The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Wednesday, November 29, 2006

Excellent article on pump-n-dump spam in the Guardian

Submitted for your approval: It's the name on everyone's screen. But is Southridge Ethanol really such a hot stock?. This is an excellent Guardian article about how the pump-n-dump business works. It tracks a stock fraud involving U.S. company Southridge Enterprises, a firm based in Dallas, Texas.

What I found most interesting was that it looks like the company being hyped was part of the scam. I had always assumed that the scammers were simply picking a penny stock at random and using it for the scam. However, the Guardian article dug much deeper into the scam and found what looks like active involvement on Southridge's part.

Oh, and if you're curious, this chart shows both share price and volume during the scam. As you can see, a lot of people fell for it, and they all lost money in the deal.

Wouldn't the world be a better place if all those people who buy stocks based on anonymous spam emails could just be fined the money up front for being dumbasses? They'd still lose the money as before, but then the rest of us wouldn't have to deal with the spam.

Seriously though, why aren't their brokers warning them before accepting the order? I'd bet this could even be done automatically with online trading systems.

Tuesday, November 28, 2006

More coverage of the Mummagraphics case

c|net has some coverage of the Mummagraphics case; see Declan McCullagh's article Court sides with alleged 'vacation' spammer. McCullagh paints a bleak picture in which the CAN-SPAM law will have the devastating effect on spam-fighting that was predicted when it was first enacted. There is also a link to Eric Goldman's evaluation of the case.

There is a discussion of the article on Usenet that's worth reading. Prof. Jonathan Ezor has some good commentary on the article.

See also the Womble Carlyle writeup about the decision.

Monday, November 27, 2006

Christopher William Smith convicted in online drug case

Did you all have a good Thanksgiving vacation? I know I did, especially after coming home to see this:

Spammer Christopher William Smith, aka "Rizler" has been convicted of illegally selling drugs via the internet and now faces a mandatory 20-year prison sentence. Smith's accountant, Bruce Lieberman and his attorney, Daniel Adkins, were both acquitted.

Witness tampering charges stemming from his threat to kill a witness are still pending.

Labels: ,

About the Mumagraphics case

Not having all the facts at hand, I'm inclined to reserve judgement on this one, but here are a few relevant links to peruse.

In short, Mark Mumma, owner of Mummagraphics, threatened to sue Cruise.com, aka Omega World Travel, for spamming. Cruise responded by suing Mumma for defamation. The court has refused to grant Mumma summary judgement dismissing the case. The court's decision (pdf, 17 pages) in short was that Cruise did not violate the CAN-SPAM act as Mumma had claimed. In addition, the court ruled that CAN-SPAM preempts the stricter Oklahoma law. Finally, the court ruled that although CAN-SPAM states that headers must not contain false information, the particular false information contained in Cruise.com's headers was not significant enough for the headers to be "materially false or materially misleading." In other words, the intent of congress when it passed the law was to prevent fraud, and not to allow spammers to be nailed on a technicality. Mumma will now likely face a costly defamation case.

Relavent links:
Mumma's SueASpammer.com page about the lawsuit
Currently 404, probably for the duration of the case.

Turning the Tables on Spammers (Wired News, Jan 2005)
Discussion on "Project Honeypot", including the Mumma case.

Spammer Sues Spam Victim, Continues Spamming Him (PrWeb, March 2005)
Mumma's press release about the lawsuit.

Cruisin' for a legal bruisin' (Spam Kings, March 2005)
Discusses the filing of the lawsuit, including warnings about jumping into lawsuits.

Spammer sues spammed (Spamroll, March 2005)
Discussion of the case, suggestions that Mumma may have gotten in deeper than he'd like.
Scroll down to read Mumma's response, including the fact that Cruise spammed a role account at Mumma's ISP which never opted in.
More Mumma, more money (Spamroll, April 2005)
Mumma has hired Pete Wellborn to defend him.

4th Circuit Beats Back Anti-Spam Plaintiff (Spam Notes, Nov 2006)
More legal analysis plus comments from Mark Mumma.

Hostingplex Are a Shower of Dunces

What a wonderful title. This is the title that The Weekly gave their article describing how a clueless ISP not only shut them down for spamming they didn't commit, but also tried to extort them for $150 in order to access their own files. I think we can classify this as one of the countable costs of spam.

While I laud Hostingplex's strong anti-spam policies, I think it's worth bearing in mind that you should disconnect the actual spammers, and not some innocent third party in their place.

Wednesday, November 22, 2006

Walter Rines shut down by FTC

Back in May, I briefly mentioned how the Federal Trade Commission was taking action against Walter Rines, spammer, purveyor of spyware, and part-time partner of Sanford Wallace.

