The Spam Diaries

Michelle Bachmann campaign -- spammers

2011-12-01T18:24:00.000-08:00

An article from the Iowa Republican: Bachmann Campaign In Hot Water Over Misuse of Homeschooler Email List

In a nutshell, the Bachman campaign downloaded the email contact list of the Network of Iowa Christian Home Educators (NICHE) without NICHE's knowledge or permission and used to to send political spam to its members.

Interestingly, campaign laws may now require NICHE to make its mailing list available to any other political candidate that wants to use it.

Shout out to "MainSleaze" anti-spam web site

2011-10-21T19:42:00.000-07:00

Just a quick pointer to a new blog run by Catherine Jefferson: MainSleeze

The title pretty much says it all, it's a blog devoted to naming and shaming mainstream companies that use Spam in their advertising.

Name and shame: CDR Outlet sells me out

2011-07-10T13:45:00.000-07:00

A tagged address I gave only to CDR Outlet has just received spam, ostensibly for some McDonald's coupons, but probably really a virus.

Now, whether CDR Outlet deliberately sold my email address, or a rogue employee sold a copy of the email list, or a rogue email service provider sold it, it's impossible to tell, but whichever it was, shame on CDR Outlet for not protecting my email better.

Quick news from the E360 case

2011-06-09T19:59:00.000-07:00

(via usenet)

The audio transcript of the damages hearing in the E360 case is available as an mp3 file: http://www.ca7.uscourts.gov/tmp/8K0VUL4K.mp3

The money quote at 19:20 into the recording:

I have never seen such an incompetent presentation of a damages case, it's not only incompetent, it's grotesque. You've got damages jumping around from 11 million to 130 million to 122 million to 33 million. In fact the damages are probably zero

A true Final Ultimate Solution to the Spam Problem?

2011-05-19T22:31:00.000-07:00

A common acronym in spam-fighting is FUSSP — Final Ultimate Solution to the Spam Problem. It's used (usually derisively) to describe the latest proposed scheme to end spam once and for all. Usually these schemes are based on false assumptions or have already been tried with no results.

This time — be still, my beating heart — it looks like some researchers at the University of California might really be on to something.

According to the New York Times, researchers have discovered that 95% of drug and herbal remedy credit card transactions are handled through just three financial companies in Azerbaijan, Denmark and the West Indies. Presumably, if these companies could be persuaded to stop supporting spammers, then the money supply which drives spam would dry up, and the spammers would be forced to close shop.

The UC paper is available here (pdf).

I've said before that spam exists because ISPs tolerate it. This seems to hold true for financial institutions as well. If the financial institutions stopped abetting spammers, the theory goes, then spam would be significantly curtailed.

Of course, I don't have any illusions that this is the final solution to the spam problem. There will always be spam as the spammers find ways around the shut-down of their credit card processing suppliers. But as the shut-downs of major botnet command-and-contol centers in the past have shown, you can fight spam, if you're just willing to do it.

Shame on Waiter.com for giving my email address to spammers

2010-05-07T11:59:00.000-07:00

And as a follow-up to my previous post, the "Thank you for buying iTunes Gift Certificate!" virus spam I received yesterday was sent to a tagged address I created for use with waiter.com.

So shame on waiter.com for either selling my email address to spammers, or at the very least, for having sloppy security.

Just to be clear, no you didn't buy an iTunes gift certificate and forget

2010-05-07T11:51:00.001-07:00

I've gotten a couple of these in the last couple days. "Thank you for buying iTunes Gift Certificate!" followed by the usual yada-yada telling you to open the enclosed zip file.

The only thing in the zip file is a .exe file, and I don't think I need to warn you about running .exe files from strangers.

y'all be careful out there.

Big win for California spam law

2010-03-18T22:36:00.000-07:00

Big news from California:

Court Holds Recipients of Unlawful “Spam” Are Entitled to $1,000 Per Email

Last week, Superior Court judge Marie Weiner ruled that Dan Balsam was entitled to $7000 damages plus attorneys' fees and costs from Trancos Inc., of Redwood City.

This is huge news for two reasons: First, it's the first time an anti-spam case has been won by an individual instead of a major ISP.

But more importantly, the judge has ruled that the CAN-SPAM act does not pre-empt the California anti-spam law, California Business & Professions Code § 17529.5.

The judge ruled that the use of generic words in the From: line such as "Paid Survey" and "Your Business" were deceptive, along with their use of multiple domain names, the use of unregistered fictitious business names, and a box at the UPS store were intentionally misleading.

Full details at http://www.DanHatesSpam.com/trancos.html (pdf).

More coverage can be found at the San Francisco Chronicle: SF lawyer awarded $7,000 from email spammer, and SlashDot: 1st Trial Under California Spam Law Slams Spammer.

Waledac botnet goes down

2010-03-16T15:40:00.000-07:00

Another triumph in the "yes, you can fight spam" category: Kaspersky lab's Thread Post newsletter is reporting that the Waledac botnet has been knocked nearly completely off line and is sending almost zero spam.

I briefly mentioned the Waledac botnet in an earlier post in which I reported that Microsoft had significantly damaged the botnet's command-and-control servers via court order.

More details can be found on Microsoft's security blog in the article What we know (and learned) from the Waledac takedown.

And another botnet goes down

2010-03-10T18:09:00.000-08:00

Via Slashdot: IT World reports that the Zeus botnet was partially knocked offline when its supporting ISPs, Troyak and Group 3, were disconnected by their upstream servers. IT World is reporting that the Zeus botnet lost a third of its command-and-control servers overnight.

According to IT World, the Zeus botnet was responsible for a wave of financial fraud that caused hundreds of millions in losses over the past year.

The first and most effective such takedown ocurred just over a year ago when McColo was taken down by its upstream providers. The Rustock and other botnets were knocked offline, resulting in a 60-70% drop in spam overnight.

Another spammer in the slammer: Alan Ralsky

2010-03-03T13:02:00.000-08:00

Long-time spammer Alan Ralsky reported to the Morgantown federal pen yesterday. He was sentenced to more than four years last November.

Always unrepentant, Ralsky may or may not re-evaluate his career choice, but at least we'll be free of his spam for the next few years.

Another botnet goes down

2010-03-03T10:35:00.000-08:00

Via Associated Press and other sources, three alleged ringleaders of the Mariposa botnet (aka W32.Pilleuz) have been arrested, with more arrests expected soon. The arrests were of three Spanish citizens with no previous records. Their names have not yet been released. They face up to six years in prison.

The Mariposa botnet is reported to have infected upwards of 12.7 million computers, including those belonging to 40 major banks and half of the Fortune 100.

The infection vectors included instant messaging of malicous links to contacts found on compromised computers, various P2P protocols, and one of my old favorites: infected thumb drives.

Much more detail can be found in Symantec's security blog.

Update: worth reading: two weeks ago Microsoft was able take down the "Waledac" botnet which was responsible for 1.5 billion spams/day. See PC Pro article Microsoft secretly beheads notorious botnet.

Don't register or host your domain in the U.S. if it's controversial — part 3

2010-02-24T18:26:00.000-08:00

I wrote about this issue previously in 2008 and again in 2009. If your web site is at all controversial, have it both registered and hosted offshore. Whistle-blowing site Wikileaks learned this the hard way in 2008 when Swiss Bank Julius Baer, was able to seize their domain registration in court after Wikileaks published information that was embarassing to the bank.

This week, Microsoft and Network Solutions locked the domain name of another whistle-blower site, Cryptome.org. Cryptome had published some embarassing Microsoft documents. Microsoft retaliated by filing a DMCA case against Cryptome. By law, Cryptome is allowed to file a counter-claim, at which point the service provider is required to restore the controversial material and the case needs to go to court to be settled. But when Cryptome filed their counter-claim, Network Solutions shut down their domain.

For the full story, see Site Leaks Microsoft Online Surveillance Guide, MS Demands Takedown Under Copyright Law.

For now, the forbidden documents are hosted at WikiLeaks.

Who's the worst source of spam? It's a horse race now

2010-01-10T09:28:00.000-08:00

It used to be that you could always count on the U.S. to be the worst source of spam in the world, with maybe China or Brazil coming in a distant second.

But things seem to be changing. In early December, a number of articles were published in eSecurity Planet and other sources about a report from Cisco that Brazil had finally overtaken the U.S. as the spam leader. The U.S. had a peak of 8.3 trillion spam messages (more than one thousand for every man, woman, and child on the planet) in 2008. But thanks to U.S. ISPs finally getting at least a little bit serious about the spam problem, as in the takedown of McColo last year, the number declined to a mere 6.6 trillion in 2009.

Meanwhile, Brazil managed to climb to 7.7 trillion, edging out the U.S. as the spam king of the planet.

But wait, there's more. According to a Network Box article in 2009, Vietnam had become the world spam leader, producing 10.9% of all spam worldwide, with Brazil in second place at 8.3%. CircleId has also picked up the story, although Business Week has Vietnam in 16th place at 1.7% of all spam.

So who's really in first place? Perhaps Network Box and Cisco are counting in different ways (Network Box seems to be counting spam separately from phishing and viruses, while perhaps Cisco is combining them. And where is China in all this? And what can the U.S. do to regain its preeminent position?

There's one more point to ponder: Vietnam, China, and Brazil may be the places where most of the spam is delivered from, but I think if you follow the trails (and follow the money), you'll find that it all leads back to the U.S.

Don't register or host your domain in the U.S. if it's controversial — part 2

2009-12-29T09:22:00.000-08:00

Last year, I wrote that you should never host or register your web site in the U.S. if it's at all controversial.

The problem is this: someone who wants to shut you down — whether it's someone whose business you interfere with, or the government itself — can usually find a judge somewhere who will be happy to issue a court order seizing your domain name or ordering your hosting provider to shut you down. Hosting your domain and servers overseas gives you a considerable amount of cushion against such abuses of the legal system.

In this week's news, we learn of a judge in New Jersey who has ordered three web sites shut down [ComputerWorld] because they oppose the H-1B visa system.

Judge James Hurley has ordered the three web sites shut down because of a lawsuit by Apex Technology Group Inc., which is suing the three sites for libel, based apparently on anonymous comments left on the sites.

In addition, there is some brouhaha about leaked documents. The leakers should have known to send the documents to wikileaks, who have a history of surviving such legal challenges. (Although, when I just now checked their web site, they've suspended operations while they look for more funding. I think they're a good cause, you might consider contributing.)

You can also read more at vdare.com, another anti-immigrant website.

Related news: According to SlashDot, political parody group "The Yes Men" have had their parody site pulled off line by the Canadian Government.

New anti-slapp law under consideration

2009-12-22T17:54:00.000-08:00

Thanks to commenter Samantha J. Brown, Legislative Director of the Federal Anti-SLAPP Project, I've learned about proposed federal law H.R.4364 which was introduced last week by Rep. Steve Cohen.

The importance of a good anti-SLAPP law to free speech cannot be stressed enough. For decades, bad actors with deep pockets have abused the legal system to stifle free speech. While there are individual states with anti-SLAPP laws, the lack of a federal law has allowed the abusers to "venue shop" for a court that would be friendly to their brand of harassment.

I've already said enough about my own experiences with the legal system, so I'll simply urge you to read the news item about H.R.4364 for yourselves.

Tactera vs MAAWG

2009-12-13T15:30:00.000-08:00

The other day, I wrote about Tactera, the snowshoe spammer which had finally earned its place in the Spamhaus ROKSO list. More stories about Tactera have been brought to my attention recently. Today's interesting tidbit is that on their "about us" page, Tactera strongly tries to imply that they are members of the Messaging Anti-Abuse Working Group (MAAWG) and the Email Sender & Provider Coalition (ESPC).

A little checking has shown that Tactera is a member of neither group. You can read a little more about it in this usenet post. It should be interesting to see what happens when MAAWG's lawyers see this.

Woman sues Burger King over text message spam

2009-12-10T09:27:00.000-08:00

At the Miami Times is a report of a woman who is trying to file a class-action lawsuit against Burger King over spam texts sent to her cell phone (and presumably to thousands or millions of other cell phones.)

Unlike email spam, text message spam is very clearly forbidden under USC 47, so it looks like she may have a strong case. Especially since she contacted them and asked them to stop spamming her.

