ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Microsoft's Bing invaded by pharmaceutical scammers

By | August 7, 2009, 12:45pm PDT

Summary: Rogue online pharmacies have found a way to exploit Bing’s advertising program. According to a recently released report by KnujOn and LegitScript, 90% of the Bing sponsored pharmacy ads were rogue ones, shipping counterfeit prescription drugs, with the bogus companies participating part of larger affiliate networks like this one analyzed last year. The report also details a [...]

Rogue online pharmacies have found a way to exploit Bing’s advertising program.

According to a recently released report by KnujOn and LegitScript, 90% of the Bing sponsored pharmacy ads were rogue ones, shipping counterfeit prescription drugs, with the bogus companies participating part of larger affiliate networks like this one analyzed last year.

The report also details a brand-jacking scheme allowing bogus advertisers the option to choose their own “Display URL” and a separate “Destination URL” for displaying their ads.

More findings:

  • 89.7% of Internet pharmacy advertisements on bing.com that we reviewed are operating unlawfully. (Of the other 10.3%, about half are verified as legitimate, and half are “unverified” according to our standards.)
  • The majority of Internet pharmacy ads, and all ten of the sample ads that we dissected, did not require a valid (or any) prescription. We successfully attempted a test buy in two cases, receiving drugs in both cases that appeared to come from India
  • Some of the drugs sold via bing.com ads tested positive as counterfeit
  • Most of the Internet pharmacy advertisements that we analyzed are members of affiliate networks controlled by organized crime in Russia and Eastern Europe
  • In some cases, rogue Internet pharmacies have “hijacked” a legitimate Internet pharmacy’s domain name: the ad will look like it has been listed by a licensed, US-based pharmacy, but actually clicks-through to a rogue Internet pharmacy. This implies serious security holes in Microsoft’s advertising program

Despite that the research clearly demonstrates systematic abuse of a search engine that’s gaining momentum, it’s worth pointing out that these very same scammers are investing money in ads in between their main traffic acquisition tactic in their arsenal - blackhat SEO (search engine optimization) and spam.

On daily basis, hundreds of thousands of insecurely configured web servers become part of these campaigns, next to the systematic abuse of legitimate services such as Yahoo Groups, About.com forums, Scribd, SlideShare, LinkedIn, MyYearBook, and Digg — for starters. Collectively the traffic and sales that come from this abuse result in a positive return on investment for the scammers due to the efficient ways in which they abuse the services.

Say yes to your health, and don’t bargain with it.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Advertisement, Pharmacy, Microsoft Corp., Scammer, Internet, Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, malware and cybercrime incident response.

Disclosure

Dancho Danchev

More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile.

Biography

Dancho Danchev

Dancho Danchev is an independent security consultant and cyber threats analyst, with extensive experience in open source intelligence gathering, and cybercrime incident response. He's been an active security blogger since 2007, and maintains a popular security blog sharing real-time threats intelligence data with the rest of the community on a daily basis. More details on Dancho Danchev's current and past professional affiliations, can be found in his LinkedIn profile. You can also follow him on Twitter

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
50
Comments
Add Your Opinion

Join the conversation!

Just In

RE: Microsoft's Bing invaded by pharmaceutical scammers
lovedong 12th Sep
Thank you for sharing,good post.I like this website! replica watches
View in thread
0 Votes
+ -
quote
xXSpeedzXx 7th Aug 2009
"This implies serious security holes in Microsoft?s advertising program"

All I can vision here is Homer Simpson slapping forehead and saying "Doh!!"

Who'd ever thought, Microsoft and Security holes, who knew. Glad I don't use Bing.


"Fraud" - Just "B(r)ing it"
0 Votes
+ -
Yeah, like Google doesn't suffer from the same problem?
Confused by religion 7th Aug 2009
How many times have you read about Google being hijacked with malware advertisers getting top ratings on Google?

Yeah, this is a Microsoft only problem... keep telling yourself that.
0 Votes
+ -
but,but,but
Intellihence 7th Aug 2009
Is not Microsoft supposed to be better? I ask you?
0 Votes
+ -
Microsoft is better than Google.
fr0thy2 7th Aug 2009
If you don't believe me, ask Microsoft.
0 Votes
+ -
Never said anything about Google...
xXSpeedzXx Updated - 7th Aug 2009
Sometimes it is better to avoid talking so as to avoid inserting foot into mouth.

Edit: And I never said that Google has never been exploited or any other search engine for that matter. Just simply stated a fact that I don't use b(r)ing...
0 Votes
+ -
RE: Microsoft's Bing invaded by pharmaceutical scammers
lovedong 12th Sep
Thank you for sharing,good post.I like this website! replica watches
0 Votes
+ -
One time while I was playing cards with an old man from Hoboken,he said
Intellihence 7th Aug 2009
bing,bing,bing,bing,bing.

