antispam organizations as well as anyone who has visited more than one of their sites. It may be necessary to use a proxy to view the pages. In addition, nameservers will selectively refuse queries for certain domains not currently being spammed, and it is necessary to use traversal to see that the domains themselves are not suspended.

Nameservers:
Generated by www.DNSstuff.com at 03:42:31 GMT on 30 Jun 2008.
ns1.homesicknessfih.com [200.99.139.250]
ns2.sultanapec.ru [130.34.152.16]

Nameservers move frequently from one IP address to another, as is typical of hijacked servers. These nameservers were observed at all of the following IP addresses within recent days:
ns1.homesicknessfih.com A 60.171.201.38
ns1.homesicknessfih.com A 200.99.139.250
ns2.sultanapec.ru A 60.171.201.38
ns2.sultanapec.ru A 130.34.152.16


Spamhaus information on these IP addresses:
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64173 for 200.171.178.11
http://cbl.abuseat.org/lookup.cgi?ip=58.241.87.130
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64778 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64834 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64881 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65112 for 79.135.167.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65520 for 82.140.67.171
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64072 for 84.253.77.6
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63807 for 193.231.163.125
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65522 for 194.67.66.10
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63729 for 212.154.24.78
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62488 for 212.154.24.88
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62950 for 212.154.24.92
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65523 for 130.34.152.16

ISPs: Please assist your customers in identifying and disinfecting servers at the following addresses:

astral.ro
193.231.163.125

chd.com.cn
219.232.117.210

cnc-noc.net
58.241.87.130

diveo.net.br
200.99.139.250

exetel.com.au
203.24.211.11

ntt.ru
84.253.77.6

peterstar.net
82.140.67.171

radio-msu.net
194.67.66.10

satko.com.tr
212.154.24.78
212.154.24.88
212.154.24.92

telekom.gov.tr
79.135.167.10

telesp.com.br
200.171.178.11

topic.ad.jp
130.34.152.16


Registrars: please suspend the following domains and nameservers. Please investigate the payment history as it was almost certainly fraudulent as well. Please forward evidence of fraudulent activity to law enforcement.

See domain suspension instructions at
http://www.spamtrackers.eu/wiki/index.php?title=Registrar_Advice
Hong Kong mirror:
香港 镜象地点
http://spamtrackers.hk/wiki/index.php/Suspending_an_EPP_domain
http://spamtrackers.hk/wiki/index.php/Suspending_a_non-EPP_domain

(Removal of nameservers is here:
http://spamtrackers.hk/wiki/index.php/Suspending_an_EPP_name_server_domain
http://spamtrackers.hk/wiki/index.php/Suspending_a_non-EPP_name_server_domain )

As the domains for the Yambo family of spamvertised websites (My Canadian Pharmacy, International Legal Rx Medications, Men+ Health, US Drug, VIP Pharmacy ("Viagra + Cialis"), and Canadian Health&Care Mall are uniformly registered with information obtained by identity theft and paid with fraudulent credit/debit card information, please suspend any other sites in this family that you become aware of.

planetdomain.com:
edikalpeng.com

naunet.ru
sultanapec.ru
ns2.sultanapec.ru [130.34.152.16]

dns.com.cn
homesicknessfih.co
ns1.homesicknessfih.com [200.99.139.250]


planetdomain.com:

The following domains are also sponsored by the same criminal spam organization. They flux among the same hijacked hosting servers and load images from the same hijacked image servers. Please suspend the other domains as well:

acatcheynd.info
ainthadert.net
aplicanroked.com
careslopet.com
croffrower.com
cutopcoress.com
edikalpeng.com
engineperted.com
famuledom.com
feltmyupess.net
fuisegown.com
girpsycan.com
greqbookmar.com
huntingswell.com
idolhowerve.net
igromance.com
inspectorcol.com
janiarlawepo.net
makeflends.com
maluotelyn.com
ouseyeballse.info
peasemunelo.com
penionmelow.com
photobothone.net
pightoblig.com
plannertwop.com
respentaly.com
soeparkhabit.net
sresturdai.net
teregrafim.net
typifullqes.net
uneversadet.net
virtylenesess.net
welmetkost.com
youfastpoh.net

turktelekom.com.tr
79.135.167.10 has been compromised since at least 25 April 2008

satko.com.tr
212.154.24.88 has been compromised since at least 12 Jan 2008

Arrival-Date: Mon, 30 Jun 2008 11:14:02 +0400 (MSD)

Final-Recipient: rfc822; root@ntt.ru
Original-Recipient: rfc822; postmaster@ntt.ru
Action: failed
Status: 5.0.0
Diagnostic-Code: X-Postfix; maildir delivery failed: Sorry, the user's maildir
has overdrawn his diskspace quota, please try again later.

