The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Thursday, May 31, 2007

MySpace wins anti-spam lawsuit against The Globe

Ahhh, the ebb and flow of the legal system. The year started out with a number of legal victories by anti-spammers, and then a couple of setbacks (Mumma, Gordon), and now the pendulum seems to have swung back again. First, we have the arrest of Robert Soloway, and now Red Herring is reporting that Myspace has settled with The for over $2.5 million.

The lawsuit, filed last June, accused The Globe of spamming MySpace users from at least 95 dummy MySpace accounts created for the purpose. Nearly 400,000 spams were sent.

According to the Red Herring article, The Globe could have been held liable for up to $120 million, but given The Globe's current financial situation, MySpace decided to settle for a tiny settlement rather than risk waiting and having The Globe go under completely.

This is not MySpace's first lawsuit against spammers, and hopefully, there will be many more to come.

Labels: ,

E360 vs Hacker X

In the latest twist in the E360Insight vs World + Dog saga, E360 is now claiming they were attacked by a hacker who broke into their system and sent porn spam from their servers and stole their intellectual property. See Spamsuite copy of their Motion for Expedited Discovery. In short, they're asking the court to allow them access to the records of the ISP they believe was the source of the attack. The motion specifically names all of the defendants in their lawsuit rather than John Does, implying that E360 thinks one of the defendants is responsible.

More info in the Usenet thread "e360 Site Hacked".

Now, it's entirely possible that their site really was broken into, but to suggest that one of the defendants in the case had anything to do with it is nonsensical. By pursuing this lawsuit, they've managed to make themselves one of the most despised entities on the internet, and an attraction to countless crackers and script kiddies. There's no shortage of suspects in this case.

Meanwhile, in other news, they've also filed petitions (1), (2) to withdraw earlier motions they made essentially asking that Spamhaus be held in contempt and that Spamhaus be compelled to provide certain information. The likely reason here is that they're acknowledging that they won't win on these issues. Alternatively, they're trying to finesse the timing.

Labels: ,

Wednesday, May 30, 2007

National Spam News

I haven't done a news roundup in quite a while, and I have a lot of catching up to do. Are you sitting comfortably? Good, let us begin.

Good article in Slashdot today, bemoaning the fact that the latest Ameritrade leak has gotten no attention from the mainstream press. California law requires them to notify their California customers of a potential security breach. Have they done so? Were customer account ids and passwords also leaked? Ameritrade isn't saying. So far, all they've said is that they take these things seriously. The article suggests some security techniques that Ameritrade should implement to track the source of the leak.

There have been a lot of "greeting card" spams lately. I'll bet you've gotten some yourself. Remember: if the subject line doesn't identify who the card is from, then it's spam. Anyway, Trend Micro reports that these spams are also carrying malware as part of the payload.

Robert Soloway isn't the only one with legal problems this week. TG Daily and other sources report that Microsoft has filed suit against three John Does for sending pump-n-dump spam through their Hotmail service.

The BBC reports that internet service provider Tiscali is now caught up in a serious battle with their spammers. Spam coming from Tiscali has become serious enough that many other ISPs are refusing email from Tiscali, which is seriously impacting their customers. Tiscali has long been plagued with 419 scammers, which they managed to bring under control about 6-8 months ago. It now seems that another house-cleaning has begun.

There is some speculation that Tiscali's problems might be caused by spambots inside their network. See my recent article on this subject.

Ben Edelman reports that spyware is still stealing referal fees. As usual, his claims come with a detailed and in-depth analysis.

The Seattle Times reports that Nigerian 419 scammers are now inviting suckers to get puppies out of the country instead of money. Some people have paid more than $1500 to adopt a valuable dog from Nigeria.

Labels: , , , , , ,

The other shoe drops: E360 re-files their lawsuit

Last month, I wrote that E360Insight had dropped their lawsuit against several assorted anti-spammers. As was suspected, they have re-filed in Illinois state court. Named in the suit are Mark Ferguson, Susan Gunn, Rob Saecker, Rich Tietjens, Bill Silverstein, and Tim Skirvin.

The gist of E360's complaints is that the defendants have accused them of being spammers, causing them to be blocked and to lose business.

It is not entirely clear to me at the moment why E360 chose to move the case to state court.

Labels: ,

Spam bots now relaying through ISP mail servers

Correspondents inform me that a new bot network has begun spamming. An army of spambots woke up within one ISP starting at 6 pm yesterday, and attempted to send millions of spams through the ISP's mail server.

This represents a new step in the evolution of spambots. Previously, these bots all tried to transmit directly from port 25, but with the advent of port 25 blocking by ISPs, this has become an obstacle. It was only a matter of time before spambots began trying to relay through mail servers.

The question to be asked — and hopefully someone will analyze the bot responsible — is were the bots specifically crafted for the ISP which was attacked, with knowledge of the correct mail server to use, or were the bots able to extract mail server information from the customers' machines.