Tactera added to SpamHaus

2009-12-10T07:40:00.000-08:00

Here's one for the record books — or the patent office anyway. Long-time snowshoe spammer Tactera has finally been added to the Spamhaus Registry Of Known Spamming Operations (ROKSO). Because you need to be kicked off by three internet providers to join ROKSO, and Tactera usually operates under assumed names, it took a long time for them to qualify.

Why do I mention the patent office? Because in reading the ROKSO record, I was surprised to see that Tactera actually has a U.S. patent on showshoe spamming: 7,594,035

Alan Ralsky gets more than four years

2009-11-23T21:06:00.000-08:00

This just in: The Detroit Free Press and the Detroit News are both reporting that Alan Ralsky has been sentenced to over four years for stock fraud involving a pump-n-dump scheme, as well as money laundering.

I previously wrote about Ralsky in June, when I mentioned that he was facing up to 3½ years.

The sentence was even longer than prosecutors had asked for. Prosecutors had recommended leniency based on Ralsky's cooperation, but the judge saw it differently, citing Ralsky's two previous fraudulent schemes.

Prosecutors estimated that Ralsky made between $400,000 and $1,000,000 on the scheme, meaning that there could be as much as $600,000 unaccounted for. The Free Press estimates that Ralsky made $2.7 million, so there could be far more money unaccounted for.

Beware of "password reset" emails

2009-10-28T12:02:00.000-07:00

I've been getting a lot of these lately, and I suspect everybody else is too. Typically, you get an email from Facebook or some other social networking site telling you that your password has been reset, and please unpack the enclosed .zip file if you want to do something about it.

Obviously, this is just a very crude attempt at propagating a virus, and I know that nobody reading this would be foolish enough to open it, but please pass the word to your more gullible friends and relatives.

Update: ZDNet is reporting that the Facebook-specific spam is coming from the Bredolab botnet.

Update: Brian Krebs at Security Fix is reporting that the fake FDIC emails telling you your bank has failed are coming from the Zeus/Zbot password-stealing Trojan.

Adventures at a food conference

2009-09-27T10:47:00.000-07:00

The vagaries of fate caused me to attend a food blogging conference over the weekend. They asked for the name of my blog on the registration, and so I put down The Spam Diaries.

I didn't realize it at the time, but this information wound up on my name badge.

This resulted in several people walking up to me, reading my name tag and exclaiming "Oh! You're the Spam guy. I love Spam.".

And I'm all "Wow, I didn't know I was so famous." And them I'm all "Wait, what?". It wasn't until someone asked me what my favorite Spam recipe was that I figured out what was going on.

Anyway, a good time was had by all, and I learned a bit about food photography. I don't think I've ever walked away from a conference with so much swag. It got to the point where conversations went like this: "Excuse me, would you like a 20-lb bar of free gourmet chocolate?" "Oh, no thanks, I already have some." "Oh, one more bar wouldn't hurt; here take a couple." "No! Get away from me!"

Tagged.com ups the ante, phishes more aggressively

2009-07-09T21:51:00.000-07:00

Two years ago, I wrote about the social networking site tagged.com and the way they were phishing for users' email accounts and passwords in order to rope more users into signing up on their site so they could phish for their email accounts and passwords and so on and so forth.

The article received a fair bit of buzz and it looks like the problem is still ongoing.

A month ago, a Time Magazine reporter wrote about how he had been duped into visiting Tagged by a false email supposedly from a former colleague claiming that the colleague had posted photos on Tagged. The reporter logged onto Tagged and was phished of his email credentials. The photos he had come to see had never existed. Subsequently everybody on his contact list was then sent more fake emails inviting them to look at more non-existent photos.

Yesterday, ABC News had an article reporting that the New York attorney general's office is now investigating Tagged for identity theft in violation of New York state law.

From the article:

[Deputy counselor and special assistant to New York Attorney General] Benjamin Lawsky told ABC News that the attorney general's office believes Tagged.com's messages constitute a "really virulent form of spam" and that the actions were not likely a mistake -- and, he says, even if they were, the activity went on for more than three months and had the blessing of the company's CEO, even after the site received complaints.

Tagged is now on notice that it will be sued by the attorney general's office unless they can come up with a good reason why they shouldn't be.

Meanwhile, Tagged CEO Greg Tseng has posted a blog article assuring their readers that they would never, ever do something like this on purpose, that it was all a terrible mistake which they corrected as soon as they were notified.

Update: The Attorney General's office has a press release. In the AG's words:

Between April and June this year, Tagged sent tens of millions of misleading emails to unsuspecting recipients stating that Tagged members had posted private photos online for their friends to view. In reality, no such photos existed and the email was not from their friends. When recipients of these fraudulent emails tried to access the photos, they were forced to become a new member of Tagged. The company would then illegally gain access to their personal email contacts to send more fraudulent invitations.
...
Tagged made their invitational emails appear to have been sent directly from members’ personal email accounts, instead of from Tagged.com. The emails falsely stated that “[name] sent you photos on Tagged.” If a member had added a personal image to the website, Tagged also included that picture in these fraudulent email solicitations. Many consumers were unaware that Tagged accessed their email contact lists.

Greg Tseng, founder of Tagged has responded on his blog again:

... In no instance did Tagged access a person’s personal address book without their consent and no emails were sent without the person giving us permission. We realize that some were confused and accidentally agreed to invite their friends. We are truly sorry for any inconvenience or frustration that these people experienced

It's not entirely clear to me how Tagged plans to explain the fake "so-and-so posted a photo for you" emails, when no such photo even exists. I look forward to hearing their explanation for it.

Spanish Prisoner scam on the rise

2009-06-30T22:56:00.000-07:00

Just a heads-up; a variant of the Spanish Prisoner scam has been on the rise lately.

To recap: in the Spanish Prisoner scam, someone writes to you claiming to be a prisoner in a Spanish prison (the scam is said to goes back to the 1500's). If you send bail money, riches will be yours once he returns to freedom.

In the modern variant, the offer either arrives via random spam, or targeted directly to you through the compromised email account of a friend.

The latter form is the most insidious. The email actually comes from someone you know, claiming to be in dire straights of some sort or another. Typically your friend is traveling abroad, the email will say, and has been robbed of cash, credit cards, and ID. You are begged to send cash as quickly as possible so your poor friend doesn't wind up jailed as a vagrant or some other terrible thing.

If you're sharp, you might notice that your friend isn't calling you by your name. Or you might remember that your friend isn't traveling anywhere at all, and in fact you had poker night with them just last night.

If you're a little bit slow on the uptake, you might actually send some money. If that happens, expect to get requests for more (oops, too late, he got arrested for vagrancy and now needs bail money).

The requests for money will continue until you catch on or run out of money to send.

For a good account of the scam, read Gadi Evron's article Facebook Scam: I'm Stranded In London. Send Money!

So remember to be on the lookout. If you get email from a friend asking for emergency money, always double-check via some other channel. A phone call is best.

And if you're the one whose email, facebook, or other account has been used for a scam like this, be sure to contact everybody on your contacts list and warn them. Chances are, the scammer has been hitting every name on the list.

Meanwhile, Ralsky apparently gets to keep most of the money

2009-06-24T22:19:00.000-07:00

Yesterday, I wrote that spammer Alan Ralsky had pled guilty to a number of charges, and was facing roughly 3½ years in prison. The latest word comes from an FBI press release which indicates that Ralsky is also facing a $1 million fine.

However, Ralsky is said to have made $3 million on his various scams.

Hmm, let's see ... $3 million minus $1 million — carry the eleven — is wow, a whole lot of money. Not bad wages for 3½ years.

I'll leave it to my readers to draw their own conclusions about the U.S. justice system. I've already drawn mine.

Spammer Ronnie Scelson arrested, charged with molesting teenage girl

2009-06-24T21:56:00.000-07:00

Long-time spammer and all-around scuzzball Ronnie Scelson has been arrested in Slidell, LA and charged with molestation of a juvenile, forcible rape, possession of marijuana, possession of drug paraphernalia and possession of a weapon while in possession of narcotics. See WWLTV news article Man arrested after allegedly cuffing teen to chair, molesting her for the full story.

Scelson, you may remember, is known for sending out spam capitalizing on the 9/11 attacks (see Mercury News), then defending himself in this usenet thread.

Update: The Times Picayune has more on the story, adding a rape accusation involving a 15-year-old-girl.

Alan Ralsky pleads guilty in spam scam

2009-06-23T07:28:00.000-07:00

A perennial name in spam, Alan Ralsky, has pled guilty to conspiracy, fraud, and money laundering, along with several other defendants. I first mentioned this case in January of last year, when Ralsky was indicted along with his son-in-law and nine other people.

Among other things, Ralsky is said to have made $3 million in a pump-n-dump scheme involving the Chinese stock market. He faces up to 3½ years in prison. It's not known if he gets to keep the $3 million.

See San Jose Mercury News story Man who led spam scam pleads guilty in Detroit for the full details.

Still more on the car warranty scam

2009-06-16T07:55:00.000-07:00

Fox News has put names and faces on some more of the car warranty scammers. They are:

Christopher D. Cowart, of Fort Lauderdale, FL. He owns Transcontinental Warranty.

James A. Dunne, of Daytona Beach, FL. He owns Voice Touch along with his wife, Maureen.

Maureen E. Dunne, James Dunne's wife.

Christopher Cowart, of Boca Raton, FL. He owns Transcontinental Warranty.

Damian P. Kohlfeld, of Valparaiso, IN. He is the owner of Network Foundations, which among other things, produced the device used to falsify caller id.

Dunne and Kohlfeld have prior criminal records. All claim to be innocent, insisting what they were doing was legal, or that they were just following orders. The scam brought in between ten and forty million dollars.

It is still unclear what, if any, punishment they will face. My guess is that they'll be fined less than they made in the scam and face no jail time.

Read more: Behind a Massive Robocall Scam, Four Human Faces and A Peek Inside One Telemarketing Firm Ensnared in FTC Lawsuit.

More on the car warranty scam

2009-05-13T21:43:00.000-07:00

More from 10news.com: Automated calls from Del Mar-based company. According to the video, the calls come from one Mark Miller, aka Mark Moneymaker, of Del Mar, California. This contradicts earlier reports that they come from a company in Wentzville, MO. It's possible that there are two different entities performing similar scams.

More info on Moneymaker can be found at the Indiana Star, Consumerist.com (they actually robo-called the Indiana Attorney General at home), ABC News, and several other news outfits (just search for "Mike Moneymaker warrenty" on the search engine of your choice.)

THIS IS NOT SPAM! {recipiants_name}

2009-04-20T21:29:00.000-07:00

Sometimes the title just speaks for itself. Spam received just now — to a tagged address — started with the above text.

This is your second notice that your factory warranty is about to expire

2009-04-19T19:54:00.000-07:00

If you have a cell phone, you've probably gotten this call. A recorded voice tells you that your factory warranty is about to expire, and please press 1 to buy a new one.

These calls violate USC 47 in at least two ways that I can think of. First, it's against the law to make a recorded phone call that isn't at least introduced by a live human, and second, it's against the law to make any sales call to a cell phone.

However the telemarketers have discovered something that the spammers already knew: Nobody's enforcing the law.

It started with mortgage companies, and quickly spread to other less-than-upright business models. Now, the telemarketers dial away with impunity.

Going after the telemarketers via the courts is a losing proposition. First, tracking them to the source is a near-impossible task — the minute you ask them who they are and how they got your number, they just hang up. Caller ID is useless because they use technologies that allow them to hide or even spoof the numbers. Calling back and yelling at whoever answers the phone only results in some poor innocent person being harassed. Googling for the phone number only gets you messages from other victims asking who it was who called them. Oh, and "press 2 to be removed from the list" doesn't work either.

Even if you do track them down, small claims courts have shown themselves unsympathetic, either not understanding the law or not caring.

But despair not. I stumbled across an informative post on reddit the other day.

Although I can't personally vouch for the information, it seems that one of the commenters has managed to track the car warranty spam to National Auto Warranty Services, Inc., aka US Fidelis, Inc., of Wentzville, MO. According to the post, Verizon, AT&T, and the Missouri Attorney General have all sued them, although the calls keep coming.

