A global spam termination operation launched by CastleCops, the volunteer SIRT Squad is comprised of folks who report spam, investigate spam, and actively work on spam takedown and termination. SIRT is funded by CastleCops. Become a SIRT Squad terminator by reporting spam today!
Generated by www.DNSstuff.com at 00:15:51 GMT on 20 Aug 2008
Server/Response
ns2.pondisblue.org [68.49.159.35]
190.188.239.91
68.49.159.35
71.239.68.234
71.80.27.161
82.119.135.214
98.215.92.189
Although it occupies only one IP address at a time, grefohlydd.com also relocates frequently among ISPs in China and
Brasil.
grefohlydd.com is one of the sites for the spam operation, "Canadian Health&Care Mall." This site and its
spam are violating US law:
* It offers medications which may not be dispensed without a prescription, including Provigil and sometimes Valium,
which are federal contolled substances, without requiring any prescription.
* Its site advertises generic versions of drugs like Viagra which are still under patent protection. Therefore, any
generics are by definition counterfeit.
* Its site includes "certificates" claiming endorsement from Verisign, The "Canadian Pharmaceutical
Association," The American Food and Drug Administration, and the "American Consumers Organization." All
of these claims are outright falsehoods and violations of these agencies' trademarks in those cases in which such an
organization actually exists. See also the BBB alert at http://www.bbbmwo.ca/commonreport.html?bid=1134034 regarding
sister site My Canadian Pharmacy.
* Viewing satellite photos of the addresses it gives for the locations of its offices in Ontario and Louisiana show
residential areas with no evidence of the existence of large buildings like those pictured on the "contact us"
page of their website. The location of the warehouse in New Delhi, India is not precise enough for Google Maps to locate
it and may be a nonexistent address. See http://spamtrackers.eu/wiki/index.php?title=Canadian_Health%26Care_Mall .
* The site displays a forged pharmacy license claiming to be issued by the state of Minnesota, USA. See
http://spamtrackers.eu/wiki/index.php?title=Canadian_Health%26Care_Mall for a response from the Executive Director of
the Minnesota Board of Pharmacy confirming that this is a forgery.
* It presents photos of people it claims are the physicians and pharmacists running their operation. At least some of
these photos have been identified as stock photos from gettyimages.com. See
http://spamtrackers.eu/wiki/index.php?title=Canadian_Health%26Care_Mall#Fake_Doctors
* There is doubt whether they actually sell anything; the website may only be collecting credit card numbers.
* It violates US law by offering drugs for sale to US residents that they may not legally import from pharmacies outside
the US, and it offers them for sale without prescription. See http://www.fda.gov/oc/buyonline/faqs.html
* It offers for sale to US residents drugs that have not been approved by the FDA for sale in the US, like
rimonabant.
* Its site offers for sale antiepileptic medications like Neurontin, Depakote, Lamictal, Trileptal, Keppra, and Topamax.
Given the documented fact that even when spamvertised pharmacies deliver medications, they are subpotent or completely
inactive about half the time, well-controlled epileptics taking these pills could have seizures while driving, causing
an accident that could kill or seriously injure themselves or others, or at very least, lead to loss of their drivers'
licenses.
* Its site offers for sale anticancer agents like casodex and nolvadex. Again, even when spamvertised pharmacies deliver
medications, they are subpotent or completely inactive about half the time. The first indication people taking these
medications would have that they are taking inactive drug would be recurrence of their cancers.
* Its site offers for sale antibiotics like Levaquin, Amoxicillin, Augmentin, Cipro, Zithromax, and Suprax. As Canadian
Health&Care Mall does not even claim to offer overnight delivery, the only reason to order these drugs without
prescription from a pharmacy that takes weeks to deliver (if it ever delivers at all), is to keep it at home "just
in case." As most people are unaware that viral illnesses do not respond to antibiotics, are not aware of which
organisms are most likely to cause which infections nor which antibiotics will cover those organisms, and do not have
the ability to perform culture and sensitivity testing to confirm empiric treatment, this practice is highly likely to
select for drug resistant organisms like CA-MRSA (community acquired methicillin resistant staphylococcus aureus, a
particularly aggressive variety of staph that causes recurrent skin boils and has a 50% mortality when it causes
pneumonia). As Cipro and Levaquin also have anti-tubercular activity, their use can select for drug resistant
tuberculosis. Extended drug resistant mycobacterium tuberculosis (XDR-TB) is extracting nearly 100% mortality in South
Africa at present.
