The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Thursday, March 30, 2006

National spam news

TechCrunch's Michael Arrington has written an article about how Plaxo has reformed (at least somewhat), and have made it harder for their user base to accidentally spam everybody they know with ads for Plaxo. See his post Plaxo: Now With Less Evil. PC World also has an article: Plaxo Ends Annoying Update Spam.

Computer World reports that Jumpstart Technologies of San Francisco has been heavily fined under the CAN-SPAM act. Jumpstart would give free movie tickets to people in exchange for the names and email addresses of five soon-to-be-ex friends. Those friends would then receive forged email advertising appearing to come from the original friend. Read the complete Computer World article: Marketer hit with $900,000 spam fine. This is a record fine, according to various media covering the story. PC World also has a story.

It looks like Blue Frog security got a shot in the arm this week. Spam King reports that a major spamware manufacturer has added built-in Blue Frog compliance. See Spamware vendor integrates anti-spam service. I first wrote about Blug Frog in January. Blue Frog has been the subject of a great deal of discussion in anti-spam circles, with a lot of folks objecting to their operating model. Me, I'm willing to give them a shot, see if they might actually be successful.

The news.admin.net-abuse.email newsgroup reports that the NRA has begun spamming. See netnews thread Mainsleaze: NRA. It's not yet clear how serious this is; there have not been very many complaints, and there's some suggestion that the spam is only to NRA members (which makes it not really spam in my opinion.)

New anti-spam service: Forward your spam to TattleMail, and they'll analyze the headers for you and find "the person holding the 'wire snips' to a given spammer’s Internet connectivity". Cost is $1/month, implying the service is very well automated.

From the MIT spam conference: Phillip Raymond, CEO of Vanquish, Inc proposes that email be sent with a 5-cent bond (presumably ecash). If the recipient accepts the email, the nickle goes back to the sender. Otherwise, the recipient keeps it. This should make spamming too expensive for the spammers. See Email Battles article Another plan to charge for spam. This proposal is not a new one. See the FUSSP page for hints as to why this won't work.


Quickies:

Vox: Email Marketers 'Shockingly' Unaware of CAN-SPAM

Government Computer News says that 11% of all email traffic is misdirected spam bounces, and that this may be the next big spam threat.

Email Battles reports on the Junk Fax Prevention Act, nicknamed "CAN-FAX". The proposed bill relaxes restrictions on junk faxers, but bills itself as an anti-junkfax law.

The Oregon Food Bank reports that scammers are sending cell phone text message spam claiming to be OFB and soliciting donations. See KATU report.

The CAN-SPAM act says you can opt out of a spammers email list, but allows the spammers to set their own opt-out procedure. InfoWorld has an article about how 3Com's opt-out procedure requires, among other things, that you opt in.

Security Pro News reports a three-fold increase in child porn spam.

Monday, March 27, 2006

On web-bug protection in web mail

ShareWonders.com has a short post entitled How Spam Circumvents ‘Image Off’ features In Web Mail describing a new* technique for displaying web bugs despite the user's privacy preferences.

A web bug, for those not familiar with the term, is an image link embedded in an email. Html-aware news readers will fetch the image from a remote server when you read the message. The image link has specific information in it which will reveal to the image server exactly who it was that fetched the image. Web bugs can be used to validate email addresses, as well as a number of other privacy-violating purposes.

Some email clients and web mail servers, such as GMail, will inhibit these embedded image urls in order to protect your privacy. Typically, you'll see a message above the email that says somethng like "[This email program] has suppressed remote images to protect your privacy; click here to see images".

If you don't have an email client which suppresses remote image loading, your email address is likely to receive more and more spam as spammers get confirmation that it's valid.

The best ways to protect yourself are to only view messages as plain text, don't view messages from people you don't know (very hard, since some email comes from viruses running on your friends' machines), or to switch to an email client with the image-suppressing feature.

The supposed new technique described by Share Wonders, is to simply encode portions of the image tag in unicode, causing the web mail client to fail to recognize the tag as an image tag. It is doubtful that this technique works, and it's known not to fool GMail.

In many cases, the spam will contain the image data embedded right in the body of the email. These images will be displayed with or without web-bug suppression, but they're harmless. Since viewing them doesn't involve fetching anything from a remote server, they don't compromise your privacy.

For a good discussion, see the comments in the Share Wonders thread.

The other shoe drops: Spitzer goes after Gratis

Last week, I wrote about the agreement by Datran Media Corp to pay $1.1M in fines for spamming to a dirty email list sold to them by Gratis Internet.