Googling for "National Auto Warranty Services" reveals quite a bit of information on them, not the least of which is that they're a scam as well as a nuisance. The web site National Auto Warranty.com contains a very simple landing page which says, in essence, "if you're trying to complain about telemarketing calls, it wasn't us. You're looking for

National Auto Warranty Service, Inc.
100 Mall Parkway
Wentzville, Missouri, 63385
U.S.A.
Phone: 800-649-1856

The post on Reddit includes this same address, as well as a number of phone numbers and email addresses of relevant government agencies, such as the FTC, where you can lodge a complaint. I suggest you bookmark this page for the next time you get one of those calls. I know I will.

More information can also be found at complaintsboard.com.

Another spamming "social networking" site — Yaari

2009-02-03T16:20:00.000-08:00

Got an email from a friend the other day, asking me to connect to her in the social networking site "Yaari". Never heard of it before. Figured, it was yet another social networking site that fools you into signing up, steals your address book, and then sends a bunch of fake invites that look like they came from you.

Two days later, I get this:

Subject: Don't click on Yaari!
Attention....    

   If you recieve a mail from me about Yaari, please DON't click on it!!
   That is a SPAM  that I hit on!

       Sorry....

Well, no surprises there. Remember kids, don't give your passwords out to strange web sites.

Phishing attacks reach Twitter

2009-01-04T21:52:00.001-08:00

Social networking site Twitter is experiencing a bad round of phishing, prompting admins there to publish a warning on line.

How it works:

In short, spammers get your Twitter ID in any one of a number of ways, and send you a direct message — which twitter forwards to you via email — or perhaps simply send you an email constructed to look like it came from Twitter.

The email is a typical phishing email which invites you to log onto Twitter and directs you to a Twitter look-alike web site (e.g. twitter.access-login.com) which then steals your Twitter login and password.

Your Twitter account is then used to send more phishing direct messages to all of your contacts, and the process continues.

One more complication: Normally, direct messages can only be sent between accounts which have mutually followed each other. In other words, before the phisher can send you a direct message, they somehow have to get you to follow them back on Twitter.

One way this is accomplished is by simply following you and hoping you'll blindly follow them back. Yet another way is by exploiting various "auto-follow" systems. The way auto-follow works is that you can contact the Twitter support team and ask that auto-follow be enabled for your account. Then, anytime someone follows you, you wind up following them back — and becoming a target for phishing messages — without having taken any positive steps to do so. There are also third-party services such as Tweet Later which provide auto-following as a sideline tool.

It's not yet known what the goal of the phishers is. It could all just be a juvenile prank, or perhaps the phishers are waiting until they've compromised enough accounts before they start swamping Twitter with advertisements.

What you can do: First and foremost, never enter your login information into a web page which you reached by clicking a link in an email. Or if you must, double and triple-check the url in the browser to make sure that it's really the web site you think it is.

Never be fooled into thinking that your favorite web site has inexplicably set up a different domain name to handle logins (it's actually harder to do it that way, not easier, because of the way cookies work.)

In fact, it's best to type in the domain name yourself, or use a bookmark you've previously created, rather than trust any url you saw in an email.

Update: Computerworld has an article as well: Twitter phishing scams: Not so tweet. It discusses more possible motivations for the phishers and has more details on how the phish works.

Also, one commenter made a point which is very significant: Even if your twitter login isn't very valuable on twitter, many people use the same credentials on a variety of sites. You might want to consider a policy of using different passwords on different sites.

Yes, you can fight spam — part 1

2008-11-18T23:37:00.000-08:00

Last week, I wrote about a study conducted by researchers at the University of California on the economics of spam. They had determined that the spammers were obtaining a conversion rate of less than one in twelve million from their botnet-sourced spam. That is, the spammers had to send twelve million spam emails for every customer they snagged.

I concluded that "just hit delete", educating the users, improved filters, or trying to use the legal system just were not going to work to stop spam.

This week, I'm going to talk about something that apparently does work: not tolerating the bad actors responsible.

If you follow spam issues in the news, then you may have heard of the takedown of a black-hat ISP in San Jose, California known as "McColo". You can read all about it in Brian Kreb's Washington Post article Major Source of Online Scams and Spams Knocked Offline.

In a nutshell, McColo was one of the prime bad-guys of the internet. Child porn, phishing, credit-card processing for criminals, you name it. We're talking the Dr. Moriarty of the internet here. As part of all that, they were knowingly hosting the command-and-control centers for major botnets.

McColo had been well-known to a number of internet security experts and spam-fighters. Attempts to get them disconnected by their upstream providers, Hurricane Electric and Global Crossing had long fallen on deaf ears. Finally, it reached the point where their support of McColo was going to reach a wider audience. Faced with a public shaming, they finally did the right thing and gave McColo the boot.

Here's what's significant: The shutdown of McColo resulted in a 60-70% drop in spam worldwide overnight.

Let me say that again: A 60-70% drop in spam overnight. Worldwide. From disconnecting just one bad actor.

This chart, courtesy of SpamCop shows it best:

Other spam-tracking sources are reporting similar reductions in spam. It is reported that detections of the Srizbi botnet (the biggest, at 60 billion spams/day) are down by up to 95%. Similar reductions in activity have been seen in several other botnets, including Mega-D, Bobax, Rustock and possibly Asprox.

I don't have any illusions that this drop is permanent. The spammers and bot-herders will be looking to rebuild their networks almost immediately. I've already noticed an increase in virus spam lately, as have others.

(Note: This may be a good time to remind your friends and relatives not to click on any attachments they receive — especially anything in a .zip file.)

Also unfortunately, McColo had a backup plan in the form of Swedish internet service provider TeliaSonera who, not knowing what was going on, left McColo connected to the internet. McColo was savvy enough to wait until the weekend before taking advantage of their backup connection. The problem was discovered within hours, but getting them disconnected again required CEO approval, which took even more time. All told, McColo was back online for about twelve hours. Enough time, unfortunately, to transmit botnet control updates to servers in Russia. More details can be found in the U.K. Register.

It will probably take time for the spammers to get the botnet up and running, but we should see spam levels begin to rise again shortly.

Other articles on this takedown:

Washington Post: Major Source of Online Scams and Spams Knocked Offline
Washington Post: A Closer Look at McColo
HostExploit: McColo Cyber Crime USA (pdf)
HostExploit: McColo Supplement (pdf) — details McColo's reconnection and Russian connections.
Washington Post: Spam Volumes Drop by Two-Thirds After Firm Goes Offline
Washington Post: Answers Trickle Out as Spammer Networks Remain Compromised
UK Register: Dead network provider arms Rustock botnet from the hereafter — article about McColo's brief reconnection via Telia Sonera.

Next: You can fight spam by disconnecting bad actors

Classmates.com sued for false advertising

2008-11-12T09:27:00.000-08:00

You've seen the ads for classmates.com, I'm sure. Banners at the top of seemingly every web page on the internet that say "She married him? Catch up on the latest petty gossip at Classmates.com". Or something like that.

Today's Wired magazine has an article entitled Classmates.com User Sues; Schoolmates Weren't Really Looking for Him. The headline pretty much says it all. Anthony Michaels of San Diego, CA received a message from classmates.com telling him his old high school chums were looking for him. He paid $15 for a premium membership and found out — get ready for it — they lied. Nobody was looking for him. Now he's suing (scanned pdf, 20 pages) for false advertising and hoping for class action status.

Researchers Hijack Storm Worm to Track Profits

2008-11-07T10:31:00.000-08:00

Always good for information on the spam economy, Brian Krebs of the Washington Post has just published a truly fascinating article: Researchers Hijack Storm Worm to Track Profits.

Bottom line: a one-in-twelve-million conversion rate of spam to sales seems to be enough to keep the spam economy going.

The article covers a project by researchers at UC San Diego and UC Berkeley, who managed to infiltrate the Storm Worm bot network and take over a small portion of it.

They then redirected some of the spam payloads to fake websites which had been set up to mimic the actual websites advertised in the spam. Would-be customers would go to the fake web sites and try to order their penis pills and become another statistic for the researchers. (At which point the sale fails to go through — the researchers were fishing for statistics, not credit card info.)

All told, 350 million spams over 26 days resulted in 28 sales, for a total of just over $2700. Researchers estimate that they took over just 1.5% of the Storm Worm network, meaning that the network sends about — let's see, carry the one — just under 900 million spam emails per day, with a revenue of just about $7000 per day.

That's it. There's your math. $7000/day pays for something like 20% of the total spam load we all endure, day after day. And the vast majority of it going to penis pills that don't even work.

One more piece of math: The worm propagates as a virus mailed from victim to victim. Researchers discovered that a whopping one in ten people will click on the link and download the virus.

So what does this mean in terms of fighting spam?

Well, first of all, educating people about spam, or getting them to sign the Boulder Pledge to not buy anything advertised via spam, is hopeless. You'll never convince everybody. If the spammers only have to reach one person in twelve million spams, then educating 99% of the people, or 99.99% of the people, or even 99.9999% of the people just isn't enough.

In other words, Just Hit Delete won't work.

Technological means? So far, no good. We build better filters, spammers add more entropy to their message text to bypass them. I'm sitting behind at least three good filters at home, and I'm flooded with the stuff.

Legal means? Not very effective so far, mainly thanks to CAN-SPAM, which protects spammers from almost all legal remedies. Only state governments and the very largest ISPs have been able to take legal actions against spammers, and the spammers generally make themselves judgement-proof well before it comes to that.

The Federal government can theoretically put a spammer in jail, but I'm unaware of any such cases except when other crimes such as wire fraud are involved, in which case CAN-SPAM violations are added on the side.

Other questions about this research present themselves. Such as, if the researchers could take over a small portion of Storm Worm, why can't they take all of it over and shut it down?

Can Storm Worm be repurposed for good? Maybe launch a popup on the user's screen when it's installed, saying "hey dumbass what did you think you were doing when you clicked on that link?" or "are you really so stupid that you believed a Nigerian prince wanted your help laundering a vast fortune out of the country?" Sheesh.

I've always dreamed that someone would write a virus that takes over the victim's system and installs all the necessary security updates. Or maybe upgrade them to Linux. It would be a public service.

Here's a thought: credit card companies should run fake sites like this, and use it as a way to educate consumers who get caught in the net — or maybe just take their credit cards away and do us all a favor.

More seriously, I would have liked to see some effort by the researchers to track the worm to its source, but I think it's likely that they tried without success. It's believed that the bulk of this spam originates from Russia, where there is little or no hope of getting any real information on the spammers. Given that restriction, I think the researchers were forced to be satisfied with the information they were able to collect.

The academic paper is available from Berkeley's International Computer Science Institute (pdf).

Update: This morning, the BBC had a good article on the report. In it, they made one very good point: the conversion rate is so low, and the profit margin so slim, that this suggests some avenues of attack on the spammers.

As for myself, I'm not convinced. My first thought was that the old idea of charging postage for email might be worth pursuing. At a conversion rate of less than $1 per hundred thousand emails, an e-postage rate of 1/100 of a penny per email would pose no burden on ordinary consumers, but break the economic back of spam. However, I quickly dismissed this idea upon realizing that since the majority of spam is sent by 'bots, it's the consumers who will be paying the postage, and not the spammers. Further, the postage would be so cheap that most victims wouldn't be charged enough money to motivate them to do something about the problem, and certainly not enough to make law enforcement — who don't even get out of bed for anything less than grand theft — take any notice.

Is there any other way to pass the economic burden spam — any economic burden at all? — to spammers? If there is, word of it has yet to reach my ears.

Pissedconsumer.com: spammers and more

2008-10-29T14:51:00.000-07:00

In July, I wrote about a "reputation" web site which had been link-spamming this blog. I suspected that part of their business model would be to blackmail businesses into removing negative reviews. Comments on my article tended to back that up.

Today, alert reader Chad pointed out a couple of articles on PissedConsumer. In particular, YOUmoz blog is reporting that a reader has discovered that PissedConsumer seemed to be running a link farm in order to artificially boost their page rank and drive traffic. The comments are worth reading as well; one commenter claims that PissedConsumer was stealing content from his review site in order to populate their link farm. (Commenter also mentions that the DMCA complaint went ignored — this may be worth investigating on its own.)

Best of all is the comment from Google's Matt Cutts, who wrote in essense "they're nuked now". Way to go!

You can read more at Digital Point. Of interest is the first article in the thread, in which the author mentioned that PissedConsumer wanted nearly $2000 to remove bogus reviews. It looks like my suspicion of reputation blackmail was correct.

