The FTC won a legal victory against what it considers as one of the largest spam gangs on the Internet. A federal court in Chicago agreed to freeze the assets of the notorious spam gang known as HerbalKing and shut them down. HerbalKing has sent billions of spam messages to Internet users promoting everything from fake watches to fake prescription drugs. The injunction was granted after FTC officials argued that the group was in violation of the CAN-SPAM Act of 2003.   

          “This is pretty major. At one point these guys delivered up to one-third of all spam,” said Richard Cox, chief information officer at SpamHaus, a nonprofit antispam research group.

Read the rest of this entry »

Ferris Research recently predicted that there would be 40 trillion spam messages sent this year. It would seem then, that we have a continuing problem on our hands, especially since spam has morphed from simple, but annoying, advertisements to Trojan horses and links to malware-infected web sites. The focus of spam has changed. Five years ago, spam was designed to sell us something; today, it is designed to steal something from us. Spam is no longer just a cheap tool used by a two-bit marketer to peddle get-rich-quick schemes; it is now used by organized criminals in pump-and-dump stock schemes, to sell illegal goods, or to steal passwords and account numbers.

Wasn’t there supposed to be legislation to help eliminate spam? Remember the CAN-SPAM Act? It didn’t seem to have done its job. Oh, yes, it did make spamming illegal, and there have been a few high-profile cases. Some heads have rolled. But the spamming continues unabated, and in fact, has increased tenfold over the past five years since the Act was first passed. This week, Network World ran a review of the CAN-SPAM Act and what went wrong, noting that when the bill was passed, 45 percent of emails were spam. This outrageous number triggered the passage of the CAN-SPAM Act. Yet today, 97 percent of emails are spam, and there were 164 billion spam messages sent during the month of August.

Read the rest of this entry »

Most web browsers are supposed to protect people by implementing security zones. These safe zones use different security settings of a web browser, which can vary based on the location of the web page being viewed. Phishing emails can lure users to a malicious code web site.  These sites attempt to install spyware, malware or both onto the unknowing person’s computer. These web sites rely on weaknesses in web browsers, which will allow installation and execution of harmful programs on a computer.  These web browser vulnerabilities allow overriding settings, even when these sites are located in a security zone that is not trusted and normally would not allow those actions.

Read the rest of this entry »

Apparently, people can no longer hide behind their companies when local spam laws are broken. This is a case where a huge amount of money was awarded and must be paid by a husband and wife team whose business income was solely based on sending out spam  email advertisements.  Robert W. Kramer, III, owner and operator of CIS Internet Services, has received a $236 million dollar judgment against two individual defendants, Henry Perez and Suzanne Bartok following trial for violation of Iowa’s anti-spam statute. The verdict was entered on September 30, 2008 in the United States District Court, Southern District of Iowa, Davenport Division, by Judge John A. Jarvey.

Mr. Kramer was represented by Cedar Rapids attorney, Matthew L. Preston, with the Brady & O’Shea, P.C. law firm.

The Court found that husband and wife Perez and Bartok sent over 23 million emails advertising mortgage loan refinancing services to CIS computers in 2003.

Read the rest of this entry »

The best defense against spam is continuously educating the email user community.  As administrators we may sometimes get a little too hung up on the technocratic methods of preventing spam. Although the technical details are important, our email users must be constantly reminded of their role to prevent spam.  It’s an extremely important role.

Many spammers are people in each person’s inner circle who send notices, warnings and heads up emails.  When a person sends a friend a chain letter email, surely they do not think they are proliferating spam.  The forwarding of community announcement notices is surely sent with all the best of intentions.  This does not take away from the fact that this type of email clogs up the email highway.

Our friendly spamming friends then want us to send this email to 10 of our friends in the next 5 minutes.  This “not deliberate spam” sent to 10 people will bring the sender an unexpected positive outcome in their life.  The mere hope of something nice happening, by forwarding friendly spam to people in our trusted network, usually makes people do it faster. Read the rest of this entry »

A precedent has now been set in South Africa.  Repeat spam offenders are now on notice.  Spammers now have a price on their heads and their names on a Wall of Shame.  It would be nice, if this was a sign of things to come for other countries to place bounties on spammers.

