The Spam Diaries

News and musings about the fight against spam.
 by Edward Falk

Sunday, August 26, 2007

FTC takes action against Hoodia spammer Brian McDaid

Via PC World: pill spammer Brian McDaid and his company "Neutraceuticals, LLC" has been ordered by a U.S. judge to stop selling his weight-loss products on line. The company's assets are also frozen.

The gist of the FTC's complaint seems to be that the advertised pills were ineffective, although CAN-SPAM violations are also mentioned.

This is only a temporary restraining order, but it is likely that more actions are in the offing.

The PC World article goes on to mention that one of the tactics used by McDaid's company was web form hijacking*. Apparently this is the first time the FTC has filed a case against a spammer doing this. The FTC's database includes 85,000 spams sent this way. That's a lot of penalties under CAN-SPAM if the FTC chooses to pursue that route.

More details can be found in this letter from McDaid's lawyer to the judge, the memo in support of the TRO, and the TRO itself. See SpamSuite for more.

Labels: ,

Saturday, August 25, 2007

Spammers now using YouTube as bait

This just in: You get an email that tempts you to follow a link that looks like it takes you to a YouTube video, but then it asks you to download an executable into your computer. This is most likely a variant of the Storm Worm.

What are you thinking...if pat sees this your divorced dude. :-{) go look at it...

The actual link doesn't really go to YouTube, but to a look-alike site containing the virus.

Interestingly enough, both Thunderbird and Firefox thought the email and target site were suspicious and flagged them.

Monday, August 20, 2007

You didn't just join some web site you don't remember joining

Just a heads-up: There's a new round of phishing spam that looks like this:
New Member,

We are so happy you joined Net-Jokes.

Confirmation Number: 68436927666
Your Temp. Login ID: user4367
Your Temp. Password ID: ix394

Be Secure. Change your Login ID and Password.

Click here to enter our secure server:

Welcome Department
The name of the service, and all of the other details vary with each copy of the spam. When you click on the link, you're asked to download their "Secure Login Applet" which, of course, is a virus.

I'm guessing that nobody who reads this blog is foolish enough to install that applet, but do pass this along to your more gullible friends, won't you?

Update: The Internet Storm Center center believes that this is the Storm Worm virus.

Junk faxers fined

Nice to see the FCC still has a hand in. They've just fined QuoteMaster USA $43,000 for sending junk-fax ads for life insurance (pdf) and Hot Lead LLC over $2 million for sending junk-fax ads for mortages, insurance, T-shirts, and their own services.

Not surprisingly, both companies kept junk-faxing even after being told to stop by the FCC.

More on Sanford Wallace from John Levine's blog

Just a quick link to John Levine's blog where he discusses the MySpace vs Sanford Wallace case, including a link to the actual injunction (pdf, 27 pages). In a nutshell, given the precedent set in the MySpace vs TheGlobe case, and the fact that this case is before the same court, this should be a slam-dunk for MySpace.

I last mentioned this case in July.

Wednesday, August 15, 2007

Is the U.S. Army typo-squatting? Turns out no.

One of my favorite viral things on the internet is the "213 Things Skippy Is No Longer Allowed To Do In The U.S. Army" list. (My favorite: #87. If the thought of something makes me giggle for longer than 15 seconds, I am to assume that I am not allowed to do it.)

Actually, just read the list, then come back.

OK, you're back? Good. Anyway, as I was saying, the list became so popular that Specialist Schwarz wound up creating a domain name and a blog for it. The domain name is

Imagine my annoyance a few days ago when I typed "" (missing 's') and found myself redirected to what looked like an Army recruiting page. I was originally going to title this article "Is the Army typo-squatting?", but a little more research showed that the domain is registered to a domain squatter called "Navigation Catalyst Systems, Inc". Sometimes the page redirects to which seems to be in the business of selling services to military people, and sometimes it redirects to a generic link-spamming page.

This has been observed elsewhere as well — it was brought up in a radio interview a few days ago, as mentioned in Skippy's blog.

Tuesday, August 14, 2007

I hate blowback, yes I do

The second punch I received from spammers today was in the form of blowback caused by mortgage spammers forging my domain name into the From: lines. Over 4000 bounces were received which caused my ISP's email system to melt down.

Don't use Front Page. Don't even have it on your system.

Received a one-two punch from spammers today. The first punch was when I tried to view a few web pages on my server and found them replaced with pages full of links, obviously placed there by link spammers.

I notified my ISP of the problem, and they informed me that the spammers had exploited a flaw in Microsoft's "Front Page" product. Wait, what? I don't even use Front Page. But it was on my web page account from the very beginning. I never even knew it was there.

Googling for «Front Page exploit» produced nearly two million results. Great. Thanks Bill. Another few hours of my life stolen by your crapware.