See also "Sockmonkey's" article How To Game Google SERPS.

Quick heads-up, spams containing zip files

2008-10-14T00:20:00.000-07:00

In case you haven't noticed, there's a new scam making the rounds, in which the payload is a zip file. The zip file contains a single executable whose name is in the form of (for example) e-ticket.doc.exe.

The spammers are obviously hoping that the operating system will remove the ".exe" before showing you the filename, at which point you think it's a harmless doc file and click on it.

The emails themselves come with a variety of enticing subject lines, and I have to give the spammers credit for creativity. The latest round come with the subject line "Your Online Flight Ticket" (plus a hash-buster), while previous rounds have come with subject lines suggesting that there's a FedEx delivery waiting for you, trouble with your credit card or something of a similar nature that demands your attention.

The enclosed zip file contains a virus of course. Most of you reading this are smart enough not to click on random attachments in email*, but do pass the word please.

eWeek has a short article on the subject: Malware in E-Mail Rose Dramatically in September, Security Pros Report

Kentucky seizes 141 internet domains connected to internet gambling

2008-09-23T14:37:00.000-07:00

Back in March, I wrote an article entitled "Don't register or host your domain in the U.S. if it's controversial" in which I showed the various ways in which either the government or private parties could use the legal system to seize your domain name and shut you down.

Today, I read an article in the Lexington Herald-Leader which tells of how the state of Kentucky comandeered 141 domain names belonging to internet gambling sites. Interestingly enough, the major gripe Kentucky seems to have with online gambling is that it competes with Kentucky's own state-sponsored gambling.

At any rate, Kentucky seems to have obtained a court order from Circuit Judge Thomas Wingate ordering the domains in question be transferred to the state of Kentucky. It is unclear from the article exactly whom the order was sent to.

Soloway comes clean — "Pure greed" made him do it

2008-09-22T14:51:00.000-07:00

From MSNBC: ‘Pure greed’ led spammer to bombard inboxes.

One last interview before Soloway goes to prison. He comes clean about his motivation (greed), how many emails he wound up sending (over 10 Trillion), how he felt about flooding the inboxes of all those people (just hit delete), and how much he made ($20,000 a day).

No pity on my part for most of the people who lost money to Soloway — they were spammers too, and if I was in charge, I'd be thinking about bringing charges against them as well.

In contrast to this article, see an interview from last month in the Seattle PI: 'Spam King' once felt 'invincible'.

Virginia Supreme Court strikes down Virginia anti-spam law; Jeremy Jaynes will possibly go free

2008-09-12T11:30:00.000-07:00

This just in from the Washington Post: Va. Supreme Court Strikes Down State's Anti-Spam Law

Background: In 2006, I reported (prematurely, it turns out) that porn and fraud spammer Jeremy Jaynes had lost his appeal after having been convicted under the Virginia anti-spam law which prohibited fradulent header information in spam.

Today, the Washington Post story reports that the Virginia supreme court has ruled that a person's constitutional right to anonymity overrides the anti-spam law.

Does this mean Jaynes will go free? It's too early to tell; it may still be possible to prosecute him for stock and other fraud.

More importantly, what does this do to other anti-spam laws, including CAN SPAM? It's too early to tell, and I'm not a lawyer anyway, but it seems to me that this could have repercussions on the provisions of CAN SPAM which require that the spammer provide truthful contact information.

New variants on the advance fee fraud hitting Craig's List

2008-08-19T12:59:00.000-07:00

A couple of years ago, I wrote about a scam where you have something to sell, and someone from overseas (usually Africa) buys it but pays too much and asks you to refund the difference. In the end, the check they sent you turns out to be bad and you're out the refund money. This very commonly happens to people with rental property, who get emails from someone from overseas planning to visit the area and who puts down too large a deposit and ask the landlord to forward the difference to their travel agent.

The more recent variant involves someone who advertises a nice place to rent on Craig's List and then absconds with the deposit. Read more about it at An Unread Blog.

In general, take the Craig's List warnings about dealing with strangers very seriously.

Related scams: You're looking for a roommate, and the interested party sends too big a deposit. The blog Active Rain has a good analysis involving a college student looking for a roommate, and a scammer willing to take the student's college fund.

Wikipedia has a good compendium of advance fee frauds.

Another spammer in the slammer — Michael Dolan

2008-08-14T20:28:00.000-07:00

While all the world's attention has been on Robert Soloway, other spammers have been quietly getting their comeuppance.

Today's story concerns Michael Dolan who's just been sentenced to seven years in jail plus three years of supervised release. He's pled guilty to fraud and aggravated identity theft.

His scheme, along with five other people, was to troll AOL chat rooms for user ids. Those user's then would receive "greeting card" spam which quietly installed malware on the victim's computers. The next time the victim attempted to log onto AOL, the malware would ask for credit card numbers, bank accounts, and other personal info. If the user refused to cough up, the malware prevented them from logging in.

There were also more traditional email phishes asking for AOL billing details.

On top of all of this, Dolan engaged in various forms of witness tampering, including a death threat, and had violated a previous probation for computer crime.

Dolan's scam brought in over $400,000 from 250 victims. As might be expected, his lawyer tried to use the insanity defense, as was the case with Soloway.

Full coverage at ars technica and InfoWorld.

Eight ways to get yourself blacklisted

2008-08-14T17:09:00.000-07:00

Good article today by Esther Schindler on Cio.com: Eight Quick Ways to Get Your Site Blacklisted.

It's a quick overview of bad email practices that can get you and/or your ISP on the anti-spam lists. If your business involves sending emails in any way, you should read it.

See also Slashdot coverage.

Eddie Davidson kills family and then self.

2008-07-24T15:47:00.000-07:00

I waited until multiple news sources had this story up before posting it, but it looks like it's true. Pump-n-dump spammer Eddie Davidson, who escaped from prison a few days ago, has killed his wife, his three-year-old-daughter, and himself. Two other children survived.

Media coverage: cbs4denver.com, Denver Post, 9NEWS.com, Fox News Colorado.

Another spammer in the slammer

2008-07-22T15:51:00.000-07:00

As if there's a strange conservation law in effect to counteract Eddie Davidson's escape, Robert Soloway has been given four years in prison for mail fraud, electronic mail fraud, and failing to file a tax return.

While it's less than the prosecution was asking for, it's more than just a slap on the wrist, and with a little luck he won't return to spamming when he's out.

He will also have to pay $700,004 in restitution, which very likely is a slap on the wrist. First, he almost surely has the bulk of his ill-gotten gains safely hidden away and so $700k is a fraction of what he actually made, and secondly, I would bet that the $700k never actually gets paid.

Soloway will be allowed to roam free for sixty days before serving his sentence. The government considers him a significant flight risk, so it will be interesting to see if he actually reports to prison when expected.

Coverage: KOMO tv: 'Spam King' gets 4 years in prison. SpamSuite: Sentencing Hearing.

Spammer on the lam

2008-07-22T15:45:00.000-07:00

A strange story from Colorado today: Pump-n-dump spammer "Fast Eddie" Davidson who was serving 21 months in a minimum security prison in Florence, Colorado simply walked away from the prison camp and is now at large.

The full story can be found at DenverChannel.com: 'Spam King' Escapes From Prison.

Word from the Soloway sentencing hearing

2008-07-15T16:48:00.000-07:00

Robert Soloway's sentencing hearing has begun, with the hearing already gone to two days and a third day scheduled for next week. It's unusual for a sentencing hearing to go on for more than a single day, and they're still not finished.

The government's sentencing recommendations and Soloway's response can be found at Spamsuite.

In a nutshell, the government lays out what Soloway did (spamming, header forgery, fraud, tax evasion, etc.) They have so many victims it would take weeks for them to all testify. That Soloway has never paid a penny in the judgements against him won by Microsoft and Robert Braver. That Soloway bragged that the law couldn't touch him and none of the plaintiffs would ever see a cent.

The government asks for nine years in prison, three years probation, complete forfeiture of everything Soloway ever made from spamming, 624 hours of community service, and that Soloway be barred from the internet until his sentence is complete.

Soloway's response — or more precisely, his laywer's response — is a more interesting read. Paraphrased, it says:

They admit that Soloway was a spammer, but say in essence "hey, it's just a little spam".
They say he only spammed for charity, and if some non-charities took him up on his offer, well, that's not his fault.
He never spammed for himself, so he obviously didn't make any money from spamming.
The commercial email kit which he sold received more thanks than complaints.
Those people who said they didn't get the refunds he promised were just a misunderstanding, and it wasn't all that many anyway.
He meant to file his taxes, and was filling out the forms when he was arrested.
Spamming wasn't even against the law until 2004 so who cares that he was spamming since 1999.
Soloway wasn't really forging the email because the only forgery was putting the recipients own name in the "From" line, and once you opened the email you could see who it was really from.
All those customers who ultimately got blacklisted by their own ISPs brought it on themselves; they should have read the instructions more carefully.
It's not Soloway's fault that some ISPs have anti-spam policies.
Dark Mailer isn't spam software; don't believe what Wikipedia says about it.
Don't call them "zombies", call them "proxies".
You can't prove those servers really sent 120 million emails.
Soloway doesn't have any hidden assets.
Soloway was framed by other spammers using his business name.
Only a few of the complaints mentioned actual monetary loss and most of them don't provide any proof.
Soloway denies that he deliberately increased the amount of spam sent to people who asked to be removed.
Spam filters are cheap.
Soloway didn't harvest any email addresses [he bought them fair and square?].
Don't listen to Robert Braver, he's sued more than 240 people for spamming.
Ignore Braver's and Microsoft's lawsuits; they were default judgements.
Soloway never claimed the email list was opt-in.
At least he didn't send any porn.
It's not fraud because there was only a 1% complaint rate.
All those people who received the spam should be forced to prove their losses.
Soloway only made $400,000 in those four years of spamming he's charged with, so the total losses can't possibly be more than $400,000.
Putting someone's name in the "From" field isn't identity theft [I'm inclined to agree with this one - ef]
This is Soloway's first brush with the criminal justice system [ignoring all his brushes with the civil system, and the times he fled jurisdiction on both California and Oregon], so the court should go easy on him.
It's not his fault, he has Tourette Syndrome. He won't be able to get his meds in jail.
He offered to cooperate with law enforcement after he was arrested.
He's certainly learned his lesson now, yessiree. You can be sure he won't do it again.
Most of the people responsible for the Enron scandal got shorter sentences than the government is asking for here; it's not fair. Other spammers got shorter sentences.
And hey, it was just a little spam.

Well, that pretty much sums up the defense's case.

Various spam-fighters have been asked to testify at the sentencing hearing, but they're being sequestered before speaking so they don't have much to report outside of their own testimony. Apparently Soloway's mommy is there, scowling at everybody.

Other press on the story:

CIO.com: Soloway Case Reveals Big Business Behind Spam — discusses spam botmaster Adam Sweaney's testimony of how he sold botnet access to Soloway, how the cost of getting into the spam business has shut out all but the big-time spammers, how much spam costs the ISP industry, and how one Soloway customer lost his internet access after using Soloway's software and the losses he suffered as a result.
KOMO Victims testify at Spam King's sentencing — discusses the challenges the judge will have assessing damages. (Why does the press call every spammer a "Spam King")? Includes link to video with footage of Soloway and interviews with various figures in the story.
Computer World: Judge delays 'spam king' sentencing. The third day of testimony in the sentencing hearing has been scheduled for 22 July.
Seattle PI: 'Spam King' defied Feds, now faces up to 20 years.

Zombies on my network? It's more likely than you think.

2008-07-08T23:54:00.000-07:00

Just a quick link to John Levine's blog post Yes, you really have a zombie on your network. The article covers a discussion we had on a technical mailing list involving someone who was having a hard time believing that his network was really infected by spam-bots.

In the post, John forwards a good summary of the problem and what to do about it, written by Steve Champeon.

The key points in the article:

Don't look for clues in your mailserver's logs; chances are the spam is coming from infected machines with their own SMTP engines and aren't using your servers to relay in the first place. And even if they are, you won't find anything useful in the headers.
Shut down unauthorized port 25 outbound connections, and put a sniffer on your network to find out where they're coming from. In fact, do it now, before you find yourself listed somewhere.
Don't assume the blocklists have made a mistake; look to yourself first.

