The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Tuesday, March 27, 2007

New botnet on the block? Keep an eye on port 1720

Correspondents inform me that they've observed customer machines infected with viruses that are running services on ports 1720 and 1863. Currently, there's no traffic on those ports, but it's possible that they form part of a new botnet.

Oddly enough, it's been seen on Fedora Linux as well as windows. It's pretty rare for a virus to run under Linux, so perhaps this is video conferencing software idly waiting for an incoming connection.

I'll post more details when I have them, but it's something to keep an eye on. If anybody has any more information, please post a comment.

UPDATE: Correspondent has assured me that this isn't videoconferencing software, and that experienced techies are looking into it. Whatever it is, it's spreading rapidly.

Sysadmins should be prepared to block ports 1720 and 1863 if things start happening.

More information as it becomes available.


Sanford Wallace sued again — this time by MySpace

I've been very busy of late, with a lot of catching up to do, but this one is just too juicy to wait:

Sanford Wallace, the original mass email spammer (and junk faxer and purveyor of spyware) is now being sued by MySpace for phishing and spamming. MySpace is claiming violations of CAN-SPAM, and the California anti-spam and anti-phishing laws.

More coverage from Digitial Media Wire. Press release can be seen on BusinessWire.

Labels: ,

Spam: the documentary is on CBCNW again tonight

Word just crossed my desk that Spam: the documentary is on CBCNW again tonight, 10 pm EST.

I saw it when it first came out; it's pretty good. If you haven't seen it before, now's your chance. Includes a number of interviews with a number of prominant spam-fighters.

Joe-Bob sez check it out.

Monday, March 19, 2007

New phish on the block — fake MoneyBookers email

OK, one I hadn't seen before: Email from "" tells me to click on a link to receive my $300. No indication as to who the money is from. Obfuscated URL. Wants a copy of my passport and my personal banking information. Puh-leeze.

Now, there is a real, but they're in London and the URL in the email leads you to Bolivia. I'll forward the spam onto the real MoneyBookers, but dollars to donuts they already know.

If you're reading this now, you're probably not the kind of person to fall for this, but for the love of all that's holy, please get on the horn to your Uncle Charlie in Peoria, or your cousins back in the old country, or whichever one of your relatives always falls for this stuff, and warn them about this before they start digging through their stuff looking for their passport. Tell them: Strangers are not sending you money out of the blue.


Saturday, March 17, 2007

Windows spam to my Debian email address — oh, the irony

Really not much to say here. Debian is a version of the Linux operating system. I gave a tagged email address, and they leaked it to spammers.

Today, I got spam for Windows software to that address.

Tuesday, March 13, 2007

Return Path editorial on why they joined the Amicus Brief in the E360 vs Spamhaus lawsuit

SpamhausBelieve it or not, there are legitimate email marketers out there.

As proof of this, note that marketing companies Return Path and Datran both signed on to the Amicus Brief that was submitted on behalf of Spamhaus last week. (This is remarkable when you consider that Datran was actually listed by Spamhaus less than a year ago.)

Matt Blumberg, CEO of Return Path published an online editorial today explaining their position. Joe-Bob sez check it out.

Labels: , ,

Dave Linhardt files another SLAPP lawsuit

Word has reached me that Dave Linhardt, who is currently suing Spamhaus for calling him a spammer, has filed suit against several more anti-spammers, including Tim Skirvin who maintains the newsgroup, which among other things, documents spam sent by his company, E360. He's suing them for defamation for calling him a spammer.

Update: The filing is now available online (pdf, 7 pages). It's the usual: It's not spam, he uses double opt-in, the people he sent it to really wanted it, and defendants are forwarding mail from him to blacklists to get him listed.

Update: Lawsuit has been withdrawn.

Labels: ,

Monday, March 12, 2007

First SEC suspendee cries Joe Job

On Thursday, I wrote about the SEC's action in suspending trading on 35 companies which had had their stock promoted via pump-n-dump spam.

On Friday, the first of those companies cried foul. Red Truck Entertainment has issued a press release claiming that they were unfairly listed because their parent company, Falcon Energy, had been touted in a pump-n-dump scheme.

According to the press release, Red Truck had very little to do with Falcon Energy prior to the reverse merger, and further Falcon Energy was not responsible for the stock spam that got them listed.

Thursday, March 08, 2007

SEC to crack down on pump-n-dumped stocks

On the heels of yesterday's news about the FTC cracking down on spyware, comes the news that the SEC has suspended trading on 35 companies being promoted via pump-n-dump spam. [SEC press release]

Forbes magazine is less optimistic about this SEC move than many other journals. In their article Why The SEC Can't Stop Spam, they point out that as long as stock spam is profitable — and it is — spam won't be slowing down any time soon.

Previously, I had always assumed that the companies named in pump-n-dump spams were innocent victims — chosen by the spammer for their cheap prices and low volumes, which would make it easy to manipulate via the fraud. If this is the case, then it's unfair for the SEC to be holding them responsible.

However, last November, I read an interesting article in the Guardian which gives strong evidence that the companies touted in the scams are accomplices, not victims. Either created for the purpose of taking part in the scam, or at least all to happy to be part of the action.

Also of interest: all of the suspended stocks are handled by "Pink Sheets", an electronic securities trading system which is favored by small, thinly-traded securities that don't meet the listing requirements for national stock exchanges. According to the Forbes article, Pink Sheets CEO Cromwell Coulson says that Pink Sheets takes spam seriously, and will block trading on a stock once it receives a verified spam complaint. As for the 35 stocks suspended by the SEC — Coulson they'll be gone for good from Pink Sheets, even after the suspension ends.