-----

Arrival-Date: Mon, 30 Jun 2008 11:16:00 +0400 (MSD)

Final-Recipient: RFC822; abuse@radio-msu.net
X-Actual-Recipient: rfc822; User unknown@mx1.radio-msu.net
Action: failed
Status: 5.0.0
Last-Attempt-Date: Mon, 30 Jun 2008 11:16:01 +0400 (MSD)

-----

Arrival-Date: Mon, 30 Jun 2008 07:15:57 +0000 (UTC)

Final-Recipient: rfc822; abuse@DNS.COM.CN
Action: failed
Status: 5.0.0
Remote-MTA: dns; mail.DNS.COM.CN
Diagnostic-Code: smtp; 550 Does not like recipient,your mail is rejected!

Final-Recipient: rfc822; cnreg@dns.com.cn
Action: failed
Status: 5.0.0
Remote-MTA: dns; mail.DNS.COM.CN
Diagnostic-Code: smtp; 550 Does not like recipient,your mail is rejected!

-----

Final-Recipient: rfc822; iletisim@turktelekom.com.tr
Action: failed
Status: 5.0.0
Remote-MTA: dns; mx01.turktelekom.com.tr
Diagnostic-Code: smtp; 550 Denied by policy.

-----

Final-Recipient: rfc822; abuse@planetdomain.com
Action: failed
Status: 5.0.0
Remote-MTA: dns; support.planetdomain.com
Diagnostic-Code: smtp; 550 Rejected, score=18.2 required=5.0 trigger=11.0, send
abuse reports to abuse@planetdomain.com

-----


chunguang-zhang@chd.com.cn Mailbox unknown or not accepting mail.
550 chunguang-zhang@chd.com.cn... No such user


--==M2008063016031431108
Content-Type: message/delivery-status

Reporting-MTA: Symantec_Mail_Security_for_SMTP@chd.com.cn
Final-Recipient: rfc822;chunguang-zhang@chd.com.cn
Action: failed
Status: 5.1.1
Diagnostic-Code: X-Notes; Cannot route mail to user (chunguang-zhang@chd.com.cn).

-----

Exetel has received your email and will process it in due course.

Email reporting abuse from an Exetel IP address will be investigated as soon as possible, usualy well within 24 hours.

Email reporting copyright infringement from an Exetel IP address will be processed within 48 hours.

I emailed BILT in google translated Chinese and told them my mail couldn't get through and please look at this report here. This just came in reply. It's a bit nonspecific, considering it's about a nameserver suspension, but at least it got through.

For some reason some of the Chinese characters aren't displaying. (But if you copy and paste the blank placeholders, google translates them anyway. Go figure.)

Quote:

Hello At present, we prohibit any possibility of registering the new illegal domain. As for registered illegal domain, we will remove it in the shortest time after double checking its registration information. sorry for the inconvenience. This message was generated by Beijing Innovative Linkage Technology Ltd dba dns.com.cn Simon Duan Tel: 86-10-82151122 Fax:86-10-82151122-8129 Mail: duanry@dns.com.cn Beijing Innovative Linkage Technology Ltd. Add: 20/F, Block A, SP Tower, Tsinghua Science Park ,No.1 Zhongguancun East Road, Haidian District, Beijing Zip: 100084 2008-07-01 duanry 发件人： AlphaCentauri 发送时间： 2008-06-30 16:32:57 收件人： cnreg; huyan; spam 抄送： 主题： 电子未经请求的邮件 我试图向您发送电子邮件。 尊敬的域名注册服务机构， 我表示歉意。 我不能说中文。 我试图向您发送电子邮件。 它关注的垃圾邮件 (电子未经请求的邮件)。 它没有抵达。 请看看这： /My_Canadian_Pharmacy_spam194422.html 非常感谢！