Remember, for every well-known published blocklist which will remove you once the problem is solved, there are a thousand privately-managed blocklists whose admins won't be bothered to periodically re-check to see if you should be removed. Entry into one of those blocklists is for life. So don't wait until you find out you've been listed somewhere before you take action to prevent outgoing spam.

Et tu, Easyjet?

2008-07-05T18:50:00.000-07:00

We call it "mainsleeze". That's when an otherwise mainstream company advertises via spam. Today's mainsleeze spam came from EasyJet, a discount airline in europe similar to Jet Blue, except with terrible service.

I probably never would have flown EasyJet again after my last experience, but they've just made it official.

Pissedconsumer.com: spammers and maybe more

2008-07-05T12:43:00.000-07:00

Just a quick vent: lately, a new website, pissedconsumer.com, has been spamming this blog with advertisements for their site. I've been spending too much of my valuable time deleting their spam as they post it.

A simple whois shows they're registered anonymously, which is commonly the mark of a less-than-legitimate organization.

I tried out their site myself. It's basically a place to vent your frustration. It's unlikely anybody will ever read what you have to write. After you've entered your complaint, you're given the opportunity to pay a fee and get preferential placement, which I suppose means you get placed at the top of the search results that nobody will ever be searching for anyway.

It remains to be seen what else they're up to. Similar review sites have been known to try to blackmail businesses with threats of negative reviews or censorship of positive reviews, or to charge fees to have negative reviews removed, and so on. I'll be watching for further news of them.

Meanwhile, if you really want to post a review of a business, positive or negative, then I suggest either ResellerRatings or Yelp, both of which are popular, honest, and well-established web sites.

Judge rejects Linhardt's request to be dismissed from Comcast lawsuit

2008-07-02T19:11:00.000-07:00

When a judge's ruling starts with "I have before me a largely misguided motion...", you know it's a bad day for whoever filed it.

In January, E360 filed a lawsuit against Comcast in the hopes that they could force Comcast to accept E360's spam. E360 lost that suit.

In March, Comcast counter-sued E360 and its owner Dave Linhardt for spamming. This suit is still ongoing.

In April, E360 filed a motion to dismiss, asking among other things, that Linhardt be dismissed from the suit under the theory that he was only doing his job as officer of the corporation, and only the corporation should be held liable.

Today, Judge Zagel ruled against E360 on almost every single point. Most significantly, Linhardt will remain part of the lawsuit:

This leaves the final point, which seeks dismissal of the only natural person among the Counter-Defendants, Linhardt. What is offered to support his dismissal from the claims is the rule which protects corporate officers from personal liability for misdeeds of the corporation. However, this rule does not cover corporate officers who are alleged to direct and control the corporation. It is difficult to seek shelter in this rule when one is alleged to be the whole owner and controller of the all the corporations involved, as is the case here. And there are allegations of specific actions by Linhardt which would establish his liability, i.e., that he deliberately lied to Comcast when he orally stated that all intended e-mail recipients have opted in to receive the emails and that he ordered the abuse of process.

The only piece of the lawsuit the judge was willing to dismiss was Comcast's "unjust enrichment" claim which E360 asked to have dismissed and which Comcast didn't even bother to argue. The judge has dismissed this claim, but mentioned — practically invited — that Comcast was free to re-plead this count after discovery.

Also of interest is the Judge's reference to Linhardt's habit of repeatedly dropping and re-filing lawsuits. This is a judge who knows E360 for what they are and won't be letting them get away with any bullshit.

If only Susan Gunn and David Ritz had had judges with this much clue. But then, Comcast is very rich and Gunn and Ritz are not, and in the legal system, you get what you pay for.

(Speaking of which, I would like to take this opportunity to mention that David's legal battles are not over yet, and you can donate to his defense fund here.)

Boneheaded spam from Netflix

2008-06-24T09:33:00.000-07:00

I just got spam from Netflix, offering me a trial offer. The spam was sent to the account which I used to join Netflix several months ago. Morons.

Linhardt drops the other shoe

2008-06-18T21:52:00.000-07:00

Or the fourth shoe. Whatever. Who's counting?

Two weeks ago, I wrote about how E360 had dropped their third SLAPP lawsuit against Susan Gunn, Mark Ferguson, and Kelly Chien. E360's tactic seems to be to file unwinnable but expensive nuisance lawsuits against Gunn et al, and then drop the lawsuit at the last minute, allowing them the ability to file yet again later on. The theory being, I suppose, that you can hurt your victims more by dragging them into court repeatedly than by dragging them into court once and seeing it through to the end.

At the time, I speculated as to what Linhardt had planned for the next time.

I didn't have long to wait, as within days, Linhardt slapped Gunn with yet another subpeona. At Susan's request, I've not mentioned it until now, but her lawyer has given her the go-ahead and so you may now read it in her post on usenet.

I'll let you read it for yourselves, but in a nutshell, they demand that she cough up everthing she knows and every piece of documentation she has on the inner workings of Spamhaus.

The subpeona seems to be void on jurisdictional grounds, so it's unlikely that E360 will be getting anything from Susan.

The IRS isn't sending refunds to you by email

2008-06-17T12:36:00.000-07:00

Especially not if your refund is $252.

Since it's tax refund time, there's been a lot of IRS phishing going around lately. Whoever is sending it isn't interested in giving you $252, they're interested in your social security number and your banking information. Also, the IRS doesn't use servers in Hong Kong. Stay frosty out there.

It's probably pointless to point these out, since the majority of my readership is probably too savvy to fall for it anyway, but do pass this on to your more gullible friends and relatives.

Oh, and while I'm on the subject, you didn't win any lottery you don't remember entering. There's been a lot of that going on lately too.

A rising new threat: ransom-ware

2008-06-06T15:45:00.000-07:00

Reported the other day by Kapersky Lab: A new variant of Gpcode, known as Virus.Win32.Gpcode.ak has been classified.

This virus selects some files on the victim's computer, encrypts them, and then offers to sell the decryption program for a price.

The Gpcode virus is not new, but previous versions had used a weak enough encryption that it could be broken. The new version uses a 1024-bit key and fixes previous flaws in the encryption althorithm.

For obvious reasons, victims are strongly encouraged not to pay the ransom or otherwise deal with extortionists.

The best defenses are good preventative measures. Back up your files regularly. Run anti-virus software. Don't run Windows operating systems (that part was my idea).

If infected, Kapersky makes the following recommendations: DO NOT RESTART or POWER DOWN the potentially infected machine (presumably to give experts a chance to analyze the infection.) Contact Kapersky at stopgpcode@kaspersky.com with the following information included in the email:

Date & Time of infection
Everything done on the computer in the 5 minutes before the machine was infected, including:

Programs executed
Websites visited

Kapersky says they'll try to help recover your encrypted data.

Personally, I'm not sure what they can do to help without the extortionist's private key. Your best bet is to hope the person gets caught, in which case they'll presumably be forced to cough up the key. Helping Kapersky analyze the virus is your best course of action.

Ransom-ware is not a new concept, of course. The Kapersky Lab article mentions that the Gpcode virus is two years old at present. There have been other forms of ransom-ware as well; two years ago I wrote that the FTC was coming down on Sanford Wallace for infecting users' computers with spyware, and then offering to sell them the tool to remove it.

An amusing IQ test

2008-06-04T06:32:00.000-07:00

A correspondent sends me an amusing story about phishing, cellphone spam, and being tricked into giving permission to be spammed (which I wrote about a couple years ago). I'll just quote it directly:

I was playing Scramble on facebook and one of the ads made it through my ad filter. Just for fun, I clicked on the "10 minute IQ test". 10 easy questions which took about 30 seconds total to answer. The 11th question was clearly the real IQ test. They ask you to enter your cell phone number to get your results by text message. The small print at the bottom says by submitting your cell number you are subscribing to their word club service, and they will charge you $20 a month (for AT&T users) to get a word sent to your phone once a week. I didn't submit my cell number.

I guess I passed the IQ test.

The Boston Globe and Engadget (among many others) have articles about AT&T settling lawsuits about such fraudulent charges and what you can do if you find one on your phone bill.

And if you're not an AT&T customer, don't be smug*, Verizon, Sprint, and T-Mobile are facing similar lawsuits.

E360 drops lawsuit against Feguson, Gunn, and Chien — again

2008-06-02T23:14:00.000-07:00

This just in: alleged spammer E360, who has filed SLAPP lawsuits not once, not twice, but three times against various individuals it thinks are somehow connected to Spamhaus, or who simply called E360 a spammer, has voluntarily dropped their lawsuit yet again.

Quick history: David Linhardt, the owner of E360 first filed a lawsuit against Susan Gunn, Mark Ferguson, Kelly Chien, and other anti-spam activists in federal court. That suit ended when Linhardt didn't even show up in court (neither did the defendants, who had never been served.)

A month later, Linhardt re-filed the same lawsuit, but in state court this time. This forced the defendants to get lawyers and prepare for a lawsuit all over again. In September 2007, Linhardt once again dropped the lawsuit.

True to form, he filed yet a third lawsuit in January of this year, naming Susan Gunn, Mark Ferguson, and Kelly Chien. This lawsuit was interesting in that it coincided with E360's lawsuit against Comcast. Things became interesting, with suits, counter suits, and counter-counter-suits flying thick and furious. There are rumors of offers from Linhardt to settle out of court which were presumably rejected by the defendants.

In mid-April, Gunn filed a motion to dismiss for lack of jurisdiction. The court gave Linhardt until May 27 to file a response, which Linhardt did not do. Gunn then filed a motion to dismiss based on Linhardt's failure to respond to the first motion.

Finally, comes news that Linhardt has filed his own motion to dismiss. The filing also notes that he's managed to settle with Ferguson. Unfortunately, as with most out-of-court settlements, neither side is saying what the terms were. Knowing what I know of Ferguson, I'm betting that he's not the one who conceeded anything.

The interesting thing is that Linhardt filed to dismiss with prejudice, meaning he won't be allowed to file again.

Now I'm not a lawyer, but I'm puzzled as to why the plaintiff would file to dismiss with prejudice, thus shutting the door for good on his ability to file yet again. This is essentially a legally-binding pledge not to sue again. Is he hoping that by doing this, he'll convince the defendants not to file any counter-suits? Or perhaps this will make the court look more favorably at him in such a suit. Or perhaps this was a condition that was attached in some sort of settlement he made with Ferguson.

If not for the fact that he'd filed with prejudice, I would assume this was just another round of his previous tactic of repeated file-and-drop. He knows he can never actually win a SLAPP lawsuit against anti-spam activists, so his most damaging tactic was to file a suit, and then drop it before he can lose, thus allowing him to repeat the attack. But filing with prejudice? Either he really means to let it go, or it's a diversion of some sort — perhaps he's planning to file in Federal court again next time.

Bad day for E360 (but a good one for the rest of us)

2008-04-11T12:34:00.000-07:00

I just got back from vacation to a passel of delightful news. First is word that E360, not to put too fine a point on it, got their ass handed to them in the E360 vs Comcast lawsuit.

A copy of the decision can be found at SpamSuite. It's seven pages long and very worth reading. It starts out:

Plaintiff e360Insight, LLC is a marketer. It refers to itself as an Internet marketing company. Some, perhaps even a majority of people in this country, would call it a spammer.

Now there's an opening paragraph that has Bad Day written all over it for E360.

Anyway, the entire opinion is well worth reading and is clearly the work of a judge who Gets It.

Bottom line: Comcast is immune from lawsuit under the Good Samaritan provision of the CDA, § 230(c). E360's claim that being CAN-SPAM compliant removes that immunity is rubbish. E360's Denial Of Service claims are rubbish. E360's Tortious Interference with Prospective Economic Advantage claim is likewise nonsense. E360's first ammendment rights have nothing to do with Comcast, a private enterprise.

Entire lawsuit is dismissed on the grounds that § 230(c) grants immunity to Comcast.

This is a very good outcome. It reinforces the precedent that § 230(c) immunity is absolute and applies to spam-blocking, and it establishes that CAN-SPAM compliance does not affect that immunity.

All that remains is to see what happens with Comcast's countersuit.