Latest Court Win: £1368.66

Via Scotch Spam!: Gordon Dick was able to win £750 + interest + expenses for a grand total of £1368.66 from Transcom Internet Services Ltd. in small claims court in Scottland. Transcom had obtained Dick's email address by harvesting addresses from another mailing list, in violation of EU data protection laws.

My favorite part of the story was where the Sheriff decided that Transcom had been deliberately wasting time, and asked the court clerk to schedule the trial on a busy day to make sure that Transcom's solicitors costs added up while they had to sit in court waiting for the case to be called.

More on this story from Yahoo! News.


Et Tu, Linspire?

I am the product

It's happened again. This time it's Linspire who has sold or leaked my email address to spammers. Shame on you Linspire. See if I ever buy your product again.

Wednesday, March 07, 2007

FTC to start going after spyware patrons

Last March, I wrote an article about the connection between mainstream advertisers and adware (sometimes called spyware) vendors. In short, advertisers were engaged in hiring advertising agencies which were (often through other proxies) paying to have their advertisements run on the computers of victims of spyware.

The key point being that if it weren't for advertising money from entities willing to look the other way, there would be no incentive for the spyware industry.

According to yesterday's Washington Post, in an article entitled "Stopping Spyware at the Source", in recent months, the FTC has filed deceptive-advertising cases against two spyware distributors (Direct Revenue and Zango) and plans to start going after some of the big-name advertising agencies that hire the spyware distributors.

This on the heels of action taken by New York state against three large advertisers in January.

It is hoped that the FTC campaign will sufficiently disrupt the spyware economy that it will no longer be economical to distribute spyware.

Tuesday, March 06, 2007

Amicus Brief filed in Spamhaus case

SpamhausI last wrote about the E360 vs Spamhaus case last October. In a nutshell, spammer Dave Linhardt, CEO of E360 sued Spamhaus for listing him as a spammer. Spamhaus, based in England, declined to submit itself to the jurisdiction of a U.S. court, and Linhardt was awarded over $11M in a default judgement. Spamhaus is now appealing this judgement and arguing jurisdiction.

As part of this appeal process, a "friend of the court" brief (pdf, 58 pages) was authored by Matthew Prince (Adjunct Professor at John Marshall Law School and founder of Unspam) and co-signed by dozens of other interested parties. The list of signatories itself is fascinating, being composed of both anti-spam organizations such as CAUCE, and email marketers such as Datran.

In short, the brief argues that: There is no jurisdiction over Spamhaus in the United States. The judge erred in giving a default judgement before even settling the issue of jurisdiction. The internet would be badly harmed if a precedent like this were set. The decision to block emails based on Spamhaus' data is made by individual ISPs and not by Spamhaus — thus holding Spamhaus liable for the decisions made by others based on the information Spamhaus provides would be akin to holding movie reviewers liable for a film's failure. The CAN-SPAM act specifically grants immunity to ISPs for their efforts to block spam. The OptinRealBig case extended CDA protections in such cases to services such as Spamhaus. The permanent injunction issued by the court would create a legal standard and process that is unworkable and would thwart any attempts by ISPs to block spam.

More on this story in Direct Magazine article Well-Known E-mailers Back Spamhaus in Amicus Brief.

Oh, one interesting tidbit of trivia that's come to my attention in this case: The judge who issued the default judgement in this case is himself a user of Spamhaus — he just doesn't realize it.
... in fact, the email addresses of all United States federal court judges and employees are currently protected from undesirable "spam" email by a filtering system utilizing Spamhaus' SBL list.

Labels: , ,

Beware Google/Gmail phishing attacks

If you get one of these in your email:
Subject: Account Deletion Notice - - (CASE:KMMN312SDFS2DB8276DD1IU)
it's not real; it's a phishing attack. If you responded and filled out the form, change your password immediately.

Given that Google uses the same account id for multiple purposes, the phisher can do a lot more damage than just messing with your email if they get your password.

Monday, March 05, 2007

Another 419 scammer gets 0wned

Man, I just never get tired of these. From 419 scammer convinced to carve a bust and send it to scambaiter "Shiver Metimbers". But oh dear, it was eaten by squirrels.

More on and this story at BoingBoing.

Thursday, March 01, 2007

FDA Alerts Consumers to Unsafe, Misrepresented Drugs Purchased Over the Internet

Calling Captain Obvious. Captain Obvious to the white courtesy phone, please.

I'm shocked, shocked, to discover that pills bought on the internet may not be what they seem. For more, read this FDA press release.

CAN-SPAM law survives legal challenge

Via Spam Notes: Spammer Michael Steven Twombly and cohorts leased servers under an assumed name (a violation of CAN-SPAM) from the company "Biznesshosting" and immediately began sending out millions of spams. Biznesshosting was receiving complaints within hours of giving Twombly his login credentials. In addition to the fraudulent server registration, the spams contained fraudulent headers, also a clear violation of CAN-SPAM. Biznesshosting terminated Twombly, but not in time to prevent being listed in one or more blocking lists. The FBI got involved, and eventually Twombly and his partner Joshua Eveloff were prosecuted.

Part of Twombly's defense was that the case should be dismissed on the basis that the CAN-SPAM law is too vague and overbroad. On Feb 22, the U.S. District Court ruled against him.

For more details, read the court's decision (5 pages, pdf).

Labels: ,