Yesterday, c|net reported that the FTC has ordered Rines to permanently shutdown his spyware operation and pay $50,000 to cover his illegal profits. He may also face a $1.75 million judgement.

The article also mentions one John Robert Martinson who faces a $1.86 million judgement over his Spy Deleter software which he paid spyware vendors to advertise for him with threats of more spyware if they didn't buy his product. This is similar to the scheme that Sanford Wallace was fined $4 million for operating.

Friday, November 17, 2006

Top Ten Worst Spam Offenders

This has been making the rounds for the last week or so, but perhaps you haven't seen it yet. In short, Spamhaus has released its top-ten spam offenders for the year. There are actually three such lists, one for worst countries, one for worst ISP, and one for worst spammer.

Of the worst countries, the U.S. leads, of course, with roughly 6 times the spammers as its nearest rival, China.

The winner for worst ISP — to nobody's surprise — is UUNet, now known as Verizon Business, leading with more than twice the spammers as its nearest competitor.

Of the worst spammers, Russians and Ukranians occupy six of the top ten spots, with Alex Polyakov (likely a pseudonym) leading the list. Polyakov is most known for mortgage spam, but also advertises child porn, money laundering, and drugs. He may also be the person behind the DDOS attack that brought down Blue Security in May of this year.

So, from reading the articles, I think that the majority of all spam could be stopped if just a few things would happen: 1) Russia starts going after its own criminals*, 2) Verizon fires the management team of Verizon Business, 3) ISPs start blocking outgoing email from their zombie customers, and 4) Microsoft does something about the piss-poor security of their operating system*.

Daily Tech has some good coverage of the story, with more information from Sophos and a lively discussion thread.

Labels: ,

Thursday, November 16, 2006

Political site exploited by spammer

Just a reminder to everybody to make sure their servers are secure. A political action group called Downsize DC had their web server exploited by a spammer who sent 50,000 spams through it.

Remember, and unsecured system is an attractive nuisance which not only hurts the owner of the server, but everybody who gets the spam that's relayed through it. Downsize DC may think of themselves as the victims here, but they also owe an apology to everybody who got the spam that was sent from their servers.

Wednesday, November 15, 2006

Cyber Thieves Steal Entire E-Mail Accounts

From WBAL, in Baltimore. The article states "A new type of online crime is occurring", but it's actually a very, very old crime. The article is about how thieves stole the email account of someone who had used Hotmail from a public terminal and apparently forgot to log out or perhaps was hit by a keystroke logger. The thief tried to use the account to commit fraud on eBay, but was stopped. The victim was unable to get any help from Microsoft or Hotmail.

Thursday, November 09, 2006

Politicians using spam in the U.S.

Just as the word comes out that the U.S. has maintained its lead as the number one source of spam on the internet, now comes the word that U.S. politicians have taken to spamming in their campaigns.

The rationale used by politicians mimics that used by many spammers: that as long as the spam complies with the CAN-SPAM law, then it isn't spam. Ok, listen up: even if your spam is legal, it's still spam, and nobody wants it.

I would have preferred to see Sophos list the actual spamming politicians for all to see, but if they did, I missed it. If you have examples of political spam, please send it along to me at spammingpols@efalk.org.

For historical reference, the first spamming politician that I'm aware of was California Republican Bill Jones who actually hired a professional spammer who broke into a Korean elementary school computer to relay the spam.

Shame on Debian - their email list has been sold to spammers

I just received a pump-n-dump spam to a tagged email address I had only given to Debian, the maker of one of the more popular Linux distributions.

Sold out directly by Debian, or leaked and then sold? I don't care. Debian had a duty to protect its user email addresses from spammers and they've failed.

Wednesday, November 08, 2006

Anti-spam service advertising via spam.

Twice in as many days has a business called "spam blocker dot biz" left comment spam in this blog. This is not acceptable behavior. Why is it that newbie anti-spam businesses feel that spam is ok if they do it?

And to top it off, their business model isn't very good or original — it's just another challenge-response system. Also, I've already thought of two ways that spammers could game the system, although without seeing the fine details of how it works, I can't be sure.

And why is it that domains ending with .biz always seem so dodgy? It's practically gotten to the point where you can use .biz as a spam indicator.

Tuesday, November 07, 2006

Phishers looking for social security numbers now

Via news.admin.net-abuse.email: Fake social security site. Click the link if you want, just don't put any personal info on it. Phish site hosted by BellSouth which is also where the spam came from.

Be careful out there.

