Microsoft's Bing invaded by pharmaceutical scammers

Microsoft's Bing invaded by pharmaceutical scammers

Summary: Rogue online pharmacies have found a way to exploit Bing's advertising program.According to a recently released report by KnujOn and LegitScript, 90% of the Bing sponsored pharmacy ads were rogue ones, shipping counterfeit prescription drugs, with the bogus companies participating part of larger affiliate networks like this one analyzed last year.


Rogue online pharmacies have found a way to exploit Bing's advertising program.

According to a recently released report by KnujOn and LegitScript, 90% of the Bing sponsored pharmacy ads were rogue ones, shipping counterfeit prescription drugs, with the bogus companies participating part of larger affiliate networks like this one analyzed last year.

The report also details a brand-jacking scheme allowing bogus advertisers the option to choose their own "Display URL" and a separate "Destination URL" for displaying their ads.

More findings:

  • 89.7% of Internet pharmacy advertisements on that we reviewed are operating unlawfully. (Of the other 10.3%, about half are verified as legitimate, and half are "unverified" according to our standards.)
  • The majority of Internet pharmacy ads, and all ten of the sample ads that we dissected, did not require a valid (or any) prescription. We successfully attempted a test buy in two cases, receiving drugs in both cases that appeared to come from India
  • Some of the drugs sold via ads tested positive as counterfeit
  • Most of the Internet pharmacy advertisements that we analyzed are members of affiliate networks controlled by organized crime in Russia and Eastern Europe
  • In some cases, rogue Internet pharmacies have "hijacked" a legitimate Internet pharmacy's domain name: the ad will look like it has been listed by a licensed, US-based pharmacy, but actually clicks-through to a rogue Internet pharmacy. This implies serious security holes in Microsoft's advertising program

Despite that the research clearly demonstrates systematic abuse of a search engine that's gaining momentum, it's worth pointing out that these very same scammers are investing money in ads in between their main traffic acquisition tactic in their arsenal - blackhat SEO (search engine optimization) and spam.

On daily basis, hundreds of thousands of insecurely configured web servers become part of these campaigns, next to the systematic abuse of legitimate services such as Yahoo Groups, forums, Scribd, SlideShare, LinkedIn, MyYearBook, and Digg -- for starters. Collectively the traffic and sales that come from this abuse result in a positive return on investment for the scammers due to the efficient ways in which they abuse the services.

Say yes to your health, and don't bargain with it.

Topics: Microsoft, Browser, Security

Dancho Danchev

About Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • quote

    <i>"This implies serious security holes in Microsoft?s advertising program"</i>

    All I can vision here is Homer Simpson slapping forehead and saying "Doh!!"

    Who'd ever thought, Microsoft and Security holes, who knew. Glad I don't use Bing.

    "Fraud" - Just "B(r)ing it"
    • Yeah, like Google doesn't suffer from the same problem?

      How many times have you read about Google being hijacked with malware advertisers getting top ratings on Google?

      Yeah, this is a Microsoft only problem... keep telling yourself that.
      Confused by religion
      • but,but,but

        Is not Microsoft supposed to be better? I ask you?
        • Microsoft is better than Google.

          If you don't believe me, ask Microsoft.
      • Never said anything about Google...

        Sometimes it is better to avoid talking so as to avoid inserting foot into mouth.

        Edit: And I never said that Google has never been exploited or any other search engine for that matter. Just simply stated a fact that I don't use b(r)ing...
  • One time while I was playing cards with an old man from Hoboken,he said


    You sir are a WINNER.
  • RE: Microsoft's Bing invaded by pharmaceutical scammers

    So the exploit has been found, Microsoft will be quick to patch it and not allow this sort of thing to happen again. Its not like they were the first search engine this happened to. Oh and those illegitimate advertisements won't do any good anyway, no one clicks on those pharmaceutical ads anymore. And this only affects ads, not the search engine or a user's PC. Nothing to see here folks, move along.
    Loverock Davidson
    • Exactly!

      And that is why MS is only a 2 or 3 in Project Excellence. They don't seem to learn from the past (or present).

      Its groundhog day everyday.

