The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Wednesday, January 31, 2007

Korean "Super-Spammers" arrested

Oh, yeah. Definately going to be a bad year for spammers in court this year.

VuNet reports that two men in South Korea have been arrested on suspicion of sending out 1.6 billion spam emails.

Details in the MySpace vs Richter case

Earlier, I briefly mentioned that MySpace was suing longtime spammer Scott Richter for phishing and spamming.

Today, I received a copy of the original complaint (scanned pdf, 13 pages). Here is an executive summary:

Richter is being sued in California under the Computer Fraud and Abuse Act, the CAN SPAM act, The Electronic Communications Privacy Act, California's Anti-Spam statute, Breach of Contract, Unfair Competition, Trespass to Chattels, and Conversion.

Co-defendants of Richter are Marat Nigmatzyanov and Yevgeniy Leschinskiy.

The lawsuit alleges that:
  • Richter and his co-defendants arranged for millions of spam "bulletins" to be sent through the MySpace network.
  • Defendants used stolen accounts to send the spam.
  • Defendants either phished the accounts themselves or obtained lists of phished accounts.
  • Spams were crafted to look like they came from friends of the recipients and included statements that appeared to come from legitimate MySpace users professing the legitimacy of the promotions.

MySpace asks that:
  • Richter et al be permanently enjoined from abusing MySpace, retaining the list of phished accounts and even accessing MySpace computers.
  • MySpace wants Richter to turn over the complete list of phished accounts.
  • MySpace wants damages in an amount still to be determined.
  • MySpace wants Richter to hand over any profits he made from abusing MySpace.
The MySpace user agreement forbids spam and mandates a $50/email penalty. The user agreement also forbids phishing, unauthorized use of other people's accounts, and various other illegal activities.

Tuesday, January 30, 2007

Cingular, Priceline, Travelocity fined for use of adware

New Attorney General of NY keeps the fire burning


The state of New York continues the fight against internet abuse under their new Attorney General Andrew Cuomo who seems to be carrying on the tradition of Elliot Spitzer.

In today's news, the office of the Attorney General announces that Priceline, Travelocity, and Cingular Wireless have been held responsible for the malware they've had installed on user's systems. Previously, they got away with pretending they didn't know how their advertisements were being delivered.

The fines are a slap on the wrist, but the guilty parties have also agreed not to do it any more. We'll see if they're true to their word.

More on this story at Press Esc.

Friday, January 26, 2007

Florida cell phone spammers sued in Springfield, Ill

The Illinois Attorney General is suing Neela Pundit and Charles Rossop for sending five million text spams to cell phone users around the U.S..

For more information, see WIFR article Spam Suit.

According to the article, this suit is in addition to one already filed in Georgia.

Tuesday, January 23, 2007

Alcona, MI county treasurer embezzles $186,500 to pay 419 scammers

Another in a depressingly never-ending series of "can people really be this stupid?" posts.

The Detroit Free Press is reporting that Thomas Katona, the treasurer of Alcona County, MI wired over $72,000 of his own money and over $186,000 of the county's money to Nigerian scammers.

Fully story: Alcona Co. treasurer charged with stealing county funds

Monday, January 22, 2007

Scott Richter sued by MySpace

Spammer Scott Richter has been sued in federal court by MySpace for sending millions of "bulletins" to MySpace users between July and December of 2006. MySpace accuses Richter of stealing accounts through phishing and using the stolen accounts to send the spam.

For the full story, see Ars Technica article "Spam King" sued by MySpace.

Saturday, January 20, 2007

But wait, there's more.

c|net reports that on Jan 11, the California Court of Appeal ruled in Joel Jared's favor in the lawsuit filed against him by Steve Rombom. According to c|net, the Judge has ruled that Section 230 of the Communications Decency Act protects Jared and other providers of anti-spam technology from lawsuits of this nature.

Full story: Police blotter: Antispam activist fights lawsuit.

Yes, this has been a good week in court for the anti-spam community.

Thursday, January 18, 2007

Spammer court triumvirate is complete

And now, the third spammer of the day having a bad day in court: Paul McDonald of England was caught spamming by Microsoft, who came after him under the European anti-spam laws.

For the full story, see Telegraph article Man banned in first case under anti-spam law

Wednesday, January 17, 2007

President of Japanese dating company arrested for spamming.

Yes, this is definately looking like the year we'll be seeing a lot of spammers in court.

According to Mainichi Daily News, Yoshimitsu Hirono, the president of Tokyo-based dating site operator Takumi Tsushin, was arrested along with three other people for sending 5.4 billion spams with forged sender data, in violation against Japanese anti-spam laws.

Story: President of company suspected of sending 5.4 billion spam e-mails arrested.

Spammer convicted in jury trial under CAN SPAM

The LA Times is calling this the first defendant found guilty by a jury under the CAN-SPAM law.

Jeffrey Goodin of Azusa, CA was convicted for phishing credit and other personal information from AOL users. He was able to do about a million dollars worth of financial damage.

Story: Man guilty of Internet spam in AOL case. (Registration required).

More informaton from Law Fuel.com: 'Phisher' Guilty of Posing As AOL Billing Department And Obtaining Credit Card & Personal Information.

U.S. DOJ press release: 'Phisher' Guilty of Posing As AOL Billing Department And Obtaining Credit Card & Personal Information

Sunday, January 14, 2007

SPEWS is dead, long live APEWS?

As some of you may have noticed, and as I mentioned last week, anti-spam organization SPEWS went quiet a few months ago, issuing no database updates since August.