Friday, August 10, 2007

Citizen sues Representative John Doolittle for spamming

This just in from SpamSuite: Sindeelou Thomson has sued US Representative John Doolittle for sending her unwanted spam. [Channel 13, Sacremento story].

Given that the CAN-SPAM act specifically legalizes political spam, I don't think this will get a lot of traction. In this particular case, however, she's suing under the California anti-spam law which is somewhat tougher than CAN-SPAM. This may be worth watching.

Thursday, August 09, 2007

Gordon to appeal summary judgement

Earlier this week, I reported that James Gordon had lost his lawsuit against Virtumundo on summary judgement and that Virtumundo had been awarded approximately $111,000 in legal costs from Gordon. To nobody's great surprise, Gordon has appealed [SpamSuite] the summary judgement, which presumably will put the award of legal fees on hold.

The legal document shown at SpamSuite does nothing more than notify the court of Gordon's intent to appeal. No grounds for the appeal are given yet.

Labels: ,

419 scammer arrested in Florida

A local TV station in Orlando, Florida is reporting that a "most wanted" Nigerian scammer named Rilwan Soetan has been arrested in Tallahassee during a routine traffic stop. Unsurprisingly, he was found with other people's identifying information and multiple cell phones, as well as $6000 in cash.

Here's what I want to know: what was he doing so far from Boca Raton?

Full story at


Tuesday, August 07, 2007

Rizler sentencing documents released

This just in from SpamSuite: Christopher Smith, aka Rizler was sentenced to 30 years last thursday, according to the Mineapolis Star Tribune. Today, the actual sentencing document went online at SpamSuite.

The 30 year sentence turns out to be the longest of several different sentences which will be served concurrently. The grand total for all charges came to 74 years. The two big sentences were 20 years for money laundering and 30 years for "Continuing Criminal Enterprise". The online drug-dealing sentences were five years each. He'll be at the maximum security prison in Terre Haute, Indiana.

Forfeitures came to over $24 million.

I don't believe he's yet gone on trial for trying to have a witness killed. That should be interesting.

Labels: ,

Security issue: phishers now targetting domain registrars

This is an issue of some concern and should be watched carefully: phishers are now trying to get passwords of domain registrants. Currently, correspondents inform me that GoDaddy is the target, but there's no reason to think the phishers won't expand to other registrars.

Normally, phishers go after bank accounts or other financial information, or sometimes the online accounts of users so that they may send spam.

It's not known precisely why phishers are after domain registration information, but the possibilities are chilling. The most obvious danger is that the phishers might be trying to simply steal domains — recall the and fiascoes.

One worst-case scenario which has been suggested is this: If a phisher were to successfully hijack the domain registration of a bank or credit union, they could surreptitiously redirect the domain name to their own servers and conduct a man-in-the-middle attack without the bank even realizing it's happening.

Dear GoDaddy Customer,

GoDaddy Customer Support Team requests you to complete GoDaddy Customer Online Form.

This procedure is obligatory for all customers of GoDaddy.

Please click hyperlink below to access GoDaddy Customer Online Form.

Please do not respond to this email.

This mail generated by an automated service.

Copyright © 1999 - 2007, Inc. All rights reserved.
Of course, the link provided actually goes to the phishing site, not to GoDaddy.


Thursday, August 02, 2007

Rizler gets 30 years in the slammer

Drug spammer Christopher William Smith, also known as "Rizler" was sentenced to 30 years in prison for his illegal online drug-selling business. The long sentence was partly in response to Smith's flagrant defiance of judicial orders, and the death threats he made against a witness.

These details, and many more, are covered in today's Mineapolis Star Tribune.

Labels: ,

Virtumundo wins legal fees from Gordon

Not a happy day, but perhaps a predictable one. Spammer/spyware distributor Virtumundo has won legal and attorney fees to the tune of $111,000 from anti-spammer James Gordon. See Electronic Communications article Court Tags CAN-SPAM Plaintiff With $111,000 Fee Award.

Although there's very little question that Virtumundo is a spammer, as asserted by Gordon, the court ruled that Gordon had no standing to sue, as the CAN-SPAM law protects spammers from lawsuits from ordinary citizens. Gordon had created a free email hosting service in order to give himself standing as an ISP under the law, but the court wasn't buying it. The award of fees to Virtumundo will likely mean an end to to Gordon's practice of suing spammers.

Labels: ,

Wednesday, August 01, 2007

Porn spammer Nicholas Tombros avoids jail

Secure your damn WiFi

The U.K. Register and other sources are covering the case of Nicholas Tombros who was convicted of hijacking WiFi connections in order to send porn spam. His method was to drive around the Venice, California area looking for open wireless internet connections, logging on, and sending spam through the network connections of unsuspecting home owners.

The sentence is little more than a slap on the wrist — he was given a $10,000 fine and sentenced to six months of home detention. No word on how much he made from the porn spam, but if it was more than $10,000, and it probably was, this is a joke of a sentence.