You sir are a WINNER.
0 Votes
+ -
RE: Microsoft's Bing invaded by pharmaceutical scammers
Loverock Davidson 7th Aug 2009
So the exploit has been found, Microsoft will be quick to patch it and not allow this sort of thing to happen again. Its not like they were the first search engine this happened to. Oh and those illegitimate advertisements won't do any good anyway, no one clicks on those pharmaceutical ads anymore. And this only affects ads, not the search engine or a user's PC. Nothing to see here folks, move along.
0 Votes
+ -
Exactly!
maskman01 7th Aug 2009
And that is why MS is only a 2 or 3 in Project Excellence. They don't seem to learn from the past (or present).

Its groundhog day everyday.

If they could improve their PM habits then people may start expecting more from them. Expectations for Win 7 are mixed at best because of their past.
0 Votes
+ -
"Expectations for Win 7 are mixed at best because of their past."
fr0thy2 7th Aug 2009
Never a truer word said.

Even politicians and managements types are now savvy enough to see enough evidence repeated over and over again that Microsoft is just a load of hot air that has been holding the computer industry back for years and years.

The smart companies will deploy at least 50% FOSS. The FOSS staff can then take over from the mouse wielding ones and get the rest of the infrastructure reliable, efficient and future proofed of forced/surprised/unnecessary invoices.

It is happening.
0 Votes
+ -
"Mixed at best"?
honeymonster 8th Aug 2009
Microsoft is headed for a solid success with Windows 7.

The ABMers are running scared. So scared that they now have to invent "show-stopping memory leak" bugs. Which of course turns out not to be a bug at all and only shines light on the desperation and cynicism of certain "journalists". It's pathetic

0 Votes
+ -
Running scared?
zkiwi Updated - 8th Aug 2009
Why would anyone be doing that?

What's the "killer feature" that would make that even a prospect?

That and I'm still waiting for someone, anyone, to give a decent explanation of the term "decision engine." The best attempt so far has been to "define" my (now passed on) granny as the "decision engine." No one dared challenge her decisions :P
0 Votes
+ -
'Decsion engine' is the term you use when you are not #1 in search.
B.O.F.H. Updated - 9th Aug 2009
Basically, since Google is the undisputed leader in search, rather than compete as a 'search engine' (where they would be #4 currently behind Baidu and Yahoo ) (Source: Search engine market share (though other sources may have different results)) and you create a new marketing term to describe your (search engine) service. (Note: Carol Bartz claims that Yahoo! is not a search engine and may be unaware of Internet Archive which has copies of Yahoo going back to 1996 (first Yahoo page).

The marketing hype goes as follows: a decision engine ( Bing , Hunch , etc.) helps you make decisions (by returning answers to your questions thus allowing you to make a decision. Microsofts explanation is here.
0 Votes
+ -
Ok, but...
zkiwi 9th Aug 2009
I think I prefer the "decision engine" as being a strong minded granny who gives you one choice, hers! :P
0 Votes
+ -
"returning answers to your questions thus allowing you to make a decision"
fr0thy2 9th Aug 2009
So by looking at the query results presented people then should make a decision about which link to click, or is it more "advanced" and rewrites your question for you?

You can spot an MS decision engine a mile away. Type in "install Linux" and it'll take you straight to results for Windows Volume Licensing.
0 Votes
+ -
@fr0thy2 - Please stop lying.
PlayFair 10th Aug 2009
It's fine to advocate for open source. It has awesome advantages. I'm learning how to use Linux now. But when you use archaic information and/or outright lies, it really reflects poorly on the Open source community, as well as your credibility.

When is the last time you did a search for "Install Linux"? None of the links have anything to do with Windows Volume Licensing. The closest thing is a link to running Linux on Windows.

So I'm begging you, please stop.

$ sudo apt-get install truth
0 Votes
+ -
install?
levinson 10th Aug 2009
I tried that and got a list of articles on how to install linux. Nothing (on
the first page, at least) about Windows licensing.
0 Votes
+ -
Decision engine??
cbiggs99@... 10th Aug 2009
Funny; I just tried it and got 5 pages of various linux pages, the 1st one shows this:
* Download Info
* Applications
* Distributions
* General Info

* Courses
* Hardware
* Register
* Bookstore

Show more results from www.linux.org

No reference to any Microsoft products.
0 Votes
+ -
humor= $6 a dose
tmsbrdrs 11th Aug 2009
Apparently none of you get the joke.

frOthy2 tends to have dry wit and it takes a second to realize it.

For example, by saying that if you type "install Linux" into Bing it will take you straight to results for Windows Volume Licensing, he's pointing out the typical spin given by sales staff.

When you mention a competitor, they try and refocus to themselves.

He wasn't saying it would literally takes you to search results for "Windows Volume Licensing".

