Microsoft's Bing invaded by pharmaceutical scammers

Rogue online pharmacies have found a way to exploit Bing's advertising program.According to a recently released report by KnujOn and LegitScript, 90% of the Bing sponsored pharmacy ads were rogue ones, shipping counterfeit prescription drugs, with the bogus companies participating part of larger affiliate networks like this one analyzed last year.

Rogue online pharmacies have found a way to exploit Bing's advertising program.

According to a recently released report by KnujOn and LegitScript, 90% of the Bing sponsored pharmacy ads were rogue ones, shipping counterfeit prescription drugs, with the bogus companies participating part of larger affiliate networks like this one analyzed last year.

The report also details a brand-jacking scheme allowing bogus advertisers the option to choose their own "Display URL" and a separate "Destination URL" for displaying their ads.

More findings:

  • 89.7% of Internet pharmacy advertisements on bing.com that we reviewed are operating unlawfully. (Of the other 10.3%, about half are verified as legitimate, and half are "unverified" according to our standards.)
  • The majority of Internet pharmacy ads, and all ten of the sample ads that we dissected, did not require a valid (or any) prescription. We successfully attempted a test buy in two cases, receiving drugs in both cases that appeared to come from India
  • Some of the drugs sold via bing.com ads tested positive as counterfeit
  • Most of the Internet pharmacy advertisements that we analyzed are members of affiliate networks controlled by organized crime in Russia and Eastern Europe
  • In some cases, rogue Internet pharmacies have "hijacked" a legitimate Internet pharmacy's domain name: the ad will look like it has been listed by a licensed, US-based pharmacy, but actually clicks-through to a rogue Internet pharmacy. This implies serious security holes in Microsoft's advertising program

Despite that the research clearly demonstrates systematic abuse of a search engine that's gaining momentum, it's worth pointing out that these very same scammers are investing money in ads in between their main traffic acquisition tactic in their arsenal - blackhat SEO (search engine optimization) and spam.

On daily basis, hundreds of thousands of insecurely configured web servers become part of these campaigns, next to the systematic abuse of legitimate services such as Yahoo Groups, About.com forums, Scribd, SlideShare, LinkedIn, MyYearBook, and Digg -- for starters. Collectively the traffic and sales that come from this abuse result in a positive return on investment for the scammers due to the efficient ways in which they abuse the services.

Say yes to your health, and don't bargain with it.