The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Friday, June 29, 2007

Spammer Bill Stanley loses in court, accused of defamation and making death threats

OK, here's one for the books. Spammer Bill Stanley created businesses called DefamationAction.com and ComplaintRemover.com which are — and I'm not making this up — "reputation services" dedicated to helping clients clear their good names by removing defamatory information about them from the internet.

Well, it ended about as well as you would expect. Stanley's methods apparently consist of putting up defamatory web pages about, and making death threats to, web sites that won't remove material his clients object to. For example, he sent this message to RipOffReport's owner, Ed Magedson:

This letter is being sent to you in the name of more than 500 businesses. No matter where you go, we will cause you a problem. Your life is in danger until you comply with our demands. This is your last warning. ...
Stanley has also targeted Magedson's lawyers and business providers.

On May 11, an Arizona judge issued a restraining order against Stanley and others in the reputation services business. Needless to say, Stanley ignored the restraining order, leading to more unpleasantness in court on June 21.

For the full story, including much longer excerpts from Stanley's death threats, visit c|net article Police Blotter: Dark side of 'reputation defending' service.

Thursday, June 28, 2007

Adelphia executives headed to prison

A nearly forgotten footnote in the history of spam: ISP Adelphia was added to my spam-tracking list in 1998 due to excessive porn spam to the sexual abuse recovery newsgroups, coupled with Adelphia management's indifference to the problem. They dropped off my radar when I stopped monitoring Usenet spam many years ago.

Today, they dropped back on when a U.S. Judge ordered Adelphia founder, John Rigas, and his son Timothy Rigas to begin serving long prison sentences of 15 and 20 years respectively for their roles in one of the largest corporate frauds in history.

According to prosecutors, the Rigas' illegally concealed nearly $2.3B in debt from Adelphia stockholders.

More on this story from CNN and the Houston Chronicle.

Labels:

Tuesday, June 26, 2007

Two more members of Arizona porn spam gang convicted

In January of last year, I wrote about a spam gang in Arizona that specialized in hard-core porn spam sent to AOL users. Three members, Kirk F. Rogers of Manhattan Beach, California, Jennifer Clason of Tempe, Arizona, and Andrew Ellison have already pled guilty.

Today, the UK Register reports that the remaining two members, Jeffrey Kilbride, of Venice, California and James Schaffer of Paradise Valley, Arizona, have been convicted of eight counts, including conspiracy, fraud, money laundering, and transportation of obscene materials.

Earlier reports indicated that AOL received over 600,000 complaints from its users over spam from the gang. Given the extremely small complaint rate for spam, the number of spams actually sent must have numbered in the many millions, even assuming that the embedded hard-core porn would have generated a higher-than-average complaint rate.

Labels: ,

Monday, June 25, 2007

E360 apparently sells affiliate status to other spammers to force removal under injunction

(See the tag "E360" for more background on this story. In short, E360 Insight has obtained a court order forbidding anti-spam organization Spamhaus from listing E360 or any of its properties as a spammer.)

In April, I commented on E360's request that Spamhaus be forced to remove listings based entirely on E360's word that they owned the listed domain. Spamhaus noted that this would in effect allow E360 to sell affiliations to any spammer that wanted to be removed.

A week ago, I observed that E360 seemed to be advertising just such a service.

Well, as of today, Spamhaus has filed notice to the judge that E360 has done exactly that.

On June 15, 2007, counsel for e360 wrote counsel for Spamhaus and demanded that Spamhaus remove from its list of known spammers certain IP addresses owned by a company named Virtumundo. ... e360’s June 15 letter asserts that Virtumundo is a customer of and doing business with e360, and that e360 has contracted with Virtumundo for network management and eMessaging services...
The service agreement between E360 and Virtumundo makes it clear that neither company has any ownership interest in the other, and that E360 is merely acting as a service provider. One cannot help but suspect that the "service" E360 is actually offering is the removal of Spamhaus record SBL41635.

