Spamit, a closely guarded affiliate program that for years has paid some of the world’s top spammers to promote counterfeit pharmacy Web sites, now says that it will close up shop at the end of September.
Spamit administrators blamed the impending closure on increased public attention to its program, which interacted with affiliates via several sites bearing the spamit brand, including spamit.com, spamit.biz, and spamdot.biz.
The program’s homepage was replaced with the following message (pictured above) a few days ago:
Because of the numerous negative events happened last year and the risen attention to our affiliate program we’ve decided to stop accepting the traffic from 1.10.2010 [Oct. 1, 2010]. We find the decision the most appropriate in this situation. It provides avoiding the sudden work stop which leads to the program collapse and not paying your profit.
In our case the whole profit will be paid normally. All possible frauds are excluded. Please transfer your traffic to other affiliate programs till 1.10.2010.
Thank you for your cooperation! We appreciate your trust very much!
Dmitry Samosseiko, senior manager of SophosLabs Canada, wrote last year in his excellent Partnerka paper (PDF) that Spamit affiliates are thought to responsible for managing some of the world’s most disruptive, infectious and sophisticated collections of hacked PCs or “botnets,” including Storm, Waledec and potentially Conficker.
Spamit affiliates are best known for promoting the ubiquitous ‘Canadian Pharmacy’ Web sites, such as the one pictured to the left (zithmed.com). While at any given time there are thousands of these fly-by-night Canadian Pharmacy sites online selling prescription drugs without requiring a prescription, these pharmacies are about as Canadian as caviar: Experts say most of the drugs sent to buyers are made in and shipped from India and/or China.
But don’t expect Canadian Pharmacy sites to go away just because Spamit shutters its operation. Samosseiko and many other spam watchers believe Spamit is the sibling entity of a much larger pharmacy affiliate program known as “Glavmed,” which also promotes Canadian Pharmacy branded sites.
Through periodic statements on the Glavmed forum, Glavmed administrators have steadfastly maintained that their program does not tolerate spam, and that its affiliates only employ legal search engine optimization (SEO) techniques to help people find their sites when searching online for specific name-brand medications.
Anti-spam blog IKillSpammers suggests that one component of the unwelcome “increased public attention” cited in the Spamit goodbye message may be the program’s loss of the ability to process MasterCard payments in December 2009.
There have been other, more public, embarrassments for Spamit lately. For a brief period in late October 2009, the home page for spamdot.biz was changed so that it redirected visitors to the Web site for the Russian Federal Security Service (FSB), a move that suggested to many that the forum had been infiltrated by Russian investigators. A month later, the Russian Association of Electronic Communication (RAEC) declared it was launching a broad new anti-spam campaign.
Also in December of last year, a Newsweek Russia story identified a Russian businessman as the leader of Glavmed, although that story appears to have since been redacted to remove the man’s name after he sued the news organization in a Russian court.
It remains unclear whether Spamit really will close its doors on Oct. 1, and whether the world can expect to see any less junk e-mail as a result. One source with access to the Spamit forum shared with KrebsOnSecurity.com several screen shots of the forum — one of which is pictured above — which show members discussing other pharmacy programs even as they lament the closure of Spamit.
Gary Warner, director of research in computer forensics at the University of Alabama Birmingham’s computer and information sciences department, said the most that can reasonably be hoped for is that some of the spammers affiliated with Spamit will lay low for a while.
“I assume that some [affiliates] will scatter, and a few probably are going to lay low for a bit on the spam side,” Warner said. “But the program’s leadership probably will do something leading in another area of spam, because it’s just too lucrative a business for them to walk away from.”