Online Media Daily is reporting that Microsoft has filed a lawsuit against a spammer they sued 7 years ago for the same thing. Boris Mizhen is accused of spamming Hotmail users and then using millions of fake accounts to manipulate the service’s spam filters. Mizhen and his associates sent their spam to those fake accounts and then moved the messages to their inboxes to trick Hotmail into thinking they were legit and removing the block.

          “Defendants’ deceptive conduct allowed them to circumvent Hotmail spam filters and to continue to disseminate a vast quantity of spam email messages to legitimate Hotmail users,” the company asserts.

An interesting tactic? Yes. A real scum bag? Pretty much. That said I’m not sure suing spammers is really all that wise. There have been many lawsuits filed and won and huge settlements awarded, but have the companies who won ever seen a dime? Not likely. Most spammers avoid paying by filing bankruptcy, and some live overseas, making collecting futile. The companies have their victories-and their legal expenses. Is it worth it? It doesn’t appear to stop spammers one bit, and Mizhen is proof.  He lost the first lawsuit, was ordered to pay Microsoft $2 million and agreed not to spam Hotmail users any more. That didn’t last long. While something needs to be done about spammers I don’t think lawsuits are the answer. Instead, we need tough new anti-spam laws and more prosecutions. Multi-million dollar judgments don’t faze spammers one bit. Maybe the prospect of doing hard jail time will.

It has been a big year for the internet with social networks continuing to grow at an amazing pace, search engines scrambling to keep pace with user demand for fresh news, and as always spam and malware causing havoc around the world.

A look at the year’s major spam event shows some consistent trends.

• Season spam such as Valentine’s Day and Christmas remains predictable
• Spammers quickly move to exploit any major global news events such as celebrity deaths and wars
• Spam networks are becoming more distributed and resistant to shutdown attempts
• Social networking spam is on the rise as spammers attempt to exploit the perceived trust between people and their online “friends”
• Human error continues to be a big part of the spam landscape, both through inadvertent data exposure and through people falling victim to social engineering

Here is a look at some of these major events throughout the year.

January

Scams promising free money from US government grants attempts to exploit the news of corporate bailouts and the increase in unemployment.

Fake CCN news alerts take advantage of a clash between Israel and Hamas.

Global spam volume begin returning to normal levels after the McColo shutdown of November 2008.

The inauguration of US President Barack Obama leads to a wave of spam spreading rumours that his inauguration is invalid or that he resigned and attempts to trick users in downloading malware.

Spammers also get a head start on Valentine’s Day with malware-carrying love letters.

February

Human error at Google marked the entire internet unsafe (is it really that far from the truth?).

The poor economy continues to cause unemployment to increase, leading to a new wave of fake job spam.

Microsoft offeres a $250,000 reward for information leading to the arrest and conviction of the Conficker worm creators.

March

Citibank falls for a Nigerian 419 scam to the tune of $27 million, but is saved when the transfers fail due to invalid account numbers provided by the scammers. Continue reading 2009, The Year in Spam»

Billionth spam received by Project Honey Pot.

Project Honey Pot announced earlier this month a dubious achievement. It had attracted its one billionth spam message. The ejunk purported to be from the U.S. Internal Revenue Service and informed its recipient:

“After the last annual calculation of your fiscal activity we have determined that you are eligible to receive 760,635 tax refund under section 501(c)(26) of the Internal Revenue Code. Please submit the Tax Refund Request form and allow us 3-9 days to process it.

“Yours faithfully,
“Sarah Hall Ingram, Commissioner”

Although the spammers forgot to put a dollar sign in front of the refund amount, they were accurate in some other details in the message. There is a section 501(c)(26) of the Internal Revenue Code. It lists non-profit organizations exempt from some federal income taxes, and subsection (26) includes in that category “State-Sponsored Organization Providing Health Coverage for High-Risk Individuals.”

Sarah Hall Ingram is an IRS commissioner, but not the IRS commissioner, as the letter would lead one to believe. However, she is the commissioner of the agency’s Tax Exempt/Government Entities Division, which would be a believable source for the message.

Project Honey Pot is a community of tens of thousands of web and email administrators from more than 170 countries around the world who are working together to track online fraud and abuse.