It's sad, tech sites should be filled with smarter people. At the very least, you should be able to understand simple dry wit.
0 Votes
+ -
@tmsbrdrs about humor and wit
Angel_LB Updated - 11th Aug 2009
Yeah many people might not get the joke, for a damn good reason.

(yes, I went to bing just to test it. It wouldn't have surprise me one bit to even get a ton of ads relating to Volume Licensing and stuff)

There are so many people posting in bad faith, in both camps, so it's hard to make the difference between bad faith and a joke.

Although, it was a good one happy
0 Votes
+ -
that is bull
JamesDoyle 15th Aug 2009
i just searched "install linux" on bing and got this result page

http://www.bing.com/search?q=install+linux&src=IE-SearchBox&Form=IE8SRC
0 Votes
+ -
Fun times...
zkiwi 7th Aug 2009
Erasing of that whole thread.

So, I guess the bit about bing being broken on two counts, allowing the ad sites to be attached and the searches being gamed to show them was a bit much.

I guess all the experience Microsoft has gained over their prior search iterations was wasted.
0 Votes
+ -
Except for your death.
doctordawg 10th Aug 2009
Nothing to worry about at all. Unless you trust corporate giant Microsoft to police their own ads, then click, buy, take, die.

Now I know all you hacker geniuses laugh at the thought of trusting MS, but 90% of the planet trusts them enough to bank with their OS.

MS is a monopoly. The MUST be broken up into separate OS/App independent companies. It's long overdue. They haven't innovated a dang thing that wasn't simply reverse engineered and copied from lesser-lawyered innovators.

Not a thing.
0 Votes
+ -
....
mojorison67@... 10th Aug 2009
No way you are really that much of an idiot.
0 Votes
+ -
Bing search results tainted
spinit 8th Aug 2009
Bing's search results tainted and not a word of it mentioned here. Nice.
0 Votes
+ -
Bing is also changing search criteria!!
bjbrock 8th Aug 2009
http://www.theinquirer.net/inquirer/news/1496589/can-trust-bing

Bing will never make the cut. This will end up costing Yahoo and MS a ton of cash and then it will be closed down like many other MS web services. This could finally be the nail in Ballmers coffin. Stockholders will finally get their fill of him throwing money out the Window (no pun intended).
0 Votes
+ -
Bing answers queries the user didn't make with MS-centric spiel!
whisperycat 10th Aug 2009
From the link in the post above -
"IT SEEMS THAT Microsoft tinkers with its Bing search algorithms to push its own marketing.

According to PC World, if you tap in the phrase "Why is Windows so expensive?" you get as a top link "Why are Macs so expensive?"

So let's get this straight. People throw queries at Bing, Bing processes them and returns a Microsoft friendly result, even if that means the original query has been completelyignored.

Bing is a great big Microsoft advertising engine! How can anyone trust such a service?
0 Votes
+ -
Results
levinson 10th Aug 2009
I tried that and got the Mac answer as #7, the top 6 were about Windows.
What did you do that I didn't?
0 Votes
+ -
The top six were also about stories
xXSpeedzXx 11th Aug 2009
from other rags with the same results. Nice try. So in reality the first related link was the "Why macs are so expensive."
0 Votes
+ -
Try again...
LeeC 12th Aug 2009
The top link was a Google "Trend" titled "why is windows so expensive". It just happens to have a "related search" (from GOOGLE) that shows as "why are macs so expensive".

The first 10 (that's TEN) have the same title as the phrase you type into the search engine.

I thought selective reading was a kids thing... obviously not.
0 Votes
+ -
According to PC World... LOL
LeeC Updated - 12th Aug 2009
Saying "According to PC World" is like saying "according to the experts on ZDNet talkback"... and trying to keep a straight face whilst doing so.

PC World are nothing but well dressed salesmen, with the technical know-how of the average road sweeper. I don't know how you can make that kind of statement and then expect anyone to take the rest of your comment seriously.

Maybe you should type the phrase into Bing (as I have just done) and see the results for yourself. Then you would realise how stupid the results expose the rest of your comments to be. (as I have just done).

In case that's too much effort on your part, the top listing is a result from Google.co.uk, that list a "related search" in the text as "why are macs so expensive". So Google returned the mac reference, not Bing.

You don't work at PC World by any chance do you?
0 Votes
+ -
Done to Google, why wouldn't it happen to MS?
ejhonda 10th Aug 2009
All of the big names are having their ad programs gamed. When things are setup simply (and cheaply) to encourage use, it's bound to happen.
0 Votes
+ -
Re: Frothy & Whisperycat
justanitguy 10th Aug 2009
Type in the search terms that they reference for yourself; don't fall for their ABM nonsense.
0 Votes
+ -
THANK YOU!
PlayFair 10th Aug 2009
That stuff sounded fishy to me, I simply search it myself. It's so easy a caveman could do it. The "Install Linux" issue was false and the reference to the Macbooks being expensive didn't show up until the second page. Not to mention, everyone knows how to use quotation marks now.