Jani Meyer of the Sunday Tribune reports that a South African Spammer Bounty Hunter Programme offers multiple rewards.  There are 3 ways anyone can receive a reward for providing Information that leads to successful prosecution:

• 7,500 Rands ($958.00) is paid if a spammer admits guilt.

• 15,000 Rands ($1,916.00) if a spammer is convicted in the magistrate’s court.

• 30,000 Rands ($3,831.00) bounty is paid for a conviction in the high court.

Alan Levin, Internet Society of South Africa (ISOC) spokesman, said spam made up more than 70% of monitored e-mail traffic.

He said one of the weaknesses in the current system was that it depended on the recipients to act on the spam they received. Read the rest of this entry »

Rustock and Srizbi, two of the world’s biggest spam botnets, may be connected. Researchers have discovered that the two botnets share the same malware delivery method, a Trojan called Trojan.Exchange, which is activated when unsuspecting users click on malicious links in spam messages. Most of the spam the botnets send is of the fake headline variety (such as the recent Obama and Nuclear Disaster spams) and the fake video variety (this type usually tells the recipient they were caught on video in an embarrassing situation and invites them to click on a link to see for themselves).

Rustock is currently the biggest spammer on the net, with Srizbi a close second. It’s not yet known if the two botnets are being run by the same gang or simply have some sort of agreement in which they work together, but there is some speculation that they are both run by the infamous Russian Business Network, a known haven for spammers, hackers, and other cybercriminals. Read the rest of this entry »

The Virginia Supreme court has overturned the state’s anti-spam law, citing it as a violation of the First Amendment right to anonymous free speech. As a result, the conviction of Jeremy Jaynes, who was sentenced to 9 years in prison for sending hundreds of thousands of spam messages to AOL customers, was overturned.

           Everyone agreed Jaynes was incredibly guilty, but the issue was the peculiarity of the Virginia law in that it could be read to apply to people who were sending junk e-mail but not quite as naughtily as Jaynes was doing it,” said John Levine, president of the Coalition Against Unsolicited Commercial Email (CAUCE). “In the United States, we have this ancient tradition where political and religious speech are very strongly protected, but the Virginia law applied equally to all speech, commercial or not.” Read the rest of this entry »

Posted in Spam news, anti spam No Comments Tags: anti spam, Spam news

A botnet created by a trojan virus is sometimes referred to as SpamThru.

According to the Don’t Bounce Spam organization, spammers have become very sophisticated in the way they manage their botnets , and the SpamThru Trojan is the leading example. In at least one case the botnet consisted of over 73,000 computers.

SpamThru operates by using a peer-to-peer configuration, but all bots report to a central control server. The bots are separated into different server ports, depending on which variant of the trojan is installed. The bots are further segmented into peer groups of no more than 512 bots. This keeps the exposure overhead involved in exchanging information about other peer connections to a minimum. The SpamThru controller keeps statistics on the country of origin of all bots in the botnet.  The SpamThru controller also keeps statistics on what version of Windows each infected client is running, down to the service pack level.  The SpamThru bot also has the capability to scan the system for other malware on a system.  Imagine the intelligence of people who take the time to develop this type of sophisticated software, which is used for a very foolish purpose. Read the rest of this entry »

Is text based CAPTCHA on the way out? The folks in India sure hope not. CAPTCHA cracking has become big business there. These businesses, calling themselves “data processing” services, pay workers to solve CAPTCHAS. These are then sent on to spammers, who are able to sign up for thousands of accounts with services such as GMail, Yahoo! Mail, Craigslist, Facebook and Blogger (to set up spam blogs, AKA “Splogs”) and more. Of course these businesses would never admit that the service they are offering is illegal. They claim to be doing it to aide the visually impaired or as a “study” to help improve the CAPTCHA system.

Several of these companies promise a quarter of a million solved CAPTCHA’s a day at the bargain rate of $2 per 1000 solved CAPTCHA’s. Remember, this is India, where such rates are considered quite high. This new business model is so successful that a franchise model has been developed. Here are some ads from these companies, courtesy of ZDNet: Read the rest of this entry »