Fraudulent Web Sites Profiting From Flu Fears

November 19, 2009 Updated: November 19, 2009

Even cybercriminals are profiting from the global H1N1 scare. British data security firm Sophos revealed this week that groups of organized Russian criminals are making millions online by selling counterfeit Tamiflu via fraudulent Web sites.

Tamiflu, a vaccine for the H1N1 virus marketed by Swiss pharmaceutical giant Roche Holding, is widely recommended by the World Health Organization as treatment and prevention of flu symptoms. Due to the scarcity of the vaccine and consumer anxiety, criminals have set up Internet stores to sell counterfeit versions of the drug.

According to Sophos, the top five countries of consumers purchasing fake Tamiflu were the United States, Germany, Canada, the United Kingdom, and France.

Sophos found a network of underground Web affiliates called the Partnerka, operating out of Russia, which generates traffic to partner sites for an agreed share of profits. Most of such Web sites market themselves as being “Canadian” to appear more legitimate to Web users.

“This year, Sophos has intercepted hundreds of millions of fake pharmaceutical spam adverts and fake pharmaceutical Web sites, promoted by affiliate members,” according to a statement by the company. “Working day and night, thousands of affiliates use criminal methods including spam, adware and malware to drive as much traffic to their partners’ stores as possible, which then sell high-profit illegal goods as part of a multi-million dollar industry.”

In its research, Sophos found that members of the affiliated network could earn more than $100,000 per day promoting fake Tamiflu.

"As there’s a very good chance the swine flu pandemic has not yet hit its peak, Sophos has issued this warning to help prevent another significant influx of cash and unwitting transfer of personal details to Partnerka affiliates," said Graham Cluley, a spokesman at Sophos.

Once a user searches for the word Tamiflu, advertisements direct them to Partnerka-affiliated online pharmacies to purchase fake versions of the drug.

“What most people don’t know is that cybercriminals have manipulated Internet search engine results to drive as much online traffic as possible to these sites,” according to a Sophos statement. The firm said that 20 percent to 40 percent of the revenue could go to organizations that promote such Web sites.