Well, as expected, NY Attorney General Eliot Spitzer has filed suit against Gratis for violations of their privacy policy in selling the list to Datran. See Reuters article Spitzer sues Web marketer Gratis for privacy breach.

Saturday, March 25, 2006

World spam news

c|net reports that Microsoft is going to start going after phishers who target Microsoft sites such as MSN or Hotmail. According to the article, Microsoft has helped take down over 4,744 phishing sites worldwide, and filed more than 117 lawsuits against phishers in U.S. courts. It should be interesting to see how they do in the international arena. Full story at c|net: Microsoft to fight phishers in Europe.

More from The Register, which reports that Microsoft is cracking down on phishers. There are cases against phishers in Turkey, France, Spain, Morocco, the UK, Germany, Austria, Egypt, and Sweden. Full story: MS lawsuits aim to reel in phishers.

ZDNet Australia reports that the Spam Act of 2003 has had a significant effect on spam originating from Australia, causing Australia to drop from 10th to 23rd place on the international spam list. Full story: Anti-spam legislation effective, claims ACMA. Note the prominant mentions of Telstra.

ICANN is meeting in New Zealand this week. Communications Minister David Cunliffe opened the conference with a call for international agreements to combat email spam. Read The Age article NZ seeks agreement to fight net spam for more.

Claria exiting adware business

From the "what alternate universe did I stumble into?" department, Spam Daily News reports that Claria is exiting the adware business. I mentioned this to a fellow tech-nerd as I was typing this, and she immediately asked the first question that had come to my mind too: "What are they going to do now?" I mean, scumware is all they know.

Looking forward to seeing if this is for real, or like Sanford Wallace, they'll just reappear in another evil guise.

See also: Slashdot discussion.

Thursday, March 23, 2006

Stolen iBill subscriber information used to generate custom phishes

Something new crossed my desk last night: Neil Schwartzman, a long-time anti-spam activist, reports that credit card and other personal information stolen from credit card processor iBill is now turning up in customized phishing attempts.

iBill first gained attention in the late 1990's as the credit card processor of choice for porn spammers. The problem became severe enough that they were listed by the MAPS RBL in 1998 and again in 2000.

Earlier this month, WiReD magazine reported that iBill had leaked seventeen million customer records. Leaked information included names, phone numbers, addresses, email addresses, logins, passwords, and even IP addresses. Indications are that this was an inside job rather than the work of an external cracker. The information is now available on the internet, being bought and sold in a spammers' and fraudsters' black market.

A later story in WiReD indicated that iBill was innocent after all: iBill president Gary Spaniak Jr. claims that iBill cross-referenced the stolen information against their own database and only found three matches out of seventeen million.

However, new information indicates this may not be the case after all.

Neil reports that on Monday he received a phishing attempt that contained personal information intended to convince him that the phish was legitimate. In this particular case however, the information had been tagged when it was submitted, and thus we know it could have only have come from iBill.

From: Bankone Online Security
Reply-To: Bankone Online Security
To: NEIL SCHWARTZMAN
Date: Mar 20, 2006 9:35 AM
Subject: Online Activity Verification

Dear NEIL SCHWARTZMAN,

We are committed to protecting you, with the latest technology to keep
your details secure, and dedicated teams to monitor online activity
and intercept any suspicious actions. And we do everything we can to
protect our online customers, but the steps we take can be much more
effective if you work with us to protect yourself.

03/20/2006 our security system detected an unsuccessfull access
attempt to your online account from Ip address 81.190.253.29 that does
not correspond to your current address:

123 Main Street
Montreal, QC
H4A 2X7

Please click here to confirm your current address or change it online.

If you do not confirm your address until 03/23/2006 your account will
be SUSPENDED for security reasons and we will send you an Activation
Code by post which you will need to renew your online banking service
access. You will receive this within seven days if your current
address is not confirmed.

Sincerely,

Bill Clark
Online Security Team
[Some identifying information removed.]

It could be hard for many people to resist a phish so directly targeted. It's important that the word get out before too many people get taken in.

Oh, and if you used the same login and password to sign up on that porn site that you used for your World of Warcraft* account, well, sucks to be you. That priceless +5 sword of smacking? Gone.

Wednesday, March 22, 2006

Pharmacy spammer plots to kill witness

The Associated Press reports that Christopher William Smith, AKA Rizler, in jail on drug and other charges has now also been charged with plotting to intimidate or kill a witness. For the full story, see Former Internet pharmacy owner faces new felony charges

Labels:

Adware: Following the money

The Register has an interesting article about a report by the Centre for Democracy and Technology, which has tracked adware back to the people who pay for it: Adware backers named and shamed.