Full text of Spamhaus' notice to the court, and their exhibits, including a copy of the agreement between E360 and Virtumundo can be found at Spamsuite.

Update: Direct magazine (email marketers' trade magazine) has an article about this, entitled "Linhardt Turns Spamhaus Court Order into New Service".

Labels: , , ,

Friday, June 22, 2007

E360 to all the other email marketers: give us your lists

OK, this is just getting weird. E360 claims they're launching a "Permission Verification Service" in which you send them a complete copy of your mailing list and they evaluate it to let you know if it's legit. Or it's an interesting way to add email addresses to their own lists. You decide.

Oh, and there's an "oh, poor us" paragraph comparing spam-fighting to McCarthyism.

Labels:

Thursday, June 21, 2007

Spammers taken to small-claims court

Interesting article in the Palo Alto Daily News today. In short, anti-spam activists Joe Wagner and David Cannon — both PhD students at Stanford — sued a number of major spammers in small claims court in Palo Alto, California.

Among those sued were Valueclick (Scott Richter), Opt In Real Big, Livemercial, SubscriberBASE, Offerweb, and Azoogle. The spammers' defenses were the usual — "We weren't served properly"; "The evidence was faked"; "It wasn't us, it was our affiliates".

The article is worth reading in its entirely.

The judge said he would rule by the end of the month. I'll report on the results as soon as I know them myself.

Wednesday, June 20, 2007

et tu eCost? eCost sells my email address.

Received spam today from an email address I gave to eCost. It was mainsleaze in that it advertised an AMD product and was technically CAN-SPAM compliant. The "remove" link points back to a company called ifc12.com which is an alias for worldata.com.

Goodbye eCost; I'm never doing business with you again.

Tuesday, June 19, 2007

E360 advertising Spamhaus removal services

In April, I wrote about an interesting aspect of the E360 vs Spamhaus court case. E360 has obtained a court injunction which requires that Spamhaus remove E360 and all of their aliases from the SBL. However, E360 does not want to provide Spamhaus with a list of such aliases so that Spamhaus can comply, and they don't want to provide any proof of ownership of those aliases which they've informed Spamhaus about. In short, they want a blank check to contact Spamhaus at any time and demand the removal of any listing.

I pointed out at the time that giving E360 what they're asking for would enable them to go into the de-listing business. That is, anybody who wanted off the SBL could make a deal with E360 and E360 would then send a letter to Spamhaus claiming ownership of the domain in question and demanding its removal from Spamhaus' list.

Well, it looks like something similar is coming to pass. If you search for spamhaus on Google, one of the ads that comes up is this ad from E360:
Problems With Spamhaus?
Read how e360 helps clients verify
permission & remove SBL listings.
www.e360insight.com
The page linked by the ad consists of an attack on Spamhaus, and ends with "Contact us to learn how to verify permission and remove Spamhaus SBL listings"

Labels: ,

Friday, June 15, 2007

Texas vs Alonzo Villanueva

Another spammer in legal trouble. The state of Texas charged Alonzo Villanueva with spamming in violation of CAN-SPAM and with operating a bot network. The case was settled before trial.

Villanueva is now prohibited from registering any email account, domain name, etc under a false name. He is prohibited from sending any electronic message with forged headers. He is prohibited from having anything to do with any botnet. He must pay $5000 in fines.

More information at SpamSuite, the San Antonio Business Journal, and the Texas Attorney General press release.

Labels: ,

"Acecco Ltd" spammer threatens child-porn Joe-job

Interesting thread in news.admin.net-abuse.email toady. A spammer known as "Acecco" (with variations on spelling) wrote to anti-spammer "Wombat" with the threat

Please immidiatly replace our company name in your message on
groups
google with ***** or what ever you wish. Otherwise we will start
send
CHILD PORNO from your addresses very soon.

They were apparently serious, as Wombat soon started getting bounces from email spams for child porn which had his email address in the From line in the email.

See netnews thread Threat from spammer and the Spamhaus SBL listing for more of the story.