More coverage:

J.D. Falk: If It Spams Like a Duck...
John Levine: Comcast 1, E360 0
Slashdot: Judge In e360 Vs. Comcast Rules e360 a Spammer

Comcast strikes back against E360

2008-03-20T15:08:00.000-07:00

Some quick background: alleged spammer E360 has sued internet provider Comcast because of Comcast's refusal to deliver E360 spam to Comcast customers. See my March 4 entry for more information and Comcast's response.

This week, the other shoe dropped as Comcast has filed a countersuit against E360, David Linhardt, and many of its related companies (Maverick Direct Marketing, Bargain Depot, Northshore Hosting, etc.) for spamming, computer fraud, abuse of process and other violations. The full text of the lawsuit can be found at Spamsuite, and it's a doozy.

Some of the highlights:

Comcast states in no uncertain terms that E360 et al are spammers.
E360 fabricates opt-in records (¶29).
In 2006, Linhardt called Comcast and "fraudulently represented to a Comcast employee that all of the intended recipients of e360's email messages have opted-in to receive such messages" (¶34).
In 2007, Linhardt sent a letter claiming the same thing (Exhibit A).
Comcast offered to help them with their email practices but E360 refused, asserting that they would learn how to circumvent Comcast's filtering system through discovery (¶35)
After obtaining a court order preventing Spamhaus from listing them as spammers, E360 began marketing their "IP Protection Services" in which they would arrange for third-parties to be included in the court order for a fee (¶41-45, Exhibit B) [I've written about this elsewhere].
Virtumundo, a spammer, has purchased E360's IP Protection Services (¶46-48, Exhibit C)
E360 keeps filing, dropping, and re-filing lawsuits against spam-fighters. (¶49-50)
E360 filed its lawsuit against Comcast knowing it was without merit (¶76)
E360 filed the lawsuit in order to use the discovery process to learn how to circumvent Comcast's filtering system. (¶77)

Comcast asks that E360 be enjoined from sending spam, that E360 pay damages, that E360 return their illegal profits, and that E360 pay Comcast's legal costs.

What I find most interesting is Comcast's assertion in paragraph 76 that E360 filed this lawsuit in order to use the discovery process to learn how to circumvent Comcast's spam filters.

Ever since this lawsuit was filed by E360, I've been wondering what their motivation was, since they must have known they could never win. It seems that we now have at least part of the answer.

Soloway pleads guilty

2008-03-14T17:55:00.000-07:00

Spammer Robert Soloway, who was arrested in May of last year has pled guilty in U.S. District Court in Seattle. He's pled guilty to fraud, CAN-SPAM violations, and failure to file an income tax return. The feds dropped the charge of aggravated identity theft in a plea bargain. He faces up to 26 years total on the three charges. He will also have to forfeit roughly $10,000 in property and sit through a polygraph test on the issue of his other assets.

Coverage:

Seattle PI: Spam king pleads guilty
Seattle Times: Man dubbed "spam king" pleads guilty to three charges
Digital Trends: Seattle-based spam king Robert Soloway pleaded guilty to three counts in U.S. District Court, including email fraud.

Wikileaks calls for boycott of domain registrar eNom

2008-03-09T10:54:00.000-07:00

In the aftermath of the shutdown of Wikileaks.org by a court order issued at the request of Swiss Bank Julius Baer, Wikileaks has called for the boycott of registrar eNom.

eNom is best known as the domain registrar that complied with the federal government's order to shut down a Spanish travel agency because it did business with Cuba — the agency was not under U.S. jurisdiction and so was hardly violating U.S. law, but their domain was registered in the United States, and that was good enough for the feds.

Although eNom's culpability in that incident is doubtful, since they were probably under orders from the federal government, their involvement in the shutdown of Wikileaks.info was not so innocent.

In a nutshell, bank Julius Baer was able to get a court order shutting down Wikileaks.org, but not wikileaks.info, which was a mirror site not mentioned in the TRO. However, learning of the court order against wikileaks.org, eNom apparently took it upon themselves to shutdown wikileaks.info as well — without a court order of any kind.

Wikileaks made repeated requests — and then demands — to eNom asking them to identify who, if anybody, had told them to lock the wikileaks.info registration, and what claims had been made. When eNom failed to answer, Wikileaks issued their call to boycott. Wikileaks accuses eNom, and their parent company Domain Media, Inc. , of a pattern of censorship and other unethical practices that goes beyond the shutdowns of Wikileaks.info and the Spanish travel agency.

Related link: CNET: Survey: Are domain registrars free-speech friendly?

Off-topic: I would be remiss if I didn't mention the apparent misogyny in the Wikileaks press release. The call for boycott gives the names and photographs of four people they seem to find particularly culpable, three men and one woman. With the men, Wikileaks used their full names and described their offenses against Wikileaks and the internet community as a whole. For the woman, they referred to her by first name only, and described only the way she met her husband. I found this strange, and a little disturbing.

ComplaintRemover in the news again

2008-03-06T16:44:00.000-08:00

In June of last year, I wrote about Bill Stanley's "ComplaintRemover" service which was slapped down by an Arizona judge. The idea behind the service was that if you were a business owner and you wanted negative customer feedback removed from the internet, you'd contract with ComplaintRemover who would then cajole, bully, or threaten the offending website into removing the unwanted comment. Their services even extended to making death threats.

Well, today's Consumerist has an article that shows that ComplaintRemover is still in business. They have an amusing chat transcript in which "Kelly" from ComplaintRemover assures a potential client that they can arrange to have LOLCats removed from the internet.

Comcast answer to E360

2008-03-04T19:37:00.000-08:00

Spamsuite has published Comcast's response in the E360 vs Comcast lawsuit (in which E360 is suing Comcast for blocking E360's spam.) The document is a long, slow read, since the Comcast lawyers are being very careful to dot all their t's and cross all their i's. Either that, or they're being paid by the word. For the fun part, skip ahead to their Memorandum of law, below.

Allow me to summarize: most E360 allegations are facts about E360, for which Comcast says they don't have any first-hand information to form a belief and therefore deny.

E360 makes many allegations of harm they've suffered because of the spam blocking, and Comcast says they don't have any first-hand information to form a belief and therefore deny.

E360 quotes the law in several places, and Comcast admits that E360 is quoting the law. Except where E360 gets it wrong, in which case Comcast denies.

E360 claims they don't spam, and that they follow the rules. Comcast responds that because they get hundreds of thousands of emails to its subscribers, some of which are forged, and therefore they don't have any first-hand information to form a belief and therefore deny.

E360 claims that Comcast is deliberately and maliciously attacking them. Comcast denies this.

Paragraph 60 is interesting. E360 alleges that Comcast writes pink contracts. Comcast denies this.

Things get interesting in the "Affirmative Defenses" section of Comcast's response (starting at paragraph 63).

Naturally, Comcast starts right out with the section of the Communications Decency Act that immunizes isps that use technical means (e.g. filtering) to protect their subscribers from spam. They go on to state that CAN-SPAM and various state laws also immunize them.

They then point out that E360 has unclean hands based on their violations of CAN-SPAM, the Computer Fraud and Abuse act, and the Illinois Electronic Mail Act.

Next on the docket is Comcast's Memorandum in Support of their motion. This is where the fun begins. This is the document where Comcast calls a spammer a spammer.

The memorandum starts out Plaintiff is a spammer who refers to itself as a “internet marketing company,” and takes off from there.

Of special interest is Comcast's reminder to the court that even if spam doesn't actually violate the CAN-SPAM act, it's still spam and isps still have the right to block it.

Don't register or host your domain in the U.S. if it's controversial

2008-03-04T11:35:00.000-08:00

In the news lately have been a number of incidents where U.S. courts, or the U.S. government itself has ordered domain registrars to shut down free speech.

First was the E360 vs Spamhaus case, in which accused spammer E360 Insight sued anti-spam organization Spamhaus for labeling them as spammers and won by default when Spamhaus insisted that U.S. courts did not have jurisdiction over them in England and didn't appear. Unfortunately, U.S. courts did have jurisdiction over Spamhaus' domain registrar, who was nearly ordered to shut Spamhaus down (a court order was under consideration). Fortunately, Spamhaus was able to move their registration overseas before any shutdown order could be issued.

Not so lucky was WikiLeaks, a whistle-blowing web site which blew the whistle against Swiss Bank Julius Baer, publishing documents that supposedly provided evidence of asset hiding, money laundering and tax evasion. Julius Baer sued in retaliation and was able to convince U.S. judge Judge Jeffrey White to order Wikileaks' domain registrar to shut them down a few weeks ago. Although Wikileaks was foolish enough to have a registrar in U.S. jurisdiction, they were at least wise enough to have their servers in Sweden and to have mirrors in other countries, and so the organization was able to stay on the air. Shortly after, the judge reversed his decision.

Probably better known is the Pakistani censorship of YouTube. Late last month, the Pakistani government decided that some of the material hosted on YouTube was too offensive to be allowed inside the country, and ordered Pakistan Telecom to block YouTube at the border. Unfortunately, the method used by Pakistan Telecom was to advertise false domain routing for IP addresses owned by YouTube. This would have worked fine if not for the fact that the false routing information leaked out of Pakistan and shut down routing world-wide, knocking YouTube off the air for a couple hours.

But far worse than any of these is the outright censorship of a Spanish travel agency by the United States Government.

The travel agency in question — run by an Englishman named Steve Marshall who lives in Spain — specializes in trips to Cuba. Even though though the web site is not run by a U.S. citizen, is not based in the U.S., and is targeted at European travelers and not Americans, Marshall made one fatal mistake: he registered his domains in the United States.

That was enough for the U.S. government. In October, the U.S. Treasury Department ordered Marshall's domain registrar, eNom, to not only pull the plug on Marshall's domains, but to lock them down to prevent him from transferring them to a registrar outside of the United States.

The full story can be found in the New York Times article A Wave of the Watch List, and Speech Disappears. The article is well worth reading, and details abuses of the watch list the government uses to punish people who do business with Cuba.

Update: Add Network Solutions to the list of registrars not to do business with if you have a controversial web site. In April 2008, they shut down a web site which promoted a controversial anti-islam film. It didn't even take a court order to do it. See E Commerce Times article Domain Name Registrars: The Weakest Link in Online Free Speech

Barack Obama thinks my name is "StupidSpamSucker SlutFace"

2008-02-20T15:00:00.000-08:00

Spammer revenge or Republican dirty trick? Too early to tell, but either way, it's incompetence at the Democrat's email provider.

Well, it's not every day that you get called a nasty name by a major presidential candidate, but there's a first time for everything, I suppose.

Here's the latest missive from Barack Obama (or his campaign staff, to be precise):

Subject: Major news
From: Barack Obama <info@barackobama.com>
Date: 13:04
To: StupidSpamSucker SlutFace <falk@...net>

StupidSpamSucker --

We learned something extraordinary since I wrote to you last night.

We've crunched all the numbers and discovered that we are within striking distance of something historic: one million people donating to this campaign.

[request for donation deleted]

Paid for by Obama for America

This email was sent to: falk@....net

Reading the net-abuse newsgroups, I see that I'm not the only one who got this. Clearly this is the deliberate work of someone delibarately adding anti-spam activists to Obama's "spread the word" web page. The only question that remains is: is this the work of a spammer making life a little harder on anti-spam activists, or a Republican dirty trick (it does sort of have Karl Rove's stench)?

But the thing is, either way, it points to gross incompetence on the part of the Democratic mass mailing provider, "Blue State Digital".

One thread in the discussion includes a response from an admin at Blue State who is quoted as saying

We don't confirm ownership of the subscribed email address -- no need, as there's nothing to be gained from submitting fake signups.

I don't know how to respond to this. Sad to see that someone can be so naive in this day and age and in this political climate. Here's a hint: "Swift Boating". Look it up.

Anyway here's to hoping that the Obama campaign wises up and fires Blue State's sorry asses before this goes any further. In the meantime, my "StupidSpamSucker SlutFace" will live in my file of truly memorable spams.

Terry Zink has a good post on the Ritz case

2008-02-05T12:26:00.000-08:00

From Terry Zink's anti-spam blog: Maybe the North Dakota judge should watch more South Park...

In a nutshell, Terry comments on the judge's ruling that David Ritz was guilty, in part, because he used tools the average user wouldn't have known about; as if expertise in a subject was criminal all by itself.

Terry compares the case to an episode of South Park which is a parody of the TV series 24, but in which the kids perform their investigation with the tools already in everybody's hands.

