Baron i

CSC 385-001 Essay 5: Outline

Thesis: Spam is dangerous through the it encloses and the rogue pharmacy business it works through, but users can work to avoid the dangers of the spam cybercrime world.

I. Dangers of spam

A. Definition of spam

B. Malware

1. “Dirty spam tricks”

a. Letter bombs

b. Worms

c. Mail bombs

2. Common acts of hate

C.

D. Rogue pharmacies

1. Dangers of making purchases

a. Motivation for buying

b. Drug sources

c. Lack of investigation

d. Ephemeral websites

2. Dangers when not making purchases

II. Avoid dangers

A. Prevent spam

1. System updates

2. password Baron ii

3. Anti-spam activists

a. InboxRevenge.com

b. Backlash

B. Evade rogue pharmacies

1. Inaccurate judgments

2. Consumer education

Conclusion: Spam is a concerning danger of using the Internet. It can damage people’s computers through viruses and worms, and it allows malicious hackers to gain access to personal computers and use them as “botnets” for collecting plenty of information. This information can then be passed onto the online rogue pharmacy business, from which purchasing is a risk in itself. A couple measures to prevent spam are keeping systems and software updated and having a separate email password. Also, people can become educated to make good judgments in whether or not to purchase from an online – and potentially dangerous – pharmacy. Baron 1

Jessica Baron

Dr. Eric Patterson

CSC 385-001

13 April 2015

You Got Spam: The Dangers of Spam and How to Prevent Them

“Get medications without prescriptions,” “Please I Need Your Help,” and

“Complimentary laptop for you” may suspiciously appear in Internet users’ email inboxes.

These messages mean trouble by the name of “spam.” The appearance of online spam has increased as the use of computer technology, particularly the Internet, has been becoming more and more prevalent in society. Spam is dangerous through the malware it encloses and the rogue pharmacy business it works through, but Internet users can work to avoid the dangers of the spam cybercrime world.

Dangers come along with online spam through malware, and spam leads to business for rogue pharmacies. First of all, T. L. Aardsma, in the article “Spam: Know the Lingo,” defines

“spam” as “an unsolicited mass distribution of any kind,” which is often seen through email but can also describe some web pages and posts (Aardsma 10). The networking equipment company

Cisco has a webpage on its online site explaining what malware is; its name is short for

“malicious software” or code, and it is designed to damage or steal people’s data and networks

(Cisco 2015). Most malware comes from when a user clicks on an email attachment, likely sent as spam, and common types of malware are viruses, Trojans, and worms. “Dirty spam tricks,” as

Aardsma dubs malware, exist, such as the letter bomb, worms, and the mail bomb. Letter bombs, also called “Trojan horses,” carry malicious viruses through legitimate-looking email, which can damage people’s computers (Aardsma 10). Viruses insert themselves and become a Baron 2 part of the programs they will damage (Cisco 2015). Worms are similar to computer viruses but do not need a host program. They are often contained in email attachments, and, when opened, they send themselves to all of the email address’s contacts, spreading exponentially (Aardsma

11). Mainly in the early age of the Internet when dialup was common and email providers did not have as many spam filters, hackers would use mail bombs to overload a mail server through masses of containing huge attachments each (Aardsma 10). A troubling find in addition to the spam work of professional hackers, though, is when conducting searches through engines like Google and DuckDuckGo on the phrase “spam email bomb,” about half of the first page results that appear advertise how to spam a person that someone “hates” with email bomb spam.

The concept that common Internet users, people who are likely not professional hackers, are looking for ways to spam other people reflects a troubling online anonymous and malicious attitude that is more and more common of today’s Internet.

Spam messages can be quickly and dangerously spread through robot networks.