The report (pdf) describes in some detail the interconnections between advertisers, advertising agencies, affiliates, adware vendors, and software vendors. The report runs ten pages long, including charts, and is well worth reading. In short, the network of advertising and adware resellers can become so long and complex, that an advertiser has little chance of even knowing that they paid to have scumware installed on consumers' computers, let alone finding out who was responsible.

The worst malware vendor of the lot seems to be 180solutions (I wrote about them in January).

As a case study, CDT contacted eighteen companies that advertised with 180solutions in regard to their advertising policies. CDT received responses from eight: five had adware policies but were advertising with 180solutions anyway (probably unknowingly). Two established adware policies in response to their contact with CDT. One terminated its relationship with 180solutions upon seing the CDT report. Netflix was one of the five; they assured CDT that the ad served by 180solutions had been unique and random, but CDT found three more examples.

CDT did not receive responses from True.com, PerfectMatch, Club Med, LetsTalk.com, uBid, ProFlowers, NetZero, PeopePC, Altrec, or Waterfront Media.

Google used as a URL cloaking device in phishing

This just came across my desk: Phishers are using urls in the form "http://www.google.com/=url?q=http://www.climagro.com.ar/agro/chase.htm" to obfuscate URLs and/or help the spam get past the spam filters. Google has been informed of the problem.

Note that as of this writing, the spammed URL is still up. This url is hosted on a site that was probably hacked into -- a common use for zombie computers is as temporary hosting for spammer's web pages.

In this particular case, the site in question is a simple meta redirect to another site in India (for a total of two levels of indirection.) It looks like this site also was hacked by the phisher.

The "login confirmation" page was a php script that seemed to return nothing useful when executed without cgi arguments, so I lost the trail there. Clearly there would have been at least a third level of indirection when the phished data was sent on to the phisher, but without more time and/or access to the php source, I can't tell where that is.

Update (23 Mar): I got one of these myself today. First redirect goes to "jTrue Technologies" in Shanghai, China. I have notified them; let's see what they say. Data was handled via php as before, so without the source code, I couldn't go any further.

Here's a thought about what Chase and other phishing victims could do: Most of these phishing sites grab icons and other media directly from the victim sites. Perhaps Chase et al could pay attention to the referrer address when serving up icons. Any reference from outside of their own site should sound an alert.

Update #2 (23 Mar): I spoke to Google security about the redirect issue. They know about it, and have some ideas on how to stop it. They admit it's a common problem (and certainly not specific to Google), but a non-trivial one to solve. Any site that has redirects is vulnerable to this kind of abuse.

National spam news

IT Backbones reports that there were 125 Million Pharmaceutical Spam Emails Sent Using Botnets. This may be a record, and as such is very troubling. Raise your hand if you didn't get one. I probably got 50 to 100 myself.

Cisco claims to have a solution to cell phone text messaging spam. The article "Cisco Promotes SMS Spam and Fraud Prevention Solution", in Telecommunications Industry News was fairly thin on details. Let's hope they're on to something.

Technology Evangelist has a couple of good articles on blog comment spam: How to Combat Blog Comment Spam and Our Comment Spam Prevention Keyword List.

Florida Senator Gwen Margolis is sponsoring a bill that would block the public from seeing government email addresses, nominally in an attempt to protect government workers from spam. However, this would violate the Florida constitution which protects access to public records. To quote Barbara Peterson, president of the not-for-profit First Amendment Foundation: "She wants to change the constitution to prevent spam?". Full article at the Tallahassee Democrat: Government e-mail: How private? Hey, here's an idea: why not outlaw spamming in Florida and protect the rest of us too?

Beware: "My Best Photo" virus

I've gotten several of these over the past few days, so I thought I'd give a quick heads-up just in case it helps one less person get infected.

If you get an email from yourself, wanting to share your best photo, and containing a zip file, here's a hint: Don't click on it.

OK, I really didn't have to say that, did I? Well, I'm sure somebody is clicking on it, otherwise, why would I be getting so many copies? If it's not obvious, the attachment is a virus. A crudely-packaged one too, as far as I can tell. Not being a windows user myself, I don't know if you need to actually unpack the zip file and execute the enclosed batch file manually, or there's some automation.

I'm sure this has been thoroughly documented at some of the anti-virus sites, but I thought I'd give it a quick mention.