The point being that maybe David knows what the whois database is, or how to do a zone transfer, while the average end-user (or North Dakota judge) has no clue, but the fact remains that these tools are in every internet user's hands and their use for what they were intended is not a criminal act.

And while I'm on the subject, I'd like to remind my readers that David's defense fund still does not have the money required to defend against the oncoming criminal case, let alone to appeal this inane decision.

Please take a minute and donate to David's defense fund, either at this web page or by sending a check directly to his lawyers at:

David Ritz
c/o Debra S. Koenig
Godfrey and Kahn, S.C.
780 N Water Street
Milwaukee WI 53202

Verizon/UUNet drops off of Spamhaus top-ten list

2008-02-04T15:21:00.001-08:00

I never dreamed I'd see this day, but Verizon/UUNet, former bane of the internet, has managed to get themselves removed from the Spamhaus Rokso top-10 list of worst service providers (currently in the #11 position.) It wasn't very long ago that they were in the #1 position (and had been for a decade) by a very wide margin.

Kudos to the abuse staff at Verizon, who did what no other abuse staff had ever done before — gotten UUNet under control.

Read Steve Linford's message about it in the net-abuse newsgroups.

E360 sells affiliate status to other spammers — CONFIRMED

2008-01-31T18:30:00.000-08:00

Just announced publicly on the net-abuse newsgroups: Some time ago, someone phoned Kelly Hale at E360 pretending to be someone being blocked by Spamhaus and answering E360's ad for Spamhaus removal services. Hale explained in some detail how, for $7500 per block of IP addresses, E360 would force Spamhaus to stop listing the caller's addresses by claiming that the caller is an affiliate of E360.

Hale explained at some length as to how it would be done, leveraging off of their previous lawsuit against Spamhaus (which they won by default when Spamhaus failed to show up, claiming lack of jurisdiction). Hale also offered quantity discounts if the caller wanted to unlist more than a "C" block (256 addresses) of IP space.

An advertising brochure for E360's service offers three options: The first is called "IP Identity Management" and involves modifying the Arin (master registry of all IP blocks) database so make spammer IP addresses look like they belong to E360. This is the service we knew E360 was offering.

The second service they offer is IP Tunneling. In a nutshell, this allows spammer email servers to connect to the internet over a virtual private network to E360's servers in order to hide the spammer's true IP addresses and make them appear to come from E360.

The third option is for the senders to pay E360 to send the spam for them.

A copy of the audio recording can temporarily be found at yousendit.com, along with copies of E360's brochures advertising the services [1], [2]. (Yousendit.com has a download limit, so these links won't work for very long, but I expect mirrors will appear shortly and will update this post as that happens.)

Anyway, very little of this comes as a surprise; it was pretty obvious that E360 was gaming the legal decision as a money-making scheme, having already sold affiliate status to Virtumundo at least, but this audio recording and these brochures are an undeniable smoking gun.

The only real questions that remain are: was this what they had in mind all along when they sued Spamhaus or did they only think of it later? And: how will the judge react when he sees and hears this?

Sanford Wallace and Walter Rines in trouble with FTC again

2008-01-29T15:15:00.000-08:00

This just in from the UK Register. The FTC is asking the courts to find Sanford Wallace and Walter Rines in contempt of court.

In 2006, Wallace and Rines settled with the FTC on charges of distributing spyware, agreeing to stop doing it and paying a slap-on-the-wrist $50,000 fine. Within months they were at it again, this time attacking MySpace with Malware and social engineering.

As the Register puts it: "Now the FTC is trying to grow a pair". The FTC is asking the judge in the spyware case to find Wallace and Rines in contempt for violating their 2006 agreement. The FTC also wants to seize over $500,000 in profits from the MySpace caper.

For the full story, including many details on Wallace and Rines' attacks on MySpace users, see Register article Spamford Wallace's MySpace riches come under attack.

Two strikes against Domain Kiting

2008-01-29T14:46:00.000-08:00

Domain Kiting (also known as Domain Tasting) is a practice that exploits a loophole in ICANN rules which allows a domain owner to return the domain name within five days for a full refund. This loophole allows spammers, speculators and other bad-faith actors to register tens of thousands of domains for no cost. The practice is primarily used by spammers hiding their origins, by search-engine spammers trying to game search engine rankings, and by speculators hoping that typos or other misguided links will bring enough traffic to the domain to make it worth keeping (domain tasting).

This week, two seperate announcements may have heralded an end to the practice.

First, Google announced that their AdSense program would exclude domains that fit the pattern of domains being repeatedly dropped and re-registered, thus taking away the financial incentive for search-engine spammers and domain tasters. See Yahoo! article Google combats domain name loophole.

The second, and more significant, word comes from ICANN. In their 23 January 2008 meeting, they voted to make their 20-cent-per-domain fee nonrefundable (see items 5 and 6). This fee may not sound like much, but when domain kiters are registering thousands and tens of thousands of domains every week, it may be enough to make the practice unprofitable.

This may also have an effect on Network Solutions' new policy of grabbing up domains it discovers people are thinking of registering.

Direct magazine picks up the Linhardt story

2008-01-29T14:36:00.000-08:00

Direct magazine has picked up the story: Linhardt Sues Anti-Spammers…Again. The article contains a fair amount of detail on the story and its history. There's also a link to Linhardt's explanation as to why he claimed to have Sender Score certification from Return Path, which Return Path has denied.

E360 files third SLAPP suit against Susan Gunn and others

2008-01-25T15:19:00.000-08:00

Three days ago, I asked rhetorically where E360 gets the money to file all these harassing lawsuits. That question becomes more serious with the news that Linhardt has filed yet a third lawsuit against Susan Gunn along with Mark Ferguson and Kelly Chien.

Details of the lawsuit can be found at SpamSuite. In a nutshell, it's the same lawsuit as before, claiming defamation because the defendants called them spammers.

There's no way that E360 can win this case on the merits given the abundant evidence of their spamming, and even Ferguson's proof that E360 falsified opt-in records. This is clearly just another lawsuit intended to harass anti-spam activists.

One major question: How many times are the courts going to allow Linhardt to keep re-filing the same lawsuit before they put a stop to it.

Where is the money coming from?

This brings us to the question: Where does E360 get the money for all these lawsuits? The one against Comcast certainly will go nowhere unless E360 spends significant money pursuing it.

One theory I've heard is that, like the Mark Felstein lawsuit against Spamhaus in 2003, this lawsuit is quietly being backed by a coalition of spammers. In this case, the spammers are hoping for a legal precedent which will force Comcast, and by extension other ISPs, to accept spam without any blocking.

E360 back in court; suing Comcast this time

2008-01-22T13:19:00.000-08:00

Where do they get the money for all this litigation?

According to Direct magazine, E360 is suing Comcast for blocking E360 spam.

E360 CEO Dave Linhardt insists that E360 does not spam, and that they've been Sender Score Certified by Return Path. Oddly enough, however, Return Path says that E360 has not been certified.

E360 is asking for more than $20M in damages. Perhaps this is their new business model? Send spam, then sue whoever blocks them.

Update: Spamsuite has the paperwork.

Their comments:

Of all of the pathetic lawsuits I've seen....
Well, this one's got it all.

Deferring a connection is tarpitting and is a denial of service attack. Not delivering mail is a denial of service attack. Using a spam filter is not legal (or maybe it's just that it's not kosher -- we'll have to find a rabbi to rule on that one). Not telling a sender how to evade filters is fraudulent. A sender's inability to design a system that can cope with sending more email while waiting for deferred messages to timeout and retry is a denial of service attack caused by the receiver. e360Insight has even tossed in a First Amendment claim and I was pretty sure that we moved past that by 1999. And finally, having a whitelist or a feedback loop that you don't let everyone have is a violation of fair trade rules.

It's stunning. It really is. I'm not entirely sure how you get to be this dense, but I suspect that it's a painstaking (and probably painful) process involving frontal lobotomies and maybe electroshock treatments.

My own comments: This isn't the first time a spammer has sued someone for blocking spam. About two years ago, a spammer called Longhorn Singles sued the University of Texas over spam blocking. They lost.

More coverage in the blogosphere

2008-01-21T17:51:00.000-08:00

A Technocrat's Blog: Couldn’t make it up: Anti-spammer fined $60K for DNS lookup ‘hack’
Mail Channels: Breaking the Law

Heise Security picks up the story

2008-01-18T19:18:00.000-08:00

Anti-spammer fined for accessing DNS records of private network

UK Inquirer picks up the story

2008-01-18T19:10:00.000-08:00

DNS zone transfers ruled illegal.

Money quote:

What worried the judge was if she didn't convict Ritz of being a hacker, then the computer crime laws in the Land of the Free would be turned on their head.

It was much tidier to make it a crime to access a server on the internet that is set up to provide that public info. It seems that no one explained to the judge what the Internet was.

Citizen Media law project carries the case

2008-01-17T23:09:00.001-08:00

This has actually been up for months, but I just found out about it.

Excellent comment on the Ritz affair

2008-01-17T22:53:00.000-08:00

ZWithaPGGB at Slashdot has written an excellent editorial on the judge's decision in this case. I take the liberty of quoting the key part here:

When a jurist with little or no technical understanding attempts to make a ruling in a case where much of the evidence is technical, there is often a serious case of cognitive dissonance. This is the case in Judge Rothe-Seeger's ruling in the Ritz case.

I am not a lawyer, and make no comment about the merits of the behavior of Mr. Ritz. I am, however, a network engineer, and someone actively involved in information security, particularly using DNS.

In ruling that querying a nameserver that was configured to provide a zone transfer for a list of all the hosts in a zone illegal, Judge Rothe-Seeger has demonstrated a fundamental misunderstanding of the technical design of the Internet, not just of DNS, but of ALL the applications and protocols. Further, the comment that Mr. Ritz's querying and republication of the public WHOIS data "without Network Solutions permission" was illegal also completely misunderstands the nature of Whois data.

What the judge has done is, effectively, to say that each person who asks a public server for information that it is explicitly designed to provide to all and sundry needs to get specific permission for that content from that publisher. This is completely at odds with how the Internet works. The Internet is designed in such a way that servers provide content to anyone who asks, unless the owner has configured the server not to do so.

Sierra could easily have prevented zone transfers from their name servers if they so chose. If they did not do so, then the presumption is that they intended to allow it. There are many very good reasons why a service provider would want their zone to be transferrable, and by configuring their nameservers in that way, they were, in effect, doing the same thing as someone leaving a stack of maps out in public, for all to take at their leisure. What the judge has ruled would be analogous to finding a crime when someone took a copy of an ad that included a layout of a house from a realtor's office.

The WHOIS data, on the other hand, is public record BY DESIGN. It is part of the basic design of the DNS that you be able to find out who the registrant for a given domain is. How else are all the legal remedies for copyright infringement, illegal content, abuse of service, etc. to be exercised if there is no way to find out who to serve notice on and in what jurisdiction they reside?

It is clear from Judge Rothe-Seeger's bio that she has little or no experience of life beyond North Dakota. It is also clear from her ruling that she has little or no understanding of the Internet. Based on her age, it is time for the judge to retire, as she clearly fails to understand the world in which she now lives.

Chris Jester of Suavemente donates $5000

2008-01-17T15:05:00.000-08:00

It's only fair that the really big donors get a public "thank you" on these pages, so I'd like to start the ball rolling by thanking Chris Jester of Suavemente for his generous $5000 donation.

Update: There was confusion caused by PayPal holding the donation. This has been resolved.

More coverage of David Ritz case

2008-01-17T13:37:00.000-08:00

Anti-Spam Blog: Breaking the Law
Bricks: WHOIS lookups criminal??
Taint.org: Bad law in North Dakota

UK Register picks up the story

2008-01-17T12:54:00.000-08:00

This one was pretty good: Anti-spammer fined $60K for DNS lookup 'hack'.

Slashdot picks up the story

2008-01-17T12:30:00.000-08:00

Some DNS Requests Ruled Illegal in North Dakota.

Circle ID picks up the Ritz story

2008-01-16T16:17:00.000-08:00

See Al Iverson's article in CircleID: North Dakota Judge Gets it Wrong. It's an excellent article. Al goes into some detail as to the absurdity of the judge's ruling.

Reminder: you can donate to David's defense fund at this web site.

