Security Feature: Protecting Consumers from Rogue Online Pharmacies

Over the past couple of years rogue online pharmacies have been advertising their domains on search engines and promoting themselves through search engine optimization.  Legitimate pharmaceutical companies have their own measures in place to work on taking these sites offline.  The problem with rogue online pharmacies is that they do not meet federal regulations.  To be a legitimate online pharmacy they must meet certain requirements including:

  1. Having a physical pharmacy in the state in which they conduct business,
  2. If they have a doctor, they must have a relationship with the customer when providing a prescription,
  3. The online pharmacy must work with those prescriptions,
  4. In order to sell to customers in the USA, they must again have presence in the United States.

Domain Incite broke news on a new UDRP filing covering 209 domains (hat tip to Garth Bruen from KnujOn for posting this as a status update on his LinkedIn profile).  Those domains have a word in common: “cialis”.  This is a registered trademark owned by Eli Lilly.  Although not conclusive, the Kevin Murphy from Domain Incite alleges Eli Lilly sounds like the most reasonable complainant.

The UDRP stands for Uniform Domain-Name Dispute Policy and is an agreement adopted by ICANN-accredited Registrars that is included in domain registration agreements.  It provides a mechanism for trademark holders to file a complaint that shows there is harm being done to the trademark holder’s brand, and if successful, the domain may be reclaimed by the legitimate party.

Aside from industry efforts to help spread awareness and enforcement on the subject of rogue pharmacies like LegitScript, the National Association of Boards Pharmacy has an accredited program named “VIPPS” or Verified Internet Pharmacy Practice Sites to help with this matter.

Directly from the NABP:


Rogue Online Sites

Unfortunately, because it is so easy to create a Web site, there are thousands of sites pretending to be legitimate online pharmacies. To date, NABP has reviewed nearly 7,000 sites – only 4% of those online sites appear to be in compliance with pharmacy laws and practice standards. Using these rogue sites puts patients at risk of receiving counterfeit or adulterated medications. VIPPS accreditation ensures that an Internet pharmacy is a bona fide pharmacy, and it is the best way for patients to determine that they are getting the quality care they deserve.

VIPPS Online Sites

To ensure public health, VIPPS accreditation requires an Internet pharmacy to comply with the licensing and survey requirements of its state and each state to which it dispenses pharmaceuticals. VIPPS-accredited pharmacies meet nationally endorsed standards of pharmacy practice, and they demonstrate compliance with standards of privacy and authentication and security of prescriptions, adhere to quality assurance policy, and provide meaningful consultation between patients and pharmacists.

VIPPS VIPPS pharmacy sites display the VIPPS Seal on their Web sites. The Seal is a key benchmark for consumers to measure the quality of a pharmacy’s practice, and by clicking on the VIPPS Seal, they are able to access verified information about the pharmacy.


 

So it is a good thing that we’re seeing this kind of UDRP Filing.  I tried to visit a random set of these and found only an HTTP 200 OK response with no DATA.  However, search engine being one’s friend and the suspect sites not enabling “do not cache” settings, here we see some snapshots of what they looked like. (click images to enlarge)

rogue pharmacy cialis site one

 

rogue pharmacy cialis site two

 

rogue pharmacy cialis site three

 

Notice on some of these images the same repeating image below.  It is to enable a purchase of the illicit pharmacy.  Clicking the image takes a person to the same type of site.  Two of the above landed me on the same location, an image of which is shown coming up next.

rogue pharmacy site cialis purchase

 

purchase site for online illicit pharmaceutical cialis and viagra

At two of these sites in the footer was the following text with a hyperlink to the same location.  Images of both are shown:

Hanei Marketing

The end site:

Hanei Marketing Site

We’ll pursue that and domains in a moment.  Just one more thing to mention about the purchase site.  There is an affiliate program where participants start earning 22% commission.  This snapshot is shown below (and many of these rogue sites operate in affiliate programs).

rogue pharma purchase site affiliate program

Now let us explore some information about domains.

WHOIS on the Hanei Marketing Domain

Registrant:
     Dmitry Nekrasov domains@rsuog-hosting.com +1.4036192124
     Hanei Foundation
     1633 17 Ave. N.W.
     Calgary,Ab,CA t2m0r8

I’m not exactly sure what their involvement is; however, these illicit sites have the Hanei Marketing domain in their footer and worth pointing out.  Searching for “haneimarketing” on the engines shows it has its domain, potentially as a template, for many rogue pharmacy sites, and apparently poker sites too.  Snippet below…

haneimarketing search results

WHOIS on the Illicit Drugs Purchase Site

Registrant Contact:
Flex Trading Group LTD
David Pearlman (webmaster@cashadmin.com)
Ground Floor Blake building Corner Eyre & Huston streets
Belize City, BZ, bz BZ0000
P: +650.4750882 F: +.

Also worthy to mention, that this particular purchase site is listed on the NABP’s “Not Recommended Sites” list.  The list is pretty large, and is accessible here.

WHOIS on one of the affiliate sites

Registrant:
Igor Palchikov hanei.meds@gmail.com +7.9163942040
Hanei Marketing LTD
Andreevskaya 2
Moscow,Moskva,RU 117418

WHOIS on a second of the affiliate sites

Registrant:
Igor Palchikov hanei.meds@gmail.com +7.9163942040
Hanei Marketing LTD
Andreevskaya 2
Moscow,Moskva,RU 117418

There, we have a match with Igor Palchikov.  We can go on and explore each of the other domains.  Chances are, we’ll find the same sets of Registrants, the same ISP hosting location, and potentially the same affiliate IDs.  I’ve personally helped in this kind of investigation before that led to the demise of the Herbal King Spammer under the now defunct CastleCops.  This was also part of my work in my previous employment at Microsoft.  However I must say, kudos to the complainant, if it is Eli Lilly for issuing UDRP Complaints against the domains.  I am sure they investigated each one and confirmed they are illicit pharmacy sites.  And as a trademark owner, they have the legal right to do this.  In fact, did the simple act of filing cause the small random set of sites I checked to go dark on HTTP DATA?

For further reading, check out the work by LegitScript in this ecosystem by working with industry and government spreading awareness and education.

If you are unsure of the site you may always check with NABP VIPPS Verification tool, or simply continue using your brick and mortar established pharmacy.  One may also check NABP’s “Not Recommended Sites” List.  Otherwise, stay away from online pharmacy sites, as they may be rogue!

Play it safe and be wary, these purchases often come laden with the wrong ingredients, toxic ingredients, and sometimes worse may cause death.

by Paul Laudanski Director of CTAC, North America

Follow

Get every new post delivered to your Inbox.

Join 65 other followers