I really like a lot of the different available technologies, but when people use "facts" instead of facts, it really hurts when the truth itself would suffice.

$ sudo apt-get install truth
0 Votes
+ -
The only thing that smells fishy is Bing.
i8thecat Updated - 10th Aug 2009
http://www.pcworld.com/article/169750/bing_sear
ch_reveals_promicrosoft_results.html


http://www.chicagostyleseo.com/2009/06/is-bing-
censoring-questions-about-microsoft/

You have to read both articles (entirely) and
actually comprehend them.

In a nutshell, yes, MS programmed Bing to
deliver pro-MS results... That's what happens
when you let MS make your decisions for you.

I prefer to find what I'm looking for when I
search.
0 Votes
+ -
And Google's different??
M.W.H. 13th Aug 2009
Although Google is not (yet) selling the same products as MS, Google certainly skews the search results in a direction which favours their own long-term interests. For years SEO experts have been tweaking their websites to make sure they get top rankings and Google gets more click-through revenue as a result. What we get from Google is not necessarily the best answer to our specific question. Wake up.
0 Votes
+ -
seriously
JamesDoyle 15th Aug 2009
stop posting this garbage, and take the 30 seconds to actually punch those search queries into bing. you will find that those articles are full of crap.
0 Votes
+ -
Windows update patch for Bing LOL
Randalllind 10th Aug 2009
I think it funny they made their search like Windows so I assume they will have patches for it. LOL

I forgot never assume why?

http://www.youtube.com/watch?v=xoqUwyHseg4

0 Votes
+ -
RE: Microsoft's Bing invaded by pharmaceutical scammers
Capt_Sparky 10th Aug 2009
What's this?! A Microsoft "product" being exploited?! I don't believe it!!! Bing is a few years too late in the game.
0 Votes
+ -
RE: Microsoft's Bing invaded by pharmaceutical scammers
jemd@... 10th Aug 2009
Try that search on Bing now, and all you get is references to this thread happy
0 Votes
+ -
Bing didn't reboot after windows update.
kraterz 10th Aug 2009
Guess Bing didn't reboot their windows boxes after the weekly "security" updates? You know, the flaw that "allows attackers to take complete control over your computer"...
0 Votes
+ -
which flaw?
tmsbrdrs 11th Aug 2009
When I ran Windows over half the updates mentioned an attacker being able to take complete control over my computer.

I'm so glad I switched to Linux.
0 Votes
+ -
RE: Microsoft's Bing invaded by pharmaceutical scammers
JohnOfStony 11th Aug 2009
At least I'm free of responding to pharmacy ads. Here in the UK when you're older than a certain age, and I am, your precriptions are free! Long live the National Health Service!
0 Votes
+ -
Not surprised, after Live Spaces comment spam
cquirke 11th Aug 2009
I'm not too surprised, after my experience with link spam on my Live Spaces blog. My blogs at WordPress and Blogger don't have the same problem; a combination of Capcha, moderation for messages with links, and possible pre-screening make it more manageable.

As it is, I had to disable comments at the Live Spaces blog, and I've pretty much abandoned it.

This sort of spam thing can happen to any search service, especially in the early stages - the thing to watch, is how quickly and effectively Bing can block it. We're used to Google search, and Bing's claim is something like "fewer but better results". Large wads of fake pharma isn't that.

0 Votes
+ -
LOL, it's typically Microsoft!
minardi 11th Aug 2009
What else would you expect. So so funny.
0 Votes
+ -
RE: Microsoft's Bing invaded by pharmaceutical scammers
sykandtyed 12th Aug 2009
They attack mostly greedy people who expect to be able to buy Viagra 75% off. Instead of getting stiff, they get stiffed. I do feel sorry for the eldely, who have a limited income, and bargain medication seems like a good idea.
0 Votes
+ -
RE: Microsoft's Bing invaded by pharmaceutical scammers
JamesDoyle 15th Aug 2009
why would people buy medication online anyways?
0 Votes
+ -
RE: Microsoft's Bing invaded by pharmaceutical scammers
pillso@... 25th Nov 2009
amazing story


http://rx1-onlinepharmacy.com/
0 Votes
+ -
RE: Microsoft's Bing invaded by pharmaceutical scammers
JarnoM 12th Feb 2010
Great story about Microsoft's Bing invaded by pharmaceutical scammers!
But yoy are wrong!
http://godpharmacy.com/
http://online-pharmacy-no-prescription.biz/
0 Votes
+ -
RE: Microsoft's Bing invaded by pharmaceutical scammers
birumut Updated - 29th Apr 2011
Well done! Thank you very much for professional templates and community edition
seslisohbet seslichat

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix