Archive for the ‘Indictments and Sentencing’ Category:
33 percent of all spam ended yesterday
Sort of….
The FTC (Federal trade Commission) won a preliminary legal victory against the world’s largest spam gang by persuading a Chicago Federal court to freeze the gangs assets and to order their spam network shutdown.
The spam gang, known by spamfighting agencies as HerbalKIng, had a networks of 35,000 computers which which could send out 10 billion spam messages a day. Many of these computers were owned by people who didn’t know their computers had been remotely commandeered to send email on behalf of the spammers. The network had ties in the United States, China, India, New Zealand, and Australia. The network was referred to as the “Mega-D Botnet”.
If you’re unfamiliar with the term “botnet, here’s an explanationation from SearchSecurity.com:
A botnet (also known as a zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. Any such computer is referred to as a zombie - in effect, a computer “robot” or “bot” that serves the wishes of some master spam or virus originator. Most computers compromised in this way are home-based. According to a report from Russian-based Kaspersky Labs, botnets — not spam, viruses, or worms — currently pose the biggest threat to the Internet. A report from Symantec came to a similar conclusion.
The network was purportedly responsible for a third of all spam at one point, and had been collecting $400,000 in Visa charges in one month.
The spammers had been sending messages hawking various pharmaceuticals and male-enhancement drugs. The charges brought against them are more than just spamming counts, but the charges also include making false claims about their product, selling pharmaceuticals without a prescriptions or doctor’s intructions, and selling drugs from countries such as Indie which aren’t regulated or approved for sale in the US. Many of the drugs being sold had harmful side effects.
The FTC’s investigation aginst this organization had been ongoing for over 2 years.
Here’s a bio about HerbalKing from Spamhous spamfighting organization:
HerbalKing is a massive affiliate style spam program for snakeoil Body Part Enhancement scams (penis enlargement). It has also done spam campaigns for replica luxury goods, pharma (counterfeit pills) and porn. Spam arrives via botnets with spamvertised sites on “bulletproof” hosting offshore, particularly in China. The group also uses fast-flux hosting, running sites on hacked botnet PCs.
HerbalKing, with connections to India (possibly due to pharmaceutical supplies), rivals the traditional Eastern European spam gangs for volume and criminal botnet methods of its spam. “Tulip Labs” appears to be the source of HerbalKing’s herbal remedy products. The main operation may be run out of New Zealand or Australia by long-time spamming brothers Lance & Shane Atkinson. (see: http://www.geekzone.co.nz/juha/2237 )
There are hundreds of SBL listings related to HerbalKing but some may not be linked to this ROKSO due to the tremendous number of identities and domains used by the program. Lists of domains should be considered examples of that abuse of domain name space, not comprehensive lists of their registrations.
Read more at the FTC’s web site; the NY Times; and the ars technica web site.
Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.
Sphere: Related Content
Subscribe to the comments for this postApple’s MobileMe: A New Spammer Resource
Users of, that is, subscribers to, Apple’s MobileMe service have found themselves getting more spam than usual, as well as some “phishing” scams aimed directly at them. And spammers are getting fewer bouncebacks.
The problem lies in the iDisk online file storage service every subscriber is provided with. The service comes with a “public” folder which cannot be hidden or deleted. Every public folder starts with the address http://idisk.mac.com/ and then it’s followed by their username and “-Public”. A programmer can write code to automatically generate random user names using words and names straight out of a digital dictionary.
“Why do this with iDisk’s public folder space?”, you ask.
iDisk: A Sample Public Folder
The username associated with a public iDisk folder is also the first half of their email address assigned to them with the MobileMe service. The second half of their address is either @me.com or @mac.com. This hack allows a spammer to determine the validity of email address. Any http://idisk.mac.com/username-Public address that doesn’t result in a “Account Error: Inactive” message — as the link above probably will — means that they’ve found a legitimate account. A legitimate account would come up with a page as shown in the picture at right.
Furthermore, if the public folder shows that there are files stored in that location, as the sample picture shows, a spammer could tailor a message referring to that file in an effort to get the user to reply and reveal personal information.