Tuesday, March 21, 2006

Today's court hearing in the computer crime case

I had my second court hearing today; this time in the Sierra vs Ritz & Falk case. It dragged on forever, and will have to be continued until another day.

There are a couple of issues that pertain to jurisdiction. The first is: what, if any, contacts I made with North Dakota, and the second is: was I involved in a conspiracy with David Ritz to illegally obtain DNS data from Sierra.

We had hoped that Judge Racek's decision on the first issue would be taken as precedent by Judge Irby, and we could limit ourselves to the issue of conspiracy. Unfortunately, it was not to be the case, and so we had to settle in for the long haul.

Most of what Harristhal talked on the contacts issue about was the same as before. He still won't give up on the "inner-circle" mailing list. He also asked me if I considered myself a hacker or had ever called myself a hacker on the internet. I said no, and he triumphantly pointed to my art.net web page, which is listed under "hacker artists" at art.net. I had to explain that the original definition of hacker meant a very clever programmer. I also pointed out that I did not call myself a hacker on that web page, but that the owner of art.net had chosen that designation.

Harristhal sprung another surprise on me: He asked me if my web site has cgi scripts. Well, yes it does; if you click on a header in a spam report, a cgi script extracts the one header you selected and returns it as a web page. Amazingly, Harristhal insists that the use of cgi scripts makes a web site interactive. That came from so far out in left field that I was left stunned for a moment. Unfortunately, because John Levine was sequestered while I testified, during his cross examination by Harristhal, he had no idea what Harristhal was talking about.

Anyway, the fun really began when my lawyer, Kelly Wallace (of Wellborn & Wallace) started quizzing Brad Allison, Reynolds' sysadmin. Under questioning, Allison admitted that DNS transfers are ordinary network operations. He also asserted that he didn't know what port 25 is, or whether or not you can telnet to a mail server. This probably makes him the world's most incompetent sysadmin. As the questioning got closer to having Allison admit that doing a DNS lookup is not, in fact, against the law in any way, Harristhal popped up and started objecting like crazy. He kept insisting that this was not relavent to jurisdiction. Kelly Wallace insisted that it was, for the obvious reason that if there's no crime, there's no conspiracy. And then Harristhal was like "hey, that's not fair, we had no idea you guys were going to bring this up. This is trial by ambush; you guys gave us no indication you were going to do this", and we're all "Nuh uh, look in the affidavits, both Falk and Levine mentioned this", and then the judge is like "Yeah, I'd like to hear this too", and now Harristhal is all "But I gotta plane to catch in an hour, and I need more expert witnesses".

Well, maybe the dialog didn't go exactly like that, but I'll have a court transcript as soon as I can. Anyway, it was a real shame that we didn't get to finish this just when it was starting to get interesting.

So the upshot is that the hearing has been continued to a later date and I have no idea when we'll finish. Harristhal is going to find expert witnesses (apparently he's realized that putting Allison on the stand wasn't such a good idea) to explain what DNS is, and probably to explain what a "hacker" is. Now I need to come up with more expert witnesses of my own and maybe buy plane tickets out there.

In other words: To Be Continued.

Labels: , , ,

Sunday, March 19, 2006

World spam news

Red Herring has another article about China's drive to crack down on spam: China: Farewell, Spam!

Interesting insight in the article: "One reason China has become such a big spam haven? More than 90 percent of the software used in China is pirated, leaving computers more susceptible to hackers who can turn them into 'spam zombies.'

Got my first IRS phish today. Or at least the first to slip through my spam filters. Now I don't feel so left out anymore. Headers indicate it came from RoadRunner. Link takes you to interbusiness.it. No redirects, not even a token attempt at disguising the URL. Kind of insulting, really. Other spam fighters have identified IRS phish sites in China and Australia.

The Sydney Morning Herald reports that a spam is circulating claiming to have proof that Slobodan Milosevic was killed. The payload of the spam is a virus which will lower your computer's security. Read the article MilosevicTrojann email warning for more details.

And finally, NDTV.com of India reports on a rash of spam emails selling the Tamiflu drug to combat bird flu. I hope it goes without saying that buying drugs from spammers is a very bad idea; there's simply no knowing what, if anything, you'll actually get back. My favorite quote from the article: "...once the customer sends in his order, the spammers get access to three valuable things: the email address, credit card details and proof of gullibility". For full details, read the article, Bird Flu Alarm.

