Millionaire spammers have many similarities with the rest of Internet world: They employ a slick user interface, require fabulous SEO, and have a penchant for charity. Some gumshoe reporting by former Washington Post journalist Brian Krebs on his new security blog unearthed one most most intimate looks to date at the sophisticated backend of the web's darkest blackmarket.
"If you received an unsolicited email in the past few years pimping male enhancement or erectile dysfunction pills, chances are extremely good that it was sent compliments of a Glavmed/Spamit contractor," writes Krebs. According to his post, GlavMed ran as the legitimate front company for an invitation-only group of mass emailers that processed over 1.5 million orders of pills from 800,000 (hopefully happy) customers over a three-year period. Members, or, "affiliates," "were given a handful of pre-fabricated pharmacy website templates," earning a hefty 40% in of all sales generated from their sites. Data from (the conspicuously titled) SpamIt.com reveals that 8 of the 10 top moneymakers earned more than a $1 million dollars in commission. A sophisticated user interface accompanied the sale logs, complete with graphic art, drop down menus, and convenient tab layout for switching between "orders" and "referred URLs."
Most affiliates were paid in "Webmoney, a virtual currency popular in Russia that is similar to PayPal," writes Kreb, "except that transactions are largely irreversible." The reminder was payed in ePassporte virtual currency, which was shuttered in September in 2010 "amid allegations of fraud and misappropriation of funds."
At the same time, Russian authorities went after the crime ring, scaring SpamIt into voluntarily closing its doors (causing a precipitous drop in global spam volume). With a graceful and courteous exit, SpamIt adorned its front page with this public service announcement:
Because of the numerous negative events happened last year and the risen attention to our affiliate program we’ve decided to stop accepting the traffic from 1.10.2010 [Oct. 1, 2010]. We find the decision the most appropriate in this situation. It provides avoiding the sudden work stop which leads to the program collapse and not paying your profit.
In our case the whole profit will be paid normally. All possible frauds are excluded. Please transfer your traffic to other affiliate programs till 1.10.2010.
Thank you for your cooperation! We appreciate your trust very much!
GlavMed remains open (for now), and is profiting, according to the report, from its pharmacy sites that boost traffic both through high SEO and hacked websites referring users back to affiliate pharmacies. However, Krebs' source also shared this information with authorities, which might spell the end of GlavMed's operation.
The absolute cherry-on-top of this strange story is a screenshot from GlavMed's interface that encourages affiliates to donate a portion of their commission to charity. The guilt-inducing plea reads, "GlavMed's administration decided to make a contribution in helping most unprotected category of our society--children...All funds donated will make real help to sick and helpless children." Of course, the charity could just be the ironic trick on its own affiliates (or, it actually could be legitimate, helping GlavMed rationalize its actions through some Robin Hood complex).
Either way, Kreb's reporting represents a solid win for the profession of blogging and sketches a fascinating look inside the smooth, often public operation of one the world's most ubiquitous crimes.
Follow Gregory Ferenstein on Twitter
[Image: Flickr user mrdodgy]