Notorious Kiwi pill spammers slapped with fine

Herbal King dethroned


A gang of notorious spammers from Christchurch, New Zealand have been hit with fines in the first prosecution under the country's anti-spam laws.

Shane Atkinson was fined $71,870 (NZ$100,000) while his partner-in-spam Roland Smits was ordered to hand over $35,915 (NZ$50,000) after the duo were convicted of sending out millions of spam emails selling penis enlargement and weight loss pills under the brand name Herbal King.

Atkinson's brother Lance, who lives in Queensland, Australia, avoided a trip to jail after confessing his involvement in the scam and agreeing to pay $71,870 (NZ$100,000) plus costs. The case over violations of New Zealand's Unsolicited Electronic Messages Act in 2007 was dealt with by the High Court in Christchurch.

The gang hid their tracks by sending the spam from New Zealand, while maintaining knock-off pharmaceutical production and distribution facilities in India and registering their firm in Mauritius. This elaborate camouflage and misdirection approach came unstuck after a Danish anti-spam activist hid code in an order form that tracked the progress of an order across the web, 3 News New Zealand reports.

The Herbal King spammers, who at their peak ran the "largest pharmaceutical spamming operation in the history of the internet", were also the target of a US Federal Trade Commission enforcement action involving the seizure of assets and bank accounts.

It's hard to imagine that the modest fines imposed on the gang in New Zealand are any more than a small fraction of their illicit income.

Nevertheless, a NZ government statement on the case, Internal Affairs Deputy Secretary Keith Manch said enforcement of local anti-spam laws would stop New Zealand becoming a spammer’s haven.

"Operation Herbal King is a major success for the Department and its small Anti-Spam Compliance Unit," Manch said. "Following the passing of the UEM Act, we entered into international agreements to share information about spamming and pursue cross-border complaints."

More details of the Herbal King gang's spamming tactics, which included the use of botnets and so-called bulletproof hosting, can be found in a write-up by anti-spam organisation Spamhaus here. The group (whose activities earned it a place on Spamhaus's ROKSO list of the world's most prolific spammers) also dabbled in luxury goods and porn as well as pharmaceutical spam. ®

Similar topics

Broader topics


Other stories you might like

  • Enemybot botnet uses Gafgyt source code with a sprinkling of Mirai
    Keksec malware used for DDoS attacks, may spread to cryptomining, Fortinet says

    A prolific threat group known for deploying distributed denial-of-service (DDoS) and cryptomining attacks is running a new botnet that is built using the Linux-based Gafgyt source code along with some code from the Mirai botnet malware.

    The group Keksec (also known as Nero and Freakout) is using the fast-evolving Enemybot to target routers from vendors like Seowon Intech and D-Link and is exploiting a remote code execution (RCE) vulnerability (CVE-2022-27226) discovered last month in iRZ mobile routers, according to a report this week by Fortinet's FortiGuard Labs team.

    Keksec is using the Enemybot malware as a classic botnet, rolling up compromised Internet of Things (IoT) devices into a larger botnet that can be used to launch DDoS attacks.

    Continue reading
  • Emotet reestablishes itself at the top of the malware world
    Botnet infrastructure shut down last year, now central to a fast-spreading email scam, researchers say

    More than a year after essentially being shut down, the notorious Emotet malware operation is showing a strong resurgence.

    In a March threat index, Check Point researchers put the Windows software nasty at the top of its list as the most widely deployed malware, menacing or infecting as much as 10 percent of organizations around the globe during the month – a seemingly unbelievable estimate, and apparently double that of February.

    Now Kaspersky Labs says a rapidly accelerating and complex spam email campaign is enticing marks with fraudulent messages designed to trick one into unpacking and installing Emotet or Qbot malware that can steal information, collect data on a compromised corporate network, and move laterally through the network and install ransomware or other trojans on networked devices.

    Continue reading
  • Microsoft-led move takes down ZLoader botnet domains
    That should keep the criminals offline for, well, weeks probably

    Microsoft has announced a months-long effort to take control of 65 domains that the ZLoader criminal botnet gang has been using to spread the remote-control malware and orchestrate infected machines.

    The tech giant's Digital Crimes Unit obtained a court order from a US federal judge in Georgia to take down the domains, which are now directed to a Microsoft-controlled sinkhole so they can't be used by the malware's masterminds to communicate with their botnet of commandeered Windows computers.

    From what we can tell from the filings submitted by Microsoft to the courts, its justification for the seizure is that ZLoader used the domains to injure the Windows giant as well as residents of the US state and commit computer fraud, infringement of Microsoft trademarks, and other illegal activity. The trademark infringement being that at least one of the domains was used for a website that featured Microsoft trademarks in an attempt to masquerade as a legit Redmond site, and also references in phishing emails to Microsoft-trademarked programs, such as Excel.

    Continue reading
  • Attackers exploit Spring4Shell flaw to let loose the Mirai botnet
    Trend Micro says vulnerable systems in Singapore have been compromised

    There has been a land rush of sorts among threat groups trying to use the vulnerability discovered in the open-source Spring Framework last month, and now researchers at Trend Micro are saying it's being actively exploited to run the Mirai botnet.

    Mirai is a long-running threat that has been around since 2016 and is used to pull smaller networked and Internet of Things (IoT) devices, such as IP cameras and routers, into a botnet that can then be used in such campaigns as distributed denial-of-service (DDoS) and phishing attacks.

    The Trend Micro researchers wrote in a post that they observed the bad actors weaponizing and run Mirai malware on vulnerable servers in the Singapore region via the Spring4Shell vulnerability, tracked as CVE-2022-22965.

    Continue reading

Biting the hand that feeds IT © 1998–2022