IronPort Systems, a leading provider of enterprise spam, virus and spyware protection and a Cisco Systems subsidiary, has revealed a link between malware botnets and illegal pharmaceutical supply chain businesses that recruit botnets to send spam that promote their websites.

Updates to IronPort's 2008 Internet Security Trends Report, available at https://www.ironport.com/trends, confirmed that Storm and other botnet spam were found to be profiting from commissions offered by illegal pharmaceutical traders for online advertising of their products.

IronPort's research revealed that more than 80 percent of Storm botnet spam advertise online pharmacy brands; the spam is transmitted via a network of personal computers infected by the Storm worm Trojan using several sophisticated social engineering tricks and web-based exploits.

The report showed that spam templates; 'spamvertized' uniform resource locators; website designs; credit card processing; product fulfillment; and customer support were being provided by a Russian criminal organisation that operates in conjunction with Storm.

This criminal organisation recruits botnet spamming partners to advertise their illegal pharmacy websites, which receive a 40 percent commission on sales orders.

'Our previous research revealed an extremely sophisticated supply chain behind the illegal pharmacy products shipped after orders were placed on botnet-spammed Canadian pharmacy websites.

'But the relationship between the technology-focused botnet masters and the global supply chain organisations was murky until now.

'Our research has revealed a smoking gun that shows that Storm and other botnet spam generates commissionable orders, which are then fulfilled by the supply chains, generating revenue in excess of $150 million per year,” said Sebastien Commerot, marketing manager - Middle East, IronPort Systems.

IronPort-sponsored pharmacological testing revealed that two-thirds of shipments facilitated by the illegal pharmaceutical businesses contained active ingredients but were not of the correct dosage, while others were placebos.

As a result, consumers take a significant risk of ingesting an uncontrolled substance from overseas distributors.

Details on the Storm botnet and the connection with the supply chain can be found in IronPort's '2008 Internet Malware Trends: Storm and the Future of Social Engineering' report.

This report also identifies various methods with which malware is being used to infect host PCs to bypass security software, such as webmail spam; Google exploitation; and iFrame infiltration.

The botnets studied tied spam campaigns to current events or websites of interest, using a blend of email and the web to propagate.

Additionally, these decentralised and highly coordinated attacks enabled a variety of Internet assaults, from email and blog spam to phishing, instant messaging attacks and distributed denial-of-service attacks.

Storm malware pioneered sophisticated social engineering, affecting 40 million computers around the world between January 2007 and February 2008.

At its peak in July 2007, Storm accounted for more than 20 percent of all spam messages and had infected and was active in 1.4 million computers simultaneously.

It continued to infect or reinfect about 900,000 computers per month.  By September 2007, the number of simultaneous active computers generating Storm messages was reduced to 280,000 a day, and the total number of spam messages accounted for four percent of all spam.

Storm currently represents only a fraction of the more than 161 billion spam messages sent daily, although its variants are still active.

'Spam has progressed into organised, complex, well-funded malware efforts rivaling the operations of legitimate sof