According to the Project, the IRS spam was sent from bot malware running on a compromised machine in India. It noted that the email address used by the bot was originally harvested on Nov. 4, 2007 by a grim reaper that has sent more than 53 million messages to the address since that time.

Continue reading Project Honey Pot: One billion spams and counting»

Security researchers say botnet herders, malware authors, spammers, and other cybercriminals have begun taking matters into their own hands and creating their own ISPs. Now that even so-called “bulletproof” ISPs are being pursued and shut down, cybercriminals have decided that doing it themselves is their best bet.

They start by setting up data centers and stocking them with servers, then they seek out a local Internet registry (LIR) or a regional (RIR) one that doesn’t have the resources to verify applications as they should. In most cases anyone applying for a block of IP space must go through a screening process that includes submitting legal documents showing their business name, the names of the officers in their company, a written explanation of why they need the space, a listing of the company’s PCs, router configurations, network maps and more. By going through either local registries or ones that for one reason or another can’t or won’t do a full screening, cybercriminals are getting set up as ISPs. In many cases these less than thorough registries require nothing more than a letter explaining why the space is needed.

Once the criminals are granted the space they themselves become bulletproof. They obviously will ignore any take down orders. The best example of this kind of set up is the infamous Russian Business Network, which hosted hundreds of spammers, botnet herders, phishers, hackers and other cybercriminals. They firmly ignored take down orders and fiercely protected their customers. RBN was able to get a block of IP space because by going through a European LIR they didn’t bother doing a thorough screening and the RIR, RIPE NCC granted the space based on the LIR’s report.  RIPE defended itself saying they had no way of knowing if an applicant is up to illegal activities or not.

“It is impossible at that stage in the process for the RIPE NCC to determine that a company is involved in illegal activity. The member in question later proved to be a front for RBN,” RIPE said in a statement on the case.

RIPE was eventually able to close down the LIR and reclaim the space from the RBN, but the practice is still flourishing. To stop it, it’s up to LIRs and RIR to stay on the ball and thoroughly screen applicants.

Alan Ralsky, dubbed the “Godfather of Spam” has been sentenced to 4 years in prison by a federal judge. Ralsky was convicted of conspiring to commit wire and mail fraud, violating the CAN-SPAM Act, wire fraud, and money laundering. He was the ringleader of a spam ring that raked in millions off of a “pump and dump” scam featuring Chinese penny stocks. He sent billons of spam messages promoting the penny stocks.

The scam works by tricking people into buying what they think is a hot stock, thereby artificially inflating its worth. The scammers then cash in and disappear, leaving their victims holding worthless stock and having lost hundreds to thousands of dollars.

“With today’s sentence of the self-proclaimed ‘Godfather of Spam’, Alan Ralsky, and three others who played central roles in a complicated stock spam pump- and-dump scheme, the court has made it clear that advancing fraud through the abuse of the Internet will lead to several years in prison,” said U.S. Attorney Terrence Berg, in a statement on Monday.

Ralsky’s partners will also see jail time. His son-in-law Scott Bradly was sentenced to 40  months in prison and 5 years probation while How Wai John Hui, a Hong Kong resident who served as the dealmaker for the companies whose stocks were being hawked, got 4 years in prison and 3 years probation. Ralsky’s third partner, John Bown, will be spending 32 months in prison and 3 years on probation.

In addition to his prison time, Ralsky will also be put on 5 years probation and have to forfeit $250,000 seized by the government.

There are 7 others involved in the scam awaiting sentencing.

A Dutch software developer has been fined over $300,000 for sending more than 21 million spam messages. He will also be charged a little over $7,000 for each day he continues to spam. Reinier Schenkhuizen was first warned in 2004 that he was in violation of Dutch anti-spam laws but ignored it, resulting in 379 more spam complaints being lodged against him and a raid on his home.

Schenkhuizen continues to deny that he is a spammer and plans to appeal the ruling. He claims that the emails customers send with his email client do have an ad for his company in them but that it can not and should not be considered spam. However, Schenkhuizen’s business is described as an “internet promo” company which really does seem like a fancy way of saying spamming.

It is encouraging to see European countries getting tough on spam. Many spammers user servers and ISPs located overseas because it is easier to avoid detection and prosecution there. Hopefully if more and more countries develop tough anti-spam and anti-cybercrime laws the war against spammers and hackers will finally make some real headway.