German ISP Forced To Delete IP Logs

Via Slashdot: A German federal court has ruled that T-Online, a major ISP in Germany, must now delete IP logs at the customer's request. The ruling is in the interest of privacy, and was the result of a court case brought by a man who had been fined for making a sarcastic comment on an internet forum in 2002. In this case, T-Online had retained his dynamic IP address for longer than permitted by law and had turned it over to law enforcement agencies without a court order.

I am of mixed opinion on this. One the one hand, the ability to to make anonymous political comments is an absolute necessity in this day of government retribution — as this case clearly shows. But on the other hand, this will make it even harder to track down spammers, and T-Online already has enough of a spam problem.

Interestingly enough, this ruling may be in conflict with the EU data retention law which requires that records be retained for law enforcement purposes for between six and 24 months.

Monday, November 06, 2006

Jeremy Jaynes' lawyer pleads guilty to money laundering and other charges

Today's Real Piece of Work™ is one Sam Currin: Former U.S. Attorney; former judge; former assistant to Jesse Helms; former chair of the N.C. Republican party; religious fundamentalist; former Sunday school teacher; anti-choice politician; animal lover (not); lawyer for the Sons of Confederate Veterans (where he played a key role in expelling some 300 anti-racist members). Oh, and did I mention: lawyer for spammer Jeremy Jaynes who was recently given nine years in the slammer.

Well, it turns out that good ol' Sam has now plead guilty to lying to a federal grand jury, obstructing the IRS, and conspiring to launder 1.3 million for Jaynes. It looks like he'll be allowed to plead out of jail time, but he will be giving up his law license.

According to the News Observer article, Currin laundered just over $1.3 million for Jaynes, knowing that the money was illegal proceeds from Jaynes' spamming and stock fraud business. In addition, Currin failed to report the profits he made from this laundering.

You can learn more from junkfax.org's article about the case, including a link to the charges and an excellent detailed description of the stock fraud and all the people involved in it.

Can you really judge a lawyer by the clients he represents? Like Mark Felstein who represented Eddy Marin and other spammers in their 2003 attack on Spamhaus, Currin seems morally indistinguishable from the scum he represents.

AllAdvantage reincarnated?

Winding up today's news: Word on the internet is that AllAdvantage is making a comeback. Or rather, some of the founders of AllAdvantage are going to give it another go.

AllAdvantage was an advertising multi-level-marketing scheme from 1999 which generated a huge amount of spam from its affiliates. If the new company, AGLOCO (short for "A Global Community") is like the old one, we can look forward to an increase in email spam in the future.

Update: I've heard from the anti-spam consultant who was hired by AllAdvantage to clean up their spam problem in 1999. He's a founding partner in AGLOCO so it looks like there's a good chance that they'll be able to avoid the spam problems that plagued AllAdvantage.

US #1 spam nation

Not that this is any surprise, but once again, the United States leads the world in spam. This, according to Sophos.

Financial advisor Jim Grant installs spyware on his customers' computers

Via Spamroll, The Boston Herald reports that Wall Street financial advisor Jim Grant has been installing spyware on the computers of the subscribers to his investment letters in order to determine if they're being illegally copied. This information came out when he sued one of his readers for sharing the newsletter around the office. In turn, Grant has been accused of computer fraud and trespass.

This is similar to the Sony case, in which Sony installed a virus on some of its music CDs which installed rootkits on users' computers for the purpose of enforcing Sony copyrights.

The Herald article speculates that this is common practice among authors of high-priced newsletters.

Best spam ever

I'm sure most of you have gotten a spam or two (or two hundred) from some stranger offering to get your web site a higher rating in the search engines. Well, a contact at Google recently forwarded this gem along to me — it was received at his work address at Google:

Subject: I can't find www.google.com on Google!

Your website (www.google.com) on top positions on Google, Yahoo and MSN search!

We will get your website (www.google.com) to the top positions on all major search engines.

Use our great value offer: We will submit your website (www.google.com) to 890 Search Engines, including Google, Yahoo and MSN.
OK, you know what? If you can't find Google by searching for it on Google, maybe you should go look at the back of your computer and make sure the line cord is plugged in and your monitor is turned on. Yeesh.

180 Solutions/Zango fined $3M

Scumware vendor Zango is once again in the news. This time, the Washington Post reports that they've been fined $3 million by the Federal Trade Commission. The fine is for installing adware (also sometimes called spyware) on consumer's computers using deceptive practices.

Wednesday, November 01, 2006

Surge in spam caused by 'bot networks

As reported in the Register: a 30% surge in spam over the last two weeks is caused by increased spammer use of 'bot networks. Thank you very much, Bill Gates.

How to sue a phone spammer

From today's Slashdot: Bennett Haselton of Peacefire describes how to sue a phone spammer.

For more about Bennett Haselton and the law, see his JudgeJokes web site.