For now, there's not much to do, and steps are being taken to track down the spammer responsible. This is just a heads-up that if you get child-porn ads in your inbox, don't freak out — it's probably just a joe job.

Phisher Jeffrey Goodin sentenced to 70 months

In January I reported that Jeffrey Goodin had been convicted under CAN-SPAM. It is believed this is the first person every convicted in a jury trial for CAN-SPAM violations.

Yesterday, LawFuel Newswire reported that Goodin has been sentenced to 70 months in the federal slammer. In addition, he's being ordered to pay over $1 million to the victims of his phishing schemes, most of it to Earthlink.

After being indicted, Goodin harassed an individual who had been cooperating the authorities. While waiting for trial, Goodin failed to appear at a hearing, causing the FBI to track him down under a failure-to-appear warrant.

See articles in LawFuel and Information Week for more details.

Labels: ,

Thursday, June 14, 2007

Why Soloway was denied bail

More on this issue in today's Globe and Mail.

It's actually quite unusual for bail to be denied to non-violent offenders, and there has been much speculation as to what was behind the judge's reasoning.

In this case, there were a number of factors mentioned by the judge. The primary one being that Soloway has family in Sweden and minimal ties to the Seattle area. The judge noted that it's as easy to spam from Sweden as from the U.S.

In addition, the judge noted that Soloway was known for ignoring court orders as shown by his failure to pay the judgements against him obtained by Microsoft and an Oklahoma ISP, combined with the fact that he continued spamming afterwards.

In an old post to a spammer's bulletin board, someone claiming to be Soloway bragged that he was never going to pay any judgement against him. This may have come back to haunt him.

More information can be found in Seattle PI article Spam suspect denied bail.

Labels: ,

FBI makes arrests in botnet case

SC Magazine reports that the FBI has arrested or charged three men in connection with a botnet believed to comprise more than a million zombie computers.

Named are: James C. Brewer of Arlington, Texas, Jason Michael Downey of Covington, Ky, and — wait for it — Robert Alan Soloway, the spammer who was already arrested a few weeks ago on various charges running from fraud to money laundering.

The botnet in question was used for both spamming and executing DDoS attacks. It's not yet clear if this is the botnet involved in the recent attack against various anti-spam services.

Labels: , , ,

Wednesday, June 13, 2007

No bail for Soloway

Spammer Robert Soloway, arrested last month on multiple counts of fraud, money-laundering and identity theft, had his detention hearing this morning. The court has ordered Soloway back into custody. Trial is set for 08/06/2007.

Bottom line: it's back to the slammer for this spammer.

Labels: ,

Congress about to legalize spyware

As reported in this morning's BoingBoing. The SPY act, which is nominally an anti-spyware law, actually includes language making it legal for companies such as Sony to install spyware on customers' computers.

The FTC and DoJ have both said that they already have the authority they need to go after spyware vendors, so the new law has no effect other than to legalize spyware.

Visit the EFF web site and act now.

Labels:

Tuesday, June 12, 2007

Spammer Adam Vitale pleads guilty under CAN-SPAM

Via Reuters: NY man pleads guilty to spamming AOL subscribers. Adam Vitale has pleaded guilty to sending email spam to more than 1.2 million AOL subscribers. He faces up to 11 years in prison. His partner, Todd Moeller, faces the same charges.

Labels: ,

Thursday, June 07, 2007

Spamhaus, URIBL, SURBL under DDOS attack

This has been ongoing for a couple of days now. Spamhaus and two other major blocking list providers have been under a distributed denial-of-service (DDOS) attack. Steve Linford of Spamhaus believes that the source of the attack is the same people who executed the attack against Blue Security last year which effectively destroyed their Blue Frog anti-spam project.

Spamhaus has implemented anti-DDOS countermeasures and is weathering the storm. Uribl has closed up shop, redirecting their IP address to 127.0.0.1 until things blow over. (One wag has suggested that they redirect to 255.255.255.255 in order to get the attention of the ISPs hosting the zombies. Bit of network geek humor there.)