* Its site offers for sale Coumadin, a narrow therapeutic index drug that requires very frequent blood testing to
determing the correct dose, and continued monitoring to readjust dose due to interactions with food and other
medications. The consequence of too much OR too little can be stroke or death.
* Its site offers for sale major antipsychotic medications like Seroquel, Abilify, and Risperdal. In addition to the
fact that inactive drug could cause a patient to relapse, leading to consequences like loss of employment, even if these
pills contain real medication and the correct quantity of real medication, they are only sold by prescription because
patients taking them must be monitored for possible side effects like diabetes.
* Its site offers for sale the fertility medication clomid which carries the risk of multiple pregnancy, visual
disturbances, and ovarian tumors, especially if used in excess.
* Their spam messages violate the CAN-SPAM act because they have forged "from" and "reply to"
addresses, are sent from hijacked computers without the knowledge or permission of the owners, do not include valid
information identifying who has sent the spam or how to opt out, and do not honor opt-out requests on their websites.
Addresses are collected by bots spidering the internet for email addresses.
* Sites in this spam family (My Canadian Pharmacy, International "Legal" Rx, Canadian Health&Care Mall,
Men+ Health, US Drugs, VIP Pharmacy/"Viagra+Cialis") utilize hijacked Unix servers using the tirqd trojan.
See:
http://www.spamtrackers.eu/wiki/index.php?title=My_Canadian_Pharmacy#The_tirqd_Unix_infection
* In each case in which this reporter was able to contact the person named in the whois information in the domain
registration of one of these sites, that person denied having any knowledge of his/her personal information being used
to register any domains. Some victims had already been aware of fraudulent charges on their credit cards for domain
registrations. See documentation at http://spamtrackers.eu/wiki/index.php?title=Fake_yambo_whois
In this case, I confirmed that the person whose name is used in the whois had moved to another state several months
prior to this registration, and the the phone number is a land line which she would have had to give up when she
moved.
* Spamwiki entry: http://spamtrackers.eu/wiki/index.php?title=Canadian_Health%26Care_Mall . SiteAdvisor reviews at
http://www.siteadvisor.com/sites/grefohlydd.com
Online prices for warfarin 5mg x 90 tabs (generic coumadin, a blood thinner) on 4/13/08:
Rite Aid (drugstore.com): US $35
CVS US $46
My Canadian Pharmacy US $227
The only reason for someone to order warfarin via an illegal pharmacy is to avoid having to see a doctor and get blood
tests done to obtain a prescription. Warfarin is derived from a natural compound and has a complex metabolism and many
food/drug interactions. Not only is there a very narrow range between the dose that prevents clots and the dose that
causes excessive bleeding, the dose is different from person to person and even varies at different times for the same
person. There is an extremely high risk of someone having complications like bleeding or strokes if he/she is not
getting regular blood tests to check whether the dosage needs to be changed.
SiteAdvisor review at http://www.siteadvisor.com/sites/grefohlydd.com
grefohlydd.com is currently located at IP address 200.171.244.140
but loads images from port 8080 of five of the following servers:
http://193.165.209.3:8080/e/ch/images/theme.jpg
http://62.168.101.112:8080/e/ch/images/theme.jpg
http://116.228.7.35:8080/e/ch/images/theme.jpg
http://194.107.92.211:8080/e/ch/images/theme.jpg
http://83.148.186.142:8080/e/ch/images/theme.jpg
http://84.253.77.6:8080/e/ch/images/theme.jpg