As many have predicted, a new organization has appeared to fill in the gap. Calling themselves APEWS (Anonymous Postmaster Early Warning System), they've imitated the look-and-feel of the original SPEWS. Presumably they intend to provide the same services that SPEWS provided.

The domain name was registered in late December. The registration is in Brazil; the name servers are in Germany. According to their web page the site went live on Jan 1. SORBS, UCEPROTECT, and TQMCUBE have already started mirroring their zones.

In their inaugural post announcing their existence, APEWS announced how they will be doing business. As with SPEWS before them, there will be no contact for them (although they'll be monitoring the anti-spam mailing lists, especially news.admin.net-abuse.blocklisting.) Unlike SPEWS, APEWS will occasionally contact ISPs with problems, and presumably warnings of impending listings. The announcement stresses that all official email from APEWS will come from an IP address resolving to apews.org. Any other IP addresses indicate faked email.

Of course, in the long run, the proof will be in the pudding. Creating a DNS blocklist is more than just building a web page and exporting some DNS zones. They need to establish a reputation for publishing accurate and fair lists and keeping them up to date. Clearly, their adoption of a name and web style similar to SPEWS is an attempt to leverage off of SPEWS' own reputation.

Although I welcome a replacement for SPEWS, I take a cautious view of APEWS, who have yet to prove themselves in their own right.

Thursday, January 11, 2007

How the Sender Community Can Help Fight Spam

Today, spam-fighter Neil Schwartzman wrote an excellent article on the state of spam and what needs to be done about it. The main thrust of his article is that now that the spammers, the virus writers, the phishers, and the spyware authors have all teamed up in a vast cyber-crime network, the good guys are going to need to team up to fight them. In particular, he points out that the legitimate senders of commercial email also have a stake in fighting spam.

And let's be 100 percent clear about something: legitimate commercial senders should want receivers to block spam and phish from end users inboxes. These messages erode consumers trust in email and decrease its ability to drive response for good senders.

Well worth reading: How the Sender Community Can Help Fight Spam.

Wednesday, January 10, 2007

Phishing with death threats

New (to me), but not unexpected. The latest phish consists of an email from a 'hitman' who informs the mark that he's been paid $50,000 to kill the mark, but will drop the contract for $80,000.

Friday, January 05, 2007

SPEWS gone walkabout?

According to discussions on usenet, Slashdot, and other places, SPEWS (Spam Prevention Early Warning Ssystem) seems to have been idle since late August. Since the administrators of SPEWS are anonymous, nobody knows how to reach them to ask what the story is. Whether they were all hit by a bus, or got burned out from running the site is anybody's guess.

Unlike many other blocklist operators, SPEWS did not maintain their own DNS system. Instead, they published a list of bad IP blocks and allowed others to maintain the actual DNS Blocklists. Those maintainers have continued to publish the data even though they haven't received an update from SPEWS in quite some time. As the problem continues, those block lists become more and more obsolete.

I expect that if SPEWS does not show signs of life pretty soon, administrators will stop using them, and the DNS Blocklist maintainers will drop the data.

Cisco Systems to buy Ironport

Newsday reports that Cisco will be paying $830 Million for IronPort, a maker of anti-spam and anti-virus security products.

ORBD Blocklist Gone.

The ORBD (Open Relays DataBase) has closed up shop for good.

2006-12-18 11:34
We regret to inform you that ORDB.org, at the ripe age of five and a
half, is shutting down. It's been a case of a long goodbye as very
little work has gone into maintaining ORDB for a while. Our volunteer
staff has been pre-occupied with other aspects of their lives. In
addition, the general consensus within the team is that open relay RBLs
are no longer the most effective way of preventing spam from entering
your network as spammers have changed tactics in recent years, as have
the anti-spam community.

We encourage system owners to remove ORDB checks from their mailers
immediately and start investigating alternative methods of spam
filtering. We recommend a combination involving greylisting and
content-based analysis (such as the dspam project, bmf or Spam Assassin).

DNS and the mailing lists will vanish today, December 18, 2006.

This website will vanish by December 31, 2006.


The closure caused a certain amount of roughness in the DNS system. According to sources, the registrar allowed the domain holder to remove the authoritative nameserver records. This is causing name servers &mdash especially poorly-written ones — to redirect all ORDB queries straight to the .org top-level servers, which are now fielding on the order of 20,000 requests per second from over 200,000 unique IPs. It does give a good idea of how popular ORDB was before it shut down.

There are cleaner ways to shut down a block list — either set the nameserver record to null or point it to 127.0.0.1 &mdash but apparently the word didn't get to the ORDB administrators in time. The TLD administrators are working with ORDB to resolve this issue.

Thursday, January 04, 2007

How to sue a spammer

Hi everybody; have a nice holiday season? I know I did. I have a lot of catching up to do, so watch this space.

It's starting to look like 2007 might be the year to sue a spammer. Sadly, no all-purpose "how-to" documents exist that I know of, but expect to find some soon. In the meantime, here are a few places to look for hints and tips:
InfoWorld: Sue a spammer today
Links to useful resources and success stories.

Zen and the art of small claims
Richard Scott's success story.

sueaspammer.com
Mark Mumma's web page documenting his various lawsuits against spammers (and one spammer's lawsuit against him.) Includes an excellent clickable map that helps you find anti-spam laws in your state.

spamlaws.com
An excellent reference source to anti-spam laws, classified by country and state.

The Purple Cow: How I Sued A Spammer in Oregon from Virginia

The Register: How to sue a British spammer
The story of Nigel Roberts's succesful lawsuit against marketing firm Media Logistics.

SueSpammers.net
More resources.