Investigative journalist and cybersecurity expert Brian Krebs uncovers the operations of spamming in his book Spam Nation: The Inside Story of Organized Cybercrime-from Global

Epidemic to Your Front Door. Krebs describes how computer hackers use “botnets,” which are robot networks consisting of hacked personal computers – called “bots” – that are infected with malware that allows attackers to use these systems from afar (Krebs 2). Cisco also explains on its security webpages that malicious “bot” malware infects hosts and returns connection to central servers that control all of the infected bots (Cisco 2015). The hackers who run botnets make sure to be ahead of antivirus attacks and grow their systems like parasites (Krebs 4).

Cisco also supports this idea by describing them as “versatile” as they are quickly modified to gain the most control over infected systems. Also, they are hard to detect as spam as the hackers Baron 3 find ways to avoid immediate notice (Cisco 2015). These hacked networks are used for gathering contact information for cyberpharmacies, and they also allow criminals to take personal information from victims’ computers such as credit card information (Krebs 10). Like worms, bots can exponentially spread themselves to other machines, and they can also perform additional dangerous tasks such as keeping logs of user keystrokes and gathering user passwords and financial information (Cisco 2015).

Rogue pharmacies are established as a large online business connected to spam, and this industry presents dangers of its own beyond the problems spam itself already creates.

Purchasing drugs from the online rogue pharmacies advertised through spam can be very dangerous, but US citizens are the majority of buyers. People who purchase from online spam pharmacies have several core motivations for buying the spam pills: price and affordability, confidentiality, convenience, and recreation or dependence (Krebs 59-60). The drugs sold through the online spam pharmacies are much more affordable than legitimate prescription drugs, as the US has the highest prescription drug prices in the world (Krebs 61). Buyers may also want their purchases to be confidential due to embarrassment in needing those pills.

Purchasing online in such a manner is also convenient as no doctor prescriptions are required, and people who rely on the drugs can continue to buy them without limit.

Using the pills bought through these online spam sources is risky and dangerous, though.

The spam pharmacies, the largest of which are based in Russia and are often competing with one another in the cybercrime world, are constantly switching their suppliers, acquiring the drugs from whatever source may be the cheapest at the time, most sources coming from India or China.

Sometimes the drugs may do as expected; on the other hand, the ordered drugs may be contaminated and lethal (Krebs 79). They may also have side effects, and the pharmacies do not Baron 4 give any warning to buyers (Krebs 82). If customers complain about the pills they purchase, the rogue pharmacies are quick to reimburse the payment in order to avoid legal attention. That action, though, would not reverse illness or death caused by the drugs, so consumers need to be aware of the risks they take.

Although rogue pharmacies put forth these dangers, the US government and legitimate pharmaceutical companies show a lack of effort in investigating the spam pharmacies. The pharmaceutical industry does not want to test the drugs from the spam pharmacies only to find that there may be nothing wrong with the pills that are sold for a much cheaper price than the ones on the legitimate market (Krebs 96). Also, the rogue pharmacies are evasive. In a peer- reviewed article in the Journal of Medical Internet Research, Lana Ivanitskaya, Jodi Brookins-

Fisher, Irene. O Boyle, Danielle Vibbert, Dmitry Erofeev, and Lawrence Fulton, all PhDs, study illegal rogue pharmacies. They describe that online rogue pharmacies sell their products through strategies that reach the consumers directly, namely through email spam messages with Web links. The websites the links send consumers to are “ephemeral” and very difficult to track down, as most of the sellers tend to deactivate the links in the spam emails sometime from a week to a month after delivering the emails (Ivanitskaya, Brookins-Fisher, O Boyle, Vibbert,

Erofeev, and Fulton 2010).

Dangers still exist even when users do not make purchases from online rogue pharmacies but still gain spam email. Users may not look into the pharmaceutical advertising spam emails, but, by having received the spam messages initially, their information has already been used for one rogue pharmacy; it can very well be up for grabs for others in the spam industry. If a hacker does not take advantage of users’ information, he or she can make money by selling it in the cybercrime world (Krebs 234). Also, spam pharmacies can collect large amounts of information Baron 5 from consumers upon request at purchases (Ivanitskaya, Brookins-Fisher, O Boyle, Vibbert,

Erofeev, and Fulton 2010). This information will likely be passed onto other spammers following the drug purchases.