Imagine if you used this service: You upload some of your files or photos to it, and then, a few days or weeks later you get an email mentioning one or more of your files by name. If you hadn’t thought about your “public folder” being “public”, you might take the message very seriously. Even more so if the sender claimed to represent Apple. (Of course that spammer would be breaking the law by falsely identifying themselves. See my article “Spammers Get CANned”.)
Anyone Can See The Files?
Anyone can see or read the names of your public files, assuming they find your public folder, but they won’t be able to access, open, or download them unless they take a guess at your login information, too; so make sure you use a good password and not your birthday or pet’s name. They can’t upload anything to your folder either, unless they figure out your login info.
Simply said, Apple’s MobileMe iDisk service gives spammers a handy way to determine valid email addresses, so they get fewer, if any, bouncebacks and undeliverable messages. The names of files stored on iDisk could be used to make the spammer or phishers message appear legitimate.
Phishing. For those unfamiliar with this term, simply stated, it is an email message designed to get the recipient to reveal personal information such as account numbers or login information. The sender poses as well-known service or someone offering an enticement to respond. Popular targets have been eBay, PayPal, and online banking users.
In the iDisk problem discussed here, the phisher can determine if a username and email address exists. Furthermore, If the account owner stores files publicly on the service, the names of files can be referred to in a phishers email message to shore up their credibility.
Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form. I’m looking forward to hearing from you.
Justice Department Charges 11 in ID Theft Scheme
The US Department of Justice filed charges against 11 individuals in what is believed to be one of the largest Identity Theft cases ever prosecuted in the United States. (US DoJ Press Release) The crimes involve the theft and sale of over 40 million credit card and debit card numbers from 9 major retailers and other smaller outlets between 2003 and 2008.
Three are U.S. citizens, five are from eastern Europe (Estonia, Belarus, and the Ukraine), and two from China. The final member of the ring is known only by an alias, Delpiero, and their country of origin is unknown.
Of the three U.S. citizens — Albert “Segvec” Gonzalez, Christopher Scott, and Damon Patrick Toey, all from Miami — Gonzalez faces a possible life sentence in prison due to an earlier arrest in 2003 on similar charges. Gonzalez has been in held in a New York prison since May 2008 on related charges. Another member of the ring has been held in Turkey since June 2007.
Three Seperate Cases Combine
The case began as three seperate investigations in California, New York, and Massachusetts, but eventually it was coordinated once it became apparent that the same people were involved in all three cases.
The current indictment alleges the thieves hacked wireless retail networks of TJX Companies, BJ’s Wholesale Club, OfficeMax, Boston Market, Barnes & Noble, Sports Authority, and DSW, among others. Once in, they would install software to capture account information and passwords. All told they gained access to over 40 million credit and debit card numbers from 2003 to 2008. They stored the information in servers in the US and Europe, and sold some account information to other criminals.
Lax Security Measures
Investigators from the FTC have charged many retailers for lax security measures for protecting consumer information. BJ’s Wholesale Club settled charges in 2005 that it failed to take appropiate measures to protect customer account information.
Shoe discounter, DSW, also settled similar charges in 2005 after a reported security breach in 2004.
The T.J. Maxx and Marshalls stores reported their data theft of over 45 million credit and debit card numbers in January 2007.
The retailer, which offers designer-label clothes and home goods at discounted prices, in March settled a complaint with the Federal Trade Commission. Under the agreement, TJX must start an information-security program and undergo an external audit every other year for 20 years.
TJX also settled related claims by Visa Inc. and MasterCard Inc. In April. The retailer agreed to pay as much as $24 million to cover costs incurred by banks that issue MasterCards.
“We have worked very closely with law enforcement authorities as they conducted an extensive international investigation into this complex crime,” TJX spokeswoman Sherry Lang said in an e-mailed statement. “The sheer number of retailers attacked by these cyber-criminals demonstrates the much broader challenges in protecting sensitive consumer data from this increasing threat.”
