

Anatomy of a Spam Viagra Purchase - fauigerzigerk
http://www.technologyreview.com/blog/editors/26785/

======
waitwhatwhoa
Hi HN, I'm an author on this paper and would be happy to answer any questions
you might have about it. It was a huge effort by a lot of great people and a
lot of fun to do.

Here's John Markoff's writeup for the nytimes, it doesn't seem linked from the
techreview site: <http://www.nytimes.com/2011/05/20/technology/20spam.html>

~~~
Matt_Cutts
I just wanted to say that I really appreciated this research--thanks for doing
this work.

It sounds like you purchased items from email spam; have you considered doing
a similar study for items that are spamming search engines instead of email?

~~~
waitwhatwhoa
We focused on email spam because that's been our area of expertise for the
past few years. Some of these programs are well represented in SEO spam as
well - with affiliate programs like these, they don't much care how you bring
them the customer traffic as long as it arrives. We haven't, however, looked
into the programs that are exclusively advertised via SEO but it's definitely
on our list. Most of our methodology will carry over, we just have to
straighten out how to create some sort of canonical feed of SEO'd pharma
links.

I'd also like to personally thank you for your employer's generosity in
supporting this research :).

------
abofh
If Visa or MC wanted to fix this, they would merely need to issue a small
number of "fraud" cards world-wide to various people who would _only_ use it
for suspected frauds.

Instantly flag the merchant acct, bank acct, open a report, all while looking
like a legitimate sap buying from spam.

I look forward to my "Death-card, by Visa(tm)" in the mail.

~~~
911-inside_job
That would bridge the contracts Visa and MC have signed with the processing
bank.

~~~
biot
breach?

~~~
911-inside_job
Yeap, thx ;)

------
acangiano
It would have been interesting if they tested the drugs as well, to see how
they chemically compared with the domestic ones.

~~~
Mark_B
FTA: "The customers get the products they were paying for (albeit counterfeit
versions)."

They're fakes!

~~~
dhbanes
No, they're generics produced to look like the brand name version.

~~~
waitwhatwhoa
This is correct: mass spec analysis showed that the correct active ingredient
was present in roughly the same concentration in the pills we ordered compared
to the store-bought brand version of the drug.

~~~
Mark_B
Interesting to know! In my mind, counterfeit == fake == placebo. Thanks.

------
Almaviva
I'll ask the question that nobody else is crass enough to: Assuming I order
and pay, what are the chances that I get a pill delivered to me that gives me
an erection?

~~~
tantalor
The article implies that the drugs are effective.

> The customers get the products they were paying for (albeit counterfeit
> versions). If they aren't complaining, there's not immediately a reason for
> banks to intervene.

------
bemmu
I'm surprised the spammers actually sent something.

~~~
waitwhatwhoa
They basically always send something, as these are credit card transactions
and easily reversed by the customer in the case of fraud, either not getting
anything or not getting what you ordered.

------
lambada
Having read the paper I'm interested in the fact that a card issuer was
actually willing to work with you on this. Especially with providing far more
details about each transaction than a consumer can normally obtain.

Do you have any further details about this issuer and the details they were
willing to provide? Or have they asked to remain anonymous?

~~~
waitwhatwhoa
Unfortunately I can't speak directly to this. Our correlation was done using
the acquiring bank's BIN, and this information is readily available on some
normal VISA cards, and even some prepaid cards (due to the CARD act, these are
almost exclusively currently for use inside the US only). This isn't some
super secret information, the specialty issuer helped the most with creating
several one-off cards in specific values and other logistical concerns.

------
zalew
relevant: <http://modernl.com/article/how-viagra-spam-works>