This new spambot capability was inevitable as port 25 blocking came into widespread use. The next generation of spambots will most likely search user files for email account information, including passwords, in order to transmit their spam.

For this reason, I believe that best practices dictate that users never check the "remember this password" box on their mail programs, but instead enter the password each time they fire up their mailers. Note that MacOS is probably immune to this problem thanks to its key manager system.

Labels: ,

Don't click on links from the Better Business Bureau

The Register reports that there is a new round of highly-targeted phishing going around, disguised as a letter from the Better Business Bureau. The email is sent to high-level executives, and according to the article, over 1400 of them have been tricked into sending sensitive information to the phishers. The executive is told that there's been a complaint, and they should click on a link to read it. The link actually installs malicious spyware which then forwards everything it can get its hands on to a website controlled by the attackers.

The Better Business Bureau has issued a warning about the attack.

By the way, the spyware works by attaching itself to — wait for it — Internet Explorer. Please, people, what have I told you about installing Firefox? Friends don't let friends run IE or Outlook.

Labels: ,

KOMO TV coverage of Soloway

KOMO has coverage of Soloway's court hearing. Much information about his finances (he's been denied a court-appointed lawyer). He may be facing decades in the slammer, along with seizure of assets.

Labels: ,

Update on Soloway

Details can be found at Spamsuite. In a nutshell:

He's being held without bail until the detention hearing on Monday. The prosecutor wants him held until the trial. He's plead not guilty.

Trial will be 8/6/07.

Labels: ,

Robert Soloway arrested

This morning, at 7:30 Pacific time, Robert Soloway was arrested on charges related to spamming. He is currently in custody of the U.S. Marshal's office awaiting his initial court appearance today at the U.S. District Court in Seattle at 2:30.

According to the Seattle PI, Soloway's case centers on his Newport Internet Marketing company, which advertised spamming software and services. He is facing thirteen counts of money laundering, ten counts of mail fraud, five counts of wire fraud, five counts of aggravated identity theft, and two counts of email fraud.

Not too surprisingly, the software that Soloway sold didn't actually work. This is probably the source of at least some of the fraud charges. It would be interesting to see if any of Soloway's would-be spammer customers are named in the case.

This is by no means Soloway's first time in court — see Spam Kings for more. In the past, Soloway has bragged about being judgement-proof. Let's see if he's jail-proof. has copies of the warrant and indictment on-line. Enjoy.

Labels: ,

Tuesday, May 22, 2007

Venkat Balasubramani comments on the state of CAN-SPAM

On today's C-Net: Can-Spam put to the test.

As you may know if you've kept up with this blog, the CAN-SPAM act has been much in the courts lateley. Significant cases include E360 vs Spamhaus, which may ultimately hinge on whether E360 is violating CAN-SPAM, and whether or not CAN-SPAM provides immunity to blocklisting services; vs Mark Mumma, in which the court ruled that's violations of CAN-SPAM, if any, were insignificant enough to make Mumma's spammer accusations libelous, Braver vs Ameriquest which was settled out of court to Braver's satisfaction, and Gordon vs Virtumundo in which the court ruled that Gordon wasn't enough of an ISP to qualify as a plaintiff under CAN-SPAM (which does not permit individuals to sue spammers).

The Gordon case is especially interesting for several reasons. One is that although Gordon does operate an email ISP named, the court still ruled that he wasn't big enough to be entitled to sue under CAN-SPAM. Other interesting points are that Gordon's entire income came from suing spammers, that the court cited the Mumma case, and that the court has opened the door for the Virtumundo spammers to counter-sue Gordon.

Venkat argues that the CAN-SPAM law had spawned a small cottege industry of litigation brought by private individuals and small ISPs, and that the Mumma and Gordon cases represent the death-knell for these cases.

Most significantly in my opinion, the court has now raised the bar for any ISP to sue spammers. Before, the CAN-SPAM act provided for statutory damages — that is, the damages are assumed and the ISP doesn't have to enumerate them. The Gordon ruling included the assertion that Gordon was not "adversely affected". If this sets a precedent, ISPs will now need to prove not only the spam, but actual damages.

Venkat covers a number of other significant points in his article, which is well worth reading IMO.

In short, the Mumma and Gordon cases are establishing the precedent that fighting spam in the courts is for the big boys only. I wish I had better news to report.

Labels: ,

Friday, May 18, 2007

Zango sues PC Tools for labeling them as spyware

(Via Spam Notes) Zango software, formerly known as 180 Solutions, is suing anti-spyware software vendor PC Tools Pty Ltd because their software identifies Zango as spyware and removes it from the client's system.

Zango has been much in the news over the last couple of years. Most recently in November, 2006 when they were fined $3M by the FTC for installing spyware on user's computers. It looks like Zango is trying to reform their reputation, and are suing anti-spyware corporations in order to purge their record.

Labels: , ,