Second court hearing

Since I'm being sued twice, once for defamation and once for computer crime, I have a second evidentiary hearing on jurisdiction coming up on Tuesday; this time in the computer crime case. My expert witness, John Levine, and I will both be attending by video conference from different cities.

Since judge Racek has already ruled in my favor on jurisdiction in the defamation case, there's a chance that judge Irby will accept that decision as precedent. This leaves Harristhal's only real argument to be one of conspiracy. If he can prove that I conspired with my co-defendent David Ritz to commit a crime in North Dakota, then jurisdiction would be established.

The affidavits Harristhal filed this time around were surprisingly thin. He brought up very little of the material he used in the first hearing. Almost nothing relavent to contacts I may or may not have had with North Dakota.

The primary item attached to Harristhal's affidavit is a copy of David Ritz's deposition. It looks like Harristhal will be concentrating on the conspiracy angle. I'm a little surprised that he didn't include my postings to the old "inner-circle" mailing list.

Well, in the last hearing, Harristhal brought up evidence he hadn't submitted to the court previously as required, so I'm sure he's got a surprise or two waiting for me on Tuesday.

Labels: , , ,

Wednesday, March 15, 2006

National spam news

A student at Riverside Community College in California has been arrested for phishing. You can read about it at IT Security News: College student arrested for spam

Datran Media Corp. has agreed to pay $1.1M in fines after being caught using unethically obtained consumer data from several data mining companies. See IDM.net article Shoddy Email Practices Cost US$1.1M. According to New York Attorney General Eliot Spitzer*, Datran sent six million spam emails selling discount drugs, diet pills and other products. Datran allegedly used a mailing list which it knew was dirty. The largest supplier of dirty lists was Gratis Internet, who provided the information in direct violation of their own privacy policy. Expect to hear more on this angle later. In the meantime, ClickZ has a good article on it. Internetnews.com also has a good article, describing the kind and amount of personal data sold by Gratis. Red Herring has one more article worth reading, quoting Elliot Spitzer as calling this the largest breach of privacy in Internet history.

Amusing article in the WCF Courier today, about religious chain letters: God Spam: Christian forwards inspire warm fuzzies, wrath. Actually, a chain letter isn't quite the same thing as spam, but close enough. Who here remembers that the very first massive spam was the "Jesus is Coming Soon" spam of 1994? Just think, twelve short years ago, there was no spam.

A new "reputation toolbar" service announced itself this week. CipherTrust has launched their "Trusted Source" toolbar plugin for email clients. It's similar to SiteAdvisor, which I wrote briefly about in January. In this case though, CipherTrust is for email clients instead of web clients. The service works by examining an email when you click on it to determine the originating IP address, which is then cross-checked against the site's "reputation engine". An icon in the tool bar changes color to let you know the trustworthiness of the email. There's a somewhat more detailed article on it from IDG News Service. The tool is free after you register. Windows only.

There was a worthwhile article in the IT Observer this week on Configuring the Postfix mail server for spam and virus protection. The article goes on in some detail on setting up configuration files, installing SpamAssassin (spam filtering) and ClamAV (virus filtering) and so forth.

Yet Another good article in the Seattle Times about AOL's proposal to allow email marketers* to buy their way past the spam filters: Better class of spam is still spam.

And rounding out the week's domestic spam news, Search Engine Journal has an article about how web spam is starting to infest social media sites such as Del.icio.us. Web spam, it's not just for search engines any more.

Spammers exploiting mailing list servers in a new way

New to me, anyway. Spammers bundle their spam into a subscription request or other message that will generate a bounce or some other automated reply, and send it to a mailing list server at a reputable site. The server then sends the response, with embedded payload, back to the puported sender. It's a new form of relaying.

Why bother? Because the mailing list server is likely not in any spam-blocking lists. This allows spammers to avoid whatever block lists they're on.

The exploit was seen in ezmlm mailing list managers, but there's no reason to think that other managers are immune.

Read more details at SecuriTeam Blog.

Monday, March 13, 2006

The Torn-Up Credit Card Application

Not really spam-related, but fraud-related. Here's the story of someone who tore up a credit card application, taped it back together, filled it in, asked that the card be sent to a different address, provided a cell phone number (i.e. unlisted), and mailed it in. Chase dutifully sent a shiny new credit card in his name to that other address. The Torn-Up Credit Card Application

I think I'm going to buy a proper shreder.

Sunday, March 12, 2006

Brendan Battles apparently resurfaces in New Zealand

Notorious and aggressive email spammer Brendan Battles has apparently turned up in New Zealand, spamming for wireless companies there. See Computerworld article Spam king sets up in New Zealand?

