Big win for California spam law

Big news from California:

Court Holds Recipients of Unlawful “Spam” Are Entitled to $1,000 Per Email

Last week, Superior Court judge Marie Weiner ruled that Dan Balsam was entitled to $7000 damages plus attorneys' fees and costs from Trancos Inc., of Redwood City.

This is huge news for two reasons: First, it's the first time an anti-spam case has been won by an individual instead of a major ISP.

But more importantly, the judge has ruled that the CAN-SPAM act does not pre-empt the California anti-spam law, California Business & Professions Code § 17529.5.

The judge ruled that the use of generic words in the From: line such as "Paid Survey" and "Your Business" were deceptive, along with their use of multiple domain names, the use of unregistered fictitious business names, and a box at the UPS store were intentionally misleading.

Full details at http://www.DanHatesSpam.com/trancos.html (pdf).

More coverage can be found at the San Francisco Chronicle: SF lawyer awarded $7,000 from email spammer, and SlashDot: 1st Trial Under California Spam Law Slams Spammer.

Waledac botnet goes down

Another triumph in the "yes, you can fight spam" category: Kaspersky lab's Thread Post newsletter is reporting that the Waledac botnet has been knocked nearly completely off line and is sending almost zero spam.

I briefly mentioned the Waledac botnet in an earlier post in which I reported that Microsoft had significantly damaged the botnet's command-and-control servers via court order.

More details can be found on Microsoft's security blog in the article What we know (and learned) from the Waledac takedown.

And another botnet goes down

Via Slashdot: IT World reports that the Zeus botnet was partially knocked offline when its supporting ISPs, Troyak and Group 3, were disconnected by their upstream servers. IT World is reporting that the Zeus botnet lost a third of its command-and-control servers overnight.

According to IT World, the Zeus botnet was responsible for a wave of financial fraud that caused hundreds of millions in losses over the past year.

The first and most effective such takedown ocurred just over a year ago when McColo was taken down by its upstream providers. The Rustock and other botnets were knocked offline, resulting in a 60-70% drop in spam overnight.

More problems for Cryptome

Last week, I wrote about the whistle-blowing website Cryptome, which was shut down by Network Solutions after a DMCA complaint from Microsoft. Microsoft relented under the bad publicity and withdrew their complaint and Cryptome is now back on the air.

Today, it seems that Cryptome's problems are not over yet. As reported by SlashDot, Paypal has taken it upon themselves to freeze Cryptome's accounts in preparation for dropping them completely.

I guess the moral of the story is: if your site is at all controversial, don't depend on Paypal.

Another spammer in the slammer: Alan Ralsky

Long-time spammer Alan Ralsky reported to the Morgantown federal pen yesterday. He was sentenced to more than four years last November.

Always unrepentant, Ralsky may or may not re-evaluate his career choice, but at least we'll be free of his spam for the next few years.

Another botnet goes down

Via Associated Press and other sources, three alleged ringleaders of the Mariposa botnet (aka W32.Pilleuz) have been arrested, with more arrests expected soon. The arrests were of three Spanish citizens with no previous records. Their names have not yet been released. They face up to six years in prison.

The Mariposa botnet is reported to have infected upwards of 12.7 million computers, including those belonging to 40 major banks and half of the Fortune 100.

The infection vectors included instant messaging of malicous links to contacts found on compromised computers, various P2P protocols, and one of my old favorites: infected thumb drives.

Much more detail can be found in Symantec's security blog.

Update: worth reading: two weeks ago Microsoft was able take down the "Waledac" botnet which was responsible for 1.5 billion spams/day. See PC Pro article Microsoft secretly beheads notorious botnet.