When the spammer friendly ISP McColo was shut down late last year, spam levels dropped sharply. This was due in large part because several large botnets had been hosted by McColo and were knocked offline. However the good times didn’t last. Spam levels have returned to pre-McColo levels now that the spammers have found new homes for their activities. Most moved to servers in Estonia and Romania knowing those countries do little to curb spamming or other cybercrimes.

Since January, spam has risen 60% and a whopping 40% of that is thanks to the Rustock botnet. Rustock focuses on image spam and spoofing HTML templates from legit newsletters to give recipients the illusion that their spam is legitimate and professional.

Continue reading Rustock Botnet Behind Rise in Spam»

A Michigan man faces up to 3.5 years in prison for his part in a penny stock spam scheme that involved the sending of millions of emails.  63-year-old Alan Ralsky and his son-in-law Scott Bradley faced a 41 count indictent under the CAN-SPAM Act. Ralsky also pleaded guilty to stock fraud and money laundering.

          “Alan Ralsky was at one time the world’s most notorious illegal spammer,” U.S. Attorney Terrence Berg said after the plea. “Today Ralsky, his son-in-law Scott Bradley, and three of their co-conspirators stand convicted for their roles in running an international spamming operation that sent billions of illegal e-mail advertisements to pump up Chinese ‘penny’ stocks and then reap profits by causing trades in these same stocks while others bought at the inflated prices.”

The pair and nine others operated a penny stock pump and dump scheme. They sent out unsolicited emails to millions hyping a worthless Chinese penny stock. When unsuspecting victims fell for the come ons and bought shares, it artificially inflated the stock’s worth. Ralsky and the others then sold their shares for huge profits and left their victims hanging.

They used forged headers, proxy computers and domains registered under fake names to send their spam without being detected. Prosecutors plan to recommend 35 to 43 months in prison, a term Ralsky agreed to as part of his plea deal. The deal also includes a fine of up to $1 million and an agreement on Ralsky’s part to assist government in future investigations.

Security researchers at TRACELabs has found that the top botnets on the net today are Rustock and Xarvester. Rustock, which was temporarily laid low by the shutdown of spammer friendly McColo, has returned with a roar and is now sending out 25,000 spam messages an hour, or 600,000 a day. This still pales in comparison with the Srizbi botnet, which never returned to its former glory after McColo shut down. At its peak it was capable of sending 60 billion spam messages a day.

Sharing the top spot is the Xarvester botnet, which rose from the ruins of Srizbi and also sends out 25,000 spam messages an hour. Mega-D, a former giant, brings up the rear with 15,000 spam messages a day being sent. Interestingly, Waldec, the botnet behind Conficker, is far below the top three, sending only 7,000 spam messages a day. There are a total of 9 botnets that are responsible for most of the spam on the net.

What does this all mean? Well it proves that as far as spammers are concerned, where there’s a will there’s a way, and if their host is shut down, they’ll just find somewhere else to set up shop. Since there are still many countries, such as Romania and Estonia, that do little or nothing to fight cybercrime, there will always be someplace for these cybercriminals to hide. It will take a truly global effort for the war against hackers, spammers and other cybercriminals to truly become effective.

It never ceases to amaze me how arrogant some hackers and spammers are. Reading about the case of Josh Holly, the person who hacked into Miley Cyrus’ MySpace account, the hacker clearly shows his youth when he argues that he can’t ever be caught. Of course, when I was 19, I too thought I was invincible. We all did. My biggest crime though, was smuggling a briefcase full of beer into my friend’s dorm room. (Unlike Holly though, I was never caught!) He was just too sure of himself and spent a little too much time bragging about his exploits, and people who are a lot smarter than he finally caught up to him. As for me and my friends, we just drank the beer and moved on with our lives.

Holly, also known as “TrainReq”, had hacked into the talented Miss Cyrus’ MySpace and Gmail accounts and stole her personal photos, but according to a recent update on the account on Wired.com, his activities weren’t just limited to cheap thrills. He was, of course, a spammer and had raked in over a hundred thousand dollars, sending out spam from celebrities’ email accounts.

Continue reading Hacker who broke into Miley Cyrus account was a spammer»