Battles was one of the spammers in the coalition which filed a SLAPP lawsuit against SpamHaus in 2003.

Update (22 Mar 2006): Confirmed; see Spam Kings.

Saturday, March 11, 2006

What is SPEWS?

Found a great essay today on how SPEWS (Spam Prevention Early Warning System) works. Thought I'd share it with you all: What is SPEWS?

World news shorts

Following in Korea's footsteps, the Arkansas Democrat Gazette reports that China has begun a crackdown on spam. In all likelihood, the authorities there have finally woken up to the fact that outgoing spam can be even more harmful than incoming spam. Like Korea, China has become known as a major spam source. There are many individuals, and probably a good number of entire sites that simply blocklist China as a whole. China is finally doing what they need to do or face becoming an intranet.

IT Backbones reports that the german company SfbIT* has received a patent on challenge/response spam protection. It's not entirely clear to me what's special about this system, as challenge/response schemes are by no means new. The article says that this system is easier to use because it involves clicking on links (similar to a mailing list subscription confirmation) rather than responding with a password, and a number of other improvements over more conventional c/r systems.

There are some serious concerns with challenge/response systems, although they've never particularly bothered me. For more, see the web site "Challenge-Response Anti-Spam Systems Considered Harmful".

Friday, March 10, 2006

On 'High Yield Investment Programs' (HYIP)

I know this isn't strictly-speaking about spam, but scams have been much on my mind lately. And besides, HYIPs are sometimes advertised via spam, so that's close enough.

After hearing about the Jennifer Clason case, I spent an hour or so perusing her message board. It was with a sort of sick fascination that I read all the articles by board regulars defending and even promoting the various ponzi schemes and other investment strategies of dubious legitimacy. Even after one such scam was shut down by the SEC, folks were still defending it and wishing the government would just butt out.

So I thought a few words on the subject were in order...

When scientists see someone invent and start marketing a perpetual motion machine, they don't need to examine the machine to know it's a fake; they know without even looking that it's not possible. Of course, they might take a look just to see how the trick was done, but the laws of physics have already told them the truth of the thing.

By the same token, when a mathematician or an economist hears of an investment fund that pays six million percent annual interest (that's what you get when you take the 44% interest over twelve days promised by a typical HYIP and compound it over a year), they don't need to look at the company's financials to know that something isn't right.

In fact, many, if not most, HYIPs are Ponzi schemes of one sort or another. Let's look at how a typical such scheme might work:

Say on day one that one hundred people invest $100 each and expect to earn $12/day for twelve days. Whoever's running the scheme now needs $1200/day in income to pay them off. In a Ponzi scheme, that money comes from new investors, so the people running the scheme will need to recruit 144 new investors to provide that income. But now those 144 new investors need to be paid, so another 208 investors are needed. Some of those 208 will come from the original satisfied customers, reinvesting their money, but some new investors will also be needed.

But those 208 investors will need to be paid off too, so now we need 299 investors for the next round. Then 430, 620, 892, and so on. By the end of the year, you need more than 6,559,000 investors to keep the ball rolling. Eventually the scheme reaches the point where not enough investors can be found and it all comes crashing down. The scheme goes broke, the people operating it have skipped town with a couple suitcases of money, and a whole lot of people are out their hundred dollars. Sometimes the authorities find out and shut things down before too many people get hurt.

The sad thing is, the people investing in the plan really believe in it. Until the crash, it made them a lot of money, and so they really wanted to believe. Quite often, even the people running it believed in it, and can't figure out how it all went wrong. Or they blame the authorities for shutting them down.

Ponzi schemes aren't investment plans, they're gambling plans. You're gambling that you won't be one of the unlucky ones holding the bag when it all goes bad.

Take a moment and think before you join such a program. If there really was a legitimate and safe way to earn six million percent interest on your investment, don't you think Wall Street would have it sewn up? Do you think anybody would even bother investing in conventional things?

Before joining any investment system, find out how the fund actually makes its money. If you can't find any answer other than new investors, then run the other way.

Wikipedia has some excellent explanations of Ponzi schemes and HYIPs. Take a moment and read them.

Thursday, March 09, 2006

New kind of phishing scam

There's a new variation of the "advance fee" scam making the rounds. A friend of mine caught this one in his inbox and nearly responded. Since it's being propagated via spam, like other 419 schemes, I thought it worth mentioning here.