      If they could improve their PM habits then people may start expecting more from them. Expectations for Win 7 are mixed at best because of their past.
      • "Expectations for Win 7 are mixed at best because of their past."

        Never a truer word said.

        Even politicians and managements types are now savvy enough to see enough evidence repeated over and over again that Microsoft is just a load of hot air that has been holding the computer industry back for years and years.

        The smart companies will deploy at least 50% FOSS. The FOSS staff can then take over from the mouse wielding ones and get the rest of the infrastructure reliable, efficient and future proofed of forced/surprised/unnecessary invoices.

        It is happening.
      • "Mixed at best"?

        Microsoft is headed for a solid success with Windows 7.

        The ABMers are running scared. So scared that they now have to invent "show-stopping memory leak" bugs. Which of course turns out not to be a bug at all and only shines light on the desperation and cynicism of certain "journalists". It's pathetic

        • Running scared?

          Why would anyone be doing that?

          What's the "killer feature" that would make that even a prospect?

          That and I'm still waiting for someone, anyone, to give a decent explanation of the term "decision engine." The best attempt so far has been to "define" my (now passed on) granny as the "decision engine." No one dared challenge her decisions :P
          • 'Decsion engine' is the term you use when you are not #1 in search.

            Basically, since <a href=>Google</a> is the undisputed leader in search, rather than compete as a 'search engine' (where they would be #4 currently behind <a href=>Baidu</a> and <a href=>Yahoo</a>) (Source: <a href=>Search engine market share</a> (though other sources may have different results)) and you create a new marketing term to describe your (search engine) service. (Note: <a href=>Carol Bartz</a> claims that Yahoo! is not a search engine and may be unaware of <a href=>Internet Archive</a> which has copies of Yahoo going back to 1996 (first Yahoo page).

            The marketing hype goes as follows: a decision engine (<a href=>Bing</a>, <a href=>Hunch</a>, etc.) helps you make decisions (by returning answers to your questions thus allowing you to make a decision. Microsofts explanation is <a href=>here</a>.
          • Ok, but...

            I think I prefer the "decision engine" as being a strong minded granny who gives you one choice, hers! :P
          • "returning answers to your questions thus allowing you to make a decision"

            So by looking at the query results presented people then should make a decision about which link to click, or is it more "advanced" and rewrites your question for you?

            You can spot an MS decision engine a mile away. Type in "install Linux" and it'll take you straight to results for Windows Volume Licensing.
          • @fr0thy2 - Please stop lying.

            It's fine to advocate for open source. It has awesome advantages. I'm learning how to use Linux now. But when you use archaic information and/or outright lies, it really reflects poorly on the Open source community, as well as your credibility.

            When is the last time you did a search for "Install Linux"? None of the links have anything to do with Windows Volume Licensing. The closest thing is a link to running Linux on Windows.

            So I'm begging you, please stop.

            $ sudo apt-get install truth
          • install?

            I tried that and got a list of articles on how to install linux. Nothing (on
            the first page, at least) about Windows licensing.
          • Decision engine??

            Funny; I just tried it and got 5 pages of various linux pages, the 1st one shows this:
            * Download Info
            * Applications
            * Distributions
            * General Info

            * Courses
            * Hardware
            * Register
            * Bookstore

            Show more results from

            No reference to any Microsoft products.
          • humor= $6 a dose

            Apparently none of you get the joke.

            frOthy2 tends to have dry wit and it takes a second to realize it.

            For example, by saying that if you type "install Linux" into Bing it will take you straight to results for Windows Volume Licensing, he's pointing out the typical spin given by sales staff.

            When you mention a competitor, they try and refocus to themselves.

            He wasn't saying it would literally takes you to search results for "Windows Volume Licensing".

            It's sad, tech sites should be filled with smarter people. At the very least, you should be able to understand simple dry wit.
          • @tmsbrdrs about humor and wit

            Yeah many people might not get the joke, for a damn good reason.

            (yes, I went to bing just to test it. It wouldn't have surprise me one bit to even get a ton of ads relating to Volume Licensing and stuff)

            There are so many people posting in bad faith, in both camps, so it's hard to make the difference between bad faith and a joke.

            Although, it was a good one :-)
          • that is bull

            i just searched "install linux" on bing and got this result page