Internet users can avoid the dangers of spam and rogue pharmacies through preventing spam as much as possible and evading the online rogue pharmacies. People can take measures to prevent spam, and some people fight spam as anti-spam activists. One means of being proactive against spam is maintaining system updates. Cisco advises for people to keep computer operating systems and up-to-date, making sure all of the newest patches and fixes are applied, as spamming, in a parasitic manner, adapts to and breaks through current systems (Cisco 2015).

Another measure concerns email passwords, and users should make sure to be especially careful with their email security. People may often use the same password, or variants of the same password, for multiple websites, but they should at least have an entirely separate email password. Spammers who have control over users’ emails can reset any account password to online services that are hooked up to those emails, including credit card websites (Krebs 233). If one non-email online account is hacked and the same user’s email account has a different password than the hacked account, it will be more difficult for the hacker to gain control of the email account too. Control of the online account does not mean control of the email account as long as the hacker cannot gain access through, for instance, using the same password for the email as for the secondary online account.

Some people are anti-spam vigilantes, working to thwart big junk-mail operations (Krebs

173). As an example, one anti-spam organization, InboxRevenge.com, fights the spam industry by sending thousands of fake pill orders to online spam pharmacies daily to slow the companies Baron 6 down, as they would have to filter through what are real orders or not (Krebs 174). The cybercrime world, though, is quick to fight against such anti-spam offenses and take down anti- spam software, which startlingly shows that the spam companies have digital weapons that are readily available (Krebs 182).

In addition to avoiding and preventing spam messages overall, people should also prevent dangers of purchasing drugs from rogue pharmacies. The rogue pharmacy study unfortunately shows that university students make inaccurate judgments on online health information, and the researchers found that the people who spent more time using the Internet and general search engines for information have more difficulty in judging the legitimacy of online pharmacies

(Ivanitskaya, Brookins-Fisher, O Boyle, Vibbert, Erofeev, and Fulton 2010). To counter this poor judgment, consumer education is important in preventing dangers that result from buying pills online, especially from spam-linked websites. For example, the FDA released a consumer update named “The Possible Dangers of Buying Medicines Over the Internet,” which informs consumers on what to look for in trustworthy online pharmacies: a US location, a pharmacy license, full contact information, and prescription requirements (qtd. in Ivanitskaya, Brookins-

Fisher, O Boyle, Vibbert, Erofeev, and Fulton 2010).

Spam is a concerning danger of using the Internet. It can damage people’s computers through viruses and worms, and it allows malicious hackers to gain access to personal computers and use them as “botnets” for collecting plenty of information. This information can then be passed onto the online rogue pharmacy business, from which purchasing is a risk in itself. A couple measures to prevent spam are maintaining systems and software updates and having a separate email password. Also, people can become educated to make good judgments in whether or not to purchase from an online – and potentially dangerous – pharmacy. Baron 7

Works Cited

Aardsma, T. L. "Spam: Know the Lingo." Inside the Internet. 9.6 (2002): 10-11. Print.

Krebs, Brian. Spam Nation: The Inside Story of Organized Cybercrime-from Global Epidemic to

Your Front Door. Naperville, IL: Sourcebooks, Inc., 2014. Print.

Ivanitskaya, Lana, Jodi Brookins-Fisher, Irene. O Boyle, Danielle Vibbert, Dmitry Erofeev, and

Lawrence Fulton. "Dirt Cheap and Without Prescription: How Susceptible Are Young Us

Consumers to Purchasing Drugs from Rogue Internet Pharmacies?" Journal of Medical

Internet Research. 12.2 (2010). Print.

“What Is the Difference: Viruses, Worms, Trojans, and Bots?” Cisco Security Intelligence

Operations. Cisco, 2015. Web. 12 April 2015.