The scam works like this: You get a letter from someone overseas who wants to reserve a room in your B&B, hire you as a guide or interpeter, or otherwise engage your services. The scam is targeted directly to you; the scammer is obviously perusing on-line advertisements.

Hello,
I am Bishop Mensah Opoko, an English speaking clergy from Ghana with the Synagogue church of Christ. I will be coming over to UK: London on holidays from the 1st of August to the 10th of August 2005 for a 10 day Vacation with my Albanian wife, daughter and son of the ages of 3 and 5 respectively. My wife Rev.Mrs Cindy Opoko only speaks Albanian and my native language, because her mum happens to come from Ghana.
We will require the services of a Albanian interpreter for 5 hours,12 noon to 5pm daily although this might be flexibly based on your availability for 10 days because I will not always be with them on most occasions due to other church functions which I most attend.
We will like to pay in advance of our visit so she can be assured of an interpreter during her shopping and sightseeing because this is her first visit. An early reply will be appreciated. Please acknowledge if you can offer this service and give me a price quote, and immediately call me on my direct line (+233244-0243879257 and +233244-033930 ) as soon as you receive this email, so we can conclude on all other arrangements ASAP, as time is not really on our side.

Remain Blessed,
His Lordship,
Bishop Mensah Opoko.

Spiritual Director,
Synagogue Church Of Christ,
10 Nkuruma Avenue, Community 6,
Tema,Ghana.

Tel.+233244-033930 or
+233244-0243879257


The scammer agrees to your price, and sends you a certified check or money order for the correct amount plus some extra, maybe $3000 or so. They ask you to forward the excess on to their travel agent to pay for tickets or some such. Since you've already deposited the check, and the bank assures you it's good, you figure why not? I mean, a certified check or money order is as good as cash, right? Nope.

For some reason, the customer can't make it (family emergency, you know). If you're really unlucky, you're convinced to refund the balance. Later (as much as two years later), it turns out the check was fraudulent, and the amount is deducted back out of your bank account.

A good source of information on this scam can be found at the Chartered Institute of Linguists discussion board. Apparently a lot of interpreters have been getting hit with this one.

It's worth noting that the 033930 phone number seems to be a constant in these scams.

Defamation case dismissed!

Judge Racek has dismissed the defamation case against me on jurisdiction. Here is a copy of the court order.

Update: The Fargo Forum has an article about the dismissal. (Oops, apparently the Forum now charges to read old articles. Sorry about that; I don't think it's worth the $1.95.)

Wednesday, March 08, 2006

Jennifer Clason pleads guilty of spamming and conspiracy

My favorite story this week: one Jennifer Clason, of New Hampshire has pled guilty in Arizona for violating the CAN-Spam act by sending porn spam. According to the U.S. Department of Justice, she's pled guilty to two spamming counts and one count of criminal conspiracy. She'll forfeit the money she got from spamming and faces up to 15 years in the slammer. Also indicted are Jeffrey A. Kilbride of Venice, CA, and James R. Schaffer of Paradise Valley, Arizona.

The DOJ reports that AOL alone received more than 600,000 complaints in less than six months.

Spam Kings reports on an interesting twist to this story: Clason also runs a support group for work-at-home mothers called MommyJobs.com. A quick review of the site's online forums show no evidence that the regulars there know about Clason's own work-at-home job. Something this hot should've been mentioned by now, so I suspect that Clason is still keeping a tight reign on the moderation. The only hint is her "Leaving for Phoenix" thread. She doesn't tell the readers why, she's leaving for Pheonix though.

It's worth taking a few minutes to tour MommyJobs.com. It's choc full of money-making schemes of dubious legitimacy.

I previously wrote about this particular spam gang in January, when two other members of the gang pled guilty.

You can read all about it at the Department of Justice, Spam Kings, PC Pro, Spam Daily News, and ROKSO listing (lots more references there)

Clason also continues to operate a number of porn websites.

Update: She's confessed to her readers.

National news shorts

La Crosse County, Wisconsin created a web site for their new comprehensive plan. In the space of two weeks, it was flooded with comment spam. See La Crosse Tribune for full story. Welcome to the third age of the internet La Crosse.

Elsewhere, I reported that residents of the U.K. were receiving tax-related spam. Well, Physorg.com reports that tax-related spam is hitting the United States too. As in the U.K., the spam is suspected of carying viruses and other malware. At least one IRS-related phishing site was tracked to Hong Kong (not responding as of this writing).