Apalling judgement in the David Ritz case

2008-01-15T18:49:00.000-08:00

I've been waiting with bated breath for the last few weeks to find out how David Ritz's lawsuit turned out. It turns out that the reason I hadn't heard is that the court slammed him with an unbelievable gag order. Among many other things, he's not allowed to discuss this case in detail. The transcripts have even been sealed.

Luckily, Mickey Chandler, who runs Spamsuite has been able to obtain a copy of the court judgement.

Spamsuite describes this as "12 pages of bad law". That's putting it mildly to say the least. The court has ruled, in essence, that because Ritz knows more about network administration than the average user, that everything he does with that knowledge is criminal. The court ruling is full of statements that I find frankly outrageous, but without access to the court transcripts, they're impossible to refute in detail.

I'm hoping that it will be possible to get this case unsealed so we can see what actually happened in the courtroom.

I'm also hoping that this will be appealed. I've never seen such an ignorant decision in a court case before, and this needs to be fought not only for David's benefit, but for the benefit of anybody who wants to continue using standard forensic tools in the fight against spam.

But appeal or no appeal, David's legal expenses continue to pile up. Please take a minute and donate to David's defense fund, either at this web page or by sending a check directly to his lawyers at:

David Ritz
c/o Debra S. Koenig
Godfrey and Kahn, S.C.
780 N Water Street
Milwaukee WI 53202

Azoogle drawn into Ralsky spam case

2008-01-11T23:30:00.000-08:00

Earlier, I wrote about Alan Ralsky and how he's been arrested in Michigan on various spam and fraud-related charges, along with his son-in-law and nine other people.

Well it turns out that this case is likely to tie into Joe Wagner's case against Azoogle. It turns out that in pre-trial discovery, Azoogle admitted that the spammer they'd hired in their Get a "Free" plasma tv spam was Superior Distributing of West Bloomfield, MN, which turns out to be none other than Ralsky's son-in-law, Scott Bradley. A simple public record lookup which only takes a few seconds, would have shown Azoogle who they were dealing with, so they'll have some trouble claiming they didn't know they were hiring the Ralsky spam gang when they sent out the spam. A simple Spamhaus lookup would have told them even more.

Joe Wagner's court case against Azoogle and other spammers will be heard next Friday morning at the San Jose downtown superior court. It will be interesting to see how it turns out.

Ralsky arraigned

2008-01-10T11:44:00.000-08:00

There has been much speculation over the last few days on whether Ralsky would actually return to the U.S. to face various spam-related charges, or if he would take it on the lam. Well, the answer is that he came back and was arraigned in U.S. District Court in Detroit yesterday. In handcuffs.

Read all about it in the Detroit Free Press: Man arraigned on charges he sent e-mail to inflate stocks

The hammer drops; Ralsky indicted.

2008-01-06T19:56:00.000-08:00

One of the world's major spammers, Alan Ralsky, has been indicted in federal court, along with his son-in-law Scott Bradley and nine others. They've been indicted in federal court in Detroit on charges of running an illegal spam operation. Defendants are residents of Michigan, California, Arizona, Russia, Canada, and Hong Kong. According to the Detroit Free Press, he could be facing up to 20 years in prison, plus fines.

Charged are: Alan Ralsky, Scott Bradley, Judy M. Devenow, John S. Bown, William C. Neil, Anki K. Neil, James E. Bragg, James E. Fite, Peter Severa, How Wai John Hui, and Francis A. Tribble.

Charges include stock fraud, conspiracy, mail fraud, wire fraud, money laundering, and computer fraud. The government is seeking forfeiture of assets worth $2.7 million.

Media coverage:

Detroit Free Press: Leading Internet spammer indicted
Dept. of Justice press release: Alan Ralsky, Ten Others, Indicted in International Illegal Spamming and Stock Fraud Scheme
CNN: Spam's 'poster boy' indicted

Ralsky is currently travelling in Europe. No bets as to whether he returns to the U.S. on his own initiative, or is arrested there and extradicted.

Zango/180 Solutions exploiting facebook to install spyware

2008-01-06T11:50:00.001-08:00

From the "This comes as no surprise to anybody" department comes word that Zango is using a Facebook widget to install spyware on victims' computers.

The article at Help Net Security describes the attack in some detail, but in a nutshell, the victim receives a Facebook notification that they've got a secret admirer, and need to install some software to find out who it is. And then you need to forward the spyware to five of your friends as well.

The software you're tricked into installing is, of course, the Zango spyware.

Remember boys and girls, it's no safer to install software that some stranger sends you on Facebook than it is to install software someone emails to you.

Worst. Phish. Ever.

2007-12-22T15:03:00.000-08:00

Check out what just appeared in my inbox:

Subject: You're Billing Information !

PayPal

You're Billing Information!

Dear PayPal Member!

It has come to our attention that your PayPal Billing Information
records are out of date. ...

OK, some scammer needs to have a copy of Bob the Angry Flower's educational poster about the apostrophe on his wall.

Another spammer in the slammer — Todd Moeller given more than two years

2007-12-21T12:44:00.000-08:00

In June, I wrote that spammer Adam Vitale had pled guilty to spamming AOL subscribers, and that his partner Todd Moeller was facing the same charges. Today I leanred that in November, the New York Attorney General announced that Moeller has been sentenced to 27 months. Vitale was also due to be sentenced by now; I'll see if I can find out how that turned out.

More legal woes for E360

2007-12-03T21:11:00.000-08:00

According to the Pacer archives, E360 has become caught up in another lawsuit. This time, they're being sued by John W. Ferron, of Ferron & Associates. In short, Ferron is suing E360 and its owner Dave Linhardt under the Ohio Consumer Sales Practices Act.

Ferron alleges that E360/Linhardt sent multiple emails advertising discount luxury goods which are actually counterfeit products. Ferron is asking for $200 per fraudulent email (total around $120,000) plus legal fees

E360/Linhardt has moved to dismiss based on jurisdiction. I'm not familiar with Ohio's long-arm statutes, but if they're anything like North Dakota's — with which I have some familiarity — E360/Linhardt is facing an uphill battle on this one.

If there is interest, I will make copies of the court documents available here, assuming SpamSuite doesn't pick them up.

Update: Docs are now online at Spamsuite.

Russian Business Network goes dark

2007-11-08T11:22:00.000-08:00

A quick link from the UK register: Controversial Russian Business Network drops offline.

In a nutshell, Russian Business Netwrk (RBN) is a hosting company that offerred "bulletproof hosting" to spammers, malware distributors, phishing and other unsavory activites suddenly went off line around 0200 GMT yesterday. It is speculated that their upstreams, Tiscali.uk and C41 have pulled the plug, possibly because of a Washington Post expose written last month.

More on the story:

Washington Post: Russian Business Network: Down, But Not Out
cidr-report.org: Report showing that RBN has relinquished large chunks of address space.
Trend Labs: RBN goes *Poof*
Dark Reading: Russian Business Network Disappears

Meanwhile, Spamhaus speculates that the RBN is already setting up operations in China.

Intellectual Intercourse on Reynolds lawsuits

2007-11-02T19:48:00.000-07:00

I've been waiting until after David Ritz's court case was over to discuss certain issues, but MickC of Intellectual Intercourse has brought them up in in a column he wrote yesterday. It's good stuff; take a moment to read it and then come back here ...

Are you back? Good. Here's the scoop. You may have heard the news that the RIAA is suing Usenet or something to that effect. Actually, who they're suing is usenet.com. It's an internet site which specializes in uncensored and unlogged downloads, as well as a very complete feed. From their advertising: "... its service is the best way to get 'free' music now that 'file sharing websites are getting shut down..."

Update: I'm told that the real issue isn't so much unlogged downloads as anonymized uploads.

There's more to the story, but the interesting point is this: usenet.com is owned by Jerry Reynolds. The same porn spammer who sued me and who is currently suing David Ritz. It looks like Reynolds is going to be spending a lot of time in court over the next few months, and for a change, it won't be harassing anti-spammers.

More on the story:

Billboard: Labels Sue Usenet Service
c|net: RIAA tries to pull plug on Usenet. Seriously.
Tech.Blorge: Usenet.com are idiots, get sued.
Slashdot: RIAA Sues Usenet.com
Usenet.com: Free downloads

An excerpt from the usenet.com web page:

What Exactly Can You Download in Usenet? Anything and everything. Literally. There are movies, mp3s, cartoons, wallpapers, sounds, videos, pictures, warez, games, software and much more...

There's more to this case and others, but that will still have to wait until David's case is out of court. This hasn't happened yet, and David's legal expenses are still astronomical. I remind my readers that donations to his legal fund can be made directly through his lawyers at

David Ritz
c/o Debra S. Koenig
Godfrey and Kahn, S.C.
780 N Water Street
Milwaukee WI 53202

Or via Paypal or credit card.

Indictment against Soloway online

2007-10-26T12:49:00.000-07:00

And speaking of Soloway, SpamSuite now has the Feds' Superceding Indictment against Soloway on line for your reading pleasure.

In a nutshell, the government alleges that Soloway operated Newport Internet Marketing (NIM) starting in 1998. He currently runs it from Seattle. His business model was to use fake company names and various domain names to spam out ads for his spamming services and software. He fraudulently claimed that the spam would be sent to people who had opted in and that the spam would be geographically and interest targeted. He also offered a 100% refund if not satisfied. The spamming software often did not work at all, but Soloway would refuse to provide asistance or refunds. Soloway would threaten customers' credit ratings if they persisted in demanding refunds.

The government also alleges that registered domain names through chinese ISPs which would not reveal him as the owner.

The government also covers the usual CAN-SPAM violations such as spamming, false headers, identity theft and so forth.

Jason Downey sentenced to one year for botnet

2007-10-26T12:36:00.000-07:00

I previously mentioned Downey in June when he was arrested as part of Operation Bot Herder, where he was charged alongside of Robert Soloway.

Downey has been sentenced to 1 year in prison, 3 years probation, and just over $21,000 in restitution. He will require prior permission to access a computer during his probation.

The government's case against Downey stated that he'd controlled a botnet of over 6000 infected computers which he used to launch ddos attacks against other networks he wanted to knock off line.

Encyclopedia of Spam — three hours to go

2007-10-24T13:43:00.000-07:00

Only three hours left and the bidding is still less than what it cost me to bind it. Someone's going to get a bargain.

News on David Ritz case

2007-10-23T16:29:00.000-07:00

As I've written before on occasion, former porn spammer Jerry Reynolds filed a couple of SLAPP lawsuits against me over my old anti-spam website. In addition, he sued spam-fighter David Ritz for running "unauthorized" DNS lookups on his servers.*

Obviously David isn't really being sued over a few DNS lookups; he's being sued for being a thorn in Reynolds' side during the years when he was trying to get the Netzilla/Sexzilla porn spam operation to stop spamming.

At any rate, the trial in David's case started this week. I don't have access to a lot of information coming from the trial, but I did just receive word that plaintiff's motion to exclude David's expert witness was denied. It's not much, but it's good to know that the first news from the trial is good news.

Just a reminder that David's legal expenses are mounting. You can help by donating to his legal fund at: David Ritz; c/o Debra S. Koenig; Godfrey and Kahn, S.C.; 780 N Water Street; Milwaukee WI; 53202. Or, if you like, you can donate by paypal or credit card.

And finally, the auction for a copy of the Encyclopedia of Spam closes in just one day. Currently, the bidding is so low that the winner will get it for less than it cost me to have it bound. Here's your chance to own a very rare conversation piece. Proceeds go to David's defense fund. (Sorry, not available in North Dakota.)

---------
*For those unfamiliar with the inner workings of the internet, a DNS lookup is equivalent to calling up a switchboard and asking for a phone number. For example, if you want to call your local library, you don't punch L-I-B-R-A-R-Y into your phone, you first look up the number that belongs to the library, and then punch that in. By the exact same token, if you want to connect your web browser to library.org, you first go do a DNS server lookup to get the IP address of library.org and then make your connection. The difference is that the lookup process is done automatically for you by your browser.

That's right, every single one of you do hundreds of DNS lookups every day. You had to do one just to read this blog. Yet this is exactly what David Ritz is being sued for.

The other things David are accused of doing are a zone transfer and a whois lookup. A zone transfer is equivalent to calling the library and asking for a copy of their phone list. A whois lookup is equivalent to going to the county clerk's office and looking up the owner of a property.