More information can be found in Linford's announcement on usenet news.

Labels: , , ,

Wednesday, June 06, 2007

The news on Soloway...

Is that there is no news. Soloway's detention hearing, originally slated for Monday, and then postponed until today, has been pushed back another week. Soloway remains in custoday until then.

The detention hearing is now scheduled for 13 June, at 9:00 am.

Labels: ,

Zango's request for a TRO against PC Tools denied

Two weeks ago, I wrote about how spyware maker Zango is suing PC Tools for labeling them as spyware and removing them from users' computers.

The latest news from SunbeltBLOG is that their request for a temporary restraining order has been denied by the court (pdf, 9 pages). (Link via Spam Notes.)

To summarize the court papers: The latest version of PC Tools' Spyware Doctor program gives Zango the most benign rating available, but still lists them. Zango says this isn't good enough because older versions of Spyware Doctor are still available, and because Zango doesn't want to be listed at all. Zango admits they distributed harmful malware before, but says they've gone straight since they were fined $3M by the FTC.

The court agrees that Zango will suffer harm to its reputation if it PC Tools continues to label them as a "Potentially Unwanted Application" but disagrees that the harm is significant enough to warrant a TRO, especially given that PC Tools has already taken steps to mediate the harm.

More significantly — and here are the best parts — the court has stated that it thinks that Zango is unlikely to win their case on the merits (page 6).

But most significantly of all, on page 8, the court rules that the public interest favors the defendant. That is, "it is in the public interest to allow companies similar to Defendant to be able to exercise their judgment and block potential malware applications"

Labels: , , ,

Tuesday, June 05, 2007

More on the BBB and IRS phishes

Analyst Joe Stewart informs me that these are being sent by at least two different groups, using two different approaches. His analysis of the BBB phish describes the phish in detail. In short, the trojan connects to Internet Explorer and steals everything it can get ahold of. Over 145 Mb of data has been collected from over 1400 victims so far.

Labels: ,

More on E360Insight vs Hacker X

Direct magazine, a news magazine for direct marketers has a little bit more on the story of the alleged cracker who broke into E360's systems and sent porn spam to nearly 300,000 people on one of E360's client's email lists. E360 CEO Dave Linhardt claims that they subsequently lost that customer's emailing business.

Linhardt also made sure to mention that two of the defendants in the SLAPP suit he filed against various anti-spammers live in the region where the cracker was operating, and that he believes the defendants have been helping Spamhaus, a defendant in another SLAPP suit he has filed.

Linhardt says that he's notified the FBI and other authorities of the break-in.

For an example of the cracker's work, see this wonderful Snopes article about the email alleging that folks with AIDS can fly Southwest airlines for free.

Other examples attacked with American Airlines and Wendy's Hamburgers.

Labels: , ,

Monday, June 04, 2007

More targeted spam, this time puportedly from the IRS

The other day, I mentioned a spear-phishing campaign in which the phisher sends you a highly-targeted message telling you that there has been a Better Business Bureau complaint against you and you should click this virus link to learn more.

Well, today I read in Snopes that there is a similar scam involving an email purportedly from the IRS. Same MO as before — don't click the link or you'll find yourself infected with malware.

Friday, June 01, 2007

More Soloway legal documents

Spamsuite now has copies of the search warrant and two affidavits which were filed to support the warrant (FBI, IRS). The affidavits are the most interesting to read. They detail Soloway's history of spamming, fraud, credit card theft, and money laundering.

Other tidbits: Soloway started Newport Internet Marketing when he was 16. NIM was operating illegaly in Washington, being a California corporation which did not file the proper papers to operate in WA. NIM's incorporation has been suspended in California, although Soloway kept operating as if it was still a legal corporation.

Soloway made $1.6M in the last four years.

I for one, would be very interested to see the names of his spamming customers revealed during the trial.

Labels: ,