Sunday, March 05, 2006

Hidden costs of spam

It seems that not a month goes by without some article in the media estimating the costs of spam to industry. The Washington Post estimated the cost of spam at more than $10 billion dollars per year in 2003. By 2005, Information Week had estimated the cost to be more than $21 billion. I've seen estimates as high as $50 billion. Enter "cost of spam" into Google search and you'll find thousands of similar articles.

Several sites even provide cost of spam calculators where you enter demographics about your company and the calculator tells you how much spam is costing you.

Now, estimating the cost of spam is an inexact science* at best, and every pundit probably has their own way of coming up with their numbers, but that's not what this article is about. Instead, I want to talk about the costs you can't translate into dollars.

There were two seperate articles this last week that illustrate my point. The first, from the Sacremento Bee, Spam defenses get overly aggressive, talks of a user who lost a number of important emails to false positives in a spam filter.

False positives are one of the biggest problems caused by spam. The enormous load of spam we all face means that spam filters are pretty much a fact of life for most of us. And spam filters mean false positives. Better spam filters mean more aggressive filter-evading techniques by the spammers, which lead to more aggressive spam filters, which leads to more false positives. We'd all like to think that the perfect spam filter is out there, waiting to be invented by some AI graduate student, but I believe -- for reasons that might merit a post of their own -- that such a filter is impossible. And thus, the false positives.

Every month or two, I take a few hours off and dig through the mail folder into which the spam was dumped, looking for names and subjects that signify false positives. Oh, my old college buddy was in town last week? Looks like I missed him; too bad he used the wrong keyword. Problem with an eBay transaction? Too bad it looked like a phishing attempt. My cousin needed a college loan? Well, the world needs ditch-diggers too. A beautiful woman saw my profile and wants to meet me? Oh, wait, that one was spam.

Spam causes us to lose wanted messages along with the spam; either through false positives in an automated filter, or just hitting delete one too many times and not noticing.

The second article to catch my eye was in PC World. The article, Spam Mutates, starts off with the tale of a blogger who threw in the towel because he was sick of fighting the blog spam.

That's another cost of spam -- it drives good content off the internet. Until the 90's, usenet was a fantastic fountain of knowledge and ideas. After the spammers flooded it, a lot of the worthwhile content went away as authors gave up trying to compete. Now we see bloggers who are frustrated with the constant fight against blog spam.

Lately cell phone spam has become a problem, and there were several articles in recent weeks about how the problem is expected to increase. If the cell phone companies can't find a way to combat this -- and I'm betting they won't -- we can expect to see users abandoning text messaging altogether as spammers make the service worthless. We may even see some real impact on the sales and usage of the phones themselves. I've already seen a similar phenomenon as land-line users abandon their phones because of all the telemarketing calls which have ruined the utility of conventional telephones.

Saturday, March 04, 2006

Wayne Mansfield in court

One more item in world spam news: InfoWorld Nederland reports that the Spam Act of 2003 is being tested in court. In this case, notorious Australian spammer Wayne Mansfield is facing an A$1.1 million (US$746,000) a day fine for spamming from his company Clarity1 Pty. Ltd..

An injunction was obtained last August prohibiting Mansfield from spamming, but it is alleged that he continues even today.

World news shorts

SpamCube.com has a black-box spam/virus solution similar to a firewall. See engadget review.

Irish Developer Network News reports that spam reached a record high in February.

Joon Ang Daily reports that strict measures will be taken by the end of the month to curb spam coming out of Korea. This could be very good news for the people of Korea, as there are many places where the entire country is blocked for being a spam-haven. Anti-spam reforms could mean increased connectivity to the rest of the world.

Contractor UK reports on a hoax email pretending to come from HM Revenue and Customs, telling contractors they can settle their tax bill with one click. The email is suspected of containing a virus, although details are sketchy.

Information Week reports on twelve Nigerian spammers arrested in the Netherlands.

Wednesday, March 01, 2006

Fargo Forum and WDAY cover my case

At the request of my lawyers, I've refrained from discussing my lawsuits at this time. However at yesterday's jurisdiction hearing I was surprised to see TV cameras in the court room. I had been under the impression that the hearing would be closed, but apparently the local press thought otherwise. By the end of the evening, WDAY had covered it, and by the next day it was also in the Fargo Forum.

The coverage wasn't very deep, but frankly, how interesting can a jurisdiction squabble be? It all seems to hinge on whether or not my web site is "targeted" at North Dakota, and whether a traceroute packet that ends up in North Dakota constitutes my making contact with North Dakota.

More details later.

Labels: , , ,