Tag Archive for Spam

33 percent of all spam ended yesterday

Sort of….

The FTC (Federal trade Commission) won a preliminary legal victory against the world’s largest spam gang  by persuading a Chicago Federal court to freeze the gangs assets and to order their spam network shutdown.

The spam gang, known by spamfighting agencies as HerbalKIng, had a networks of 35,000 computers which which could send out 10 billion spam messages a day.  Many of these computers were owned by people who didn’t know their computers had been remotely commandeered to send email on behalf of the spammers.  The network had ties in the United States, China, India, New Zealand, and Australia. The network was referred to as the “Mega-D Botnet”.

If you’re unfamiliar with the term “botnet, here’s an explanationation from SearchSecurity.com:

A botnet (also known as a zombie army) is a number of Internet computers that, although their owners are unaware of it, have been set up to forward transmissions (including spam or viruses) to other computers on the Internet. Any such computer is referred to as a zombie – in effect, a computer “robot” or “bot” that serves the wishes of some master spam or virus originator. Most computers compromised in this way are home-based. According to a report from Russian-based Kaspersky Labs, botnets — not spam, viruses, or worms — currently pose the biggest threat to the Internet. A report from Symantec came to a similar conclusion.

The network was purportedly responsible for a third of all spam at one point, and had been collecting $400,000 in Visa charges in one month.

The spammers had been sending messages hawking various pharmaceuticals and male-enhancement drugs. The charges brought against them are more than just spamming counts, but the charges also include making false claims about their product, selling pharmaceuticals without a prescriptions or doctor’s intructions, and selling drugs from countries such as Indie which aren’t regulated or approved for sale in the US.  Many of the drugs being sold had harmful side effects.

The FTC’s investigation aginst this organization had been ongoing for over 2 years.

Here’s a bio about HerbalKing from Spamhous spamfighting organization:

HerbalKing is a massive affiliate style spam program for snakeoil Body Part Enhancement scams (penis enlargement). It has also done spam campaigns for replica luxury goods, pharma (counterfeit pills) and porn. Spam arrives via botnets with spamvertised sites on “bulletproof” hosting offshore, particularly in China. The group also uses fast-flux hosting, running sites on hacked botnet PCs.

HerbalKing, with connections to India (possibly due to pharmaceutical supplies), rivals the traditional Eastern European spam gangs for volume and criminal botnet methods of its spam. “Tulip Labs” appears to be the source of HerbalKing’s herbal remedy products. The main operation may be run out of New Zealand or Australia by long-time spamming brothers Lance & Shane Atkinson. (see: http://www.geekzone.co.nz/juha/2237 )

There are hundreds of SBL listings related to HerbalKing but some may not be linked to this ROKSO due to the tremendous number of identities and domains used by the program. Lists of domains should be considered examples of that abuse of domain name space, not comprehensive lists of their registrations.

Read more at the FTC‘s web site; the NY Times; and the ars technica web site.

Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.

Share

Apple’s MobileMe: A New Spammer Resource

Users of, that is, subscribers to, Apple’s MobileMe service have found themselves getting more spam than usual, as well as some “phishing” scams aimed directly at them.  And spammers are getting fewer bouncebacks.

The problem lies in the iDisk online file storage service every subscriber is provided with. The service comes with a “public” folder which cannot be hidden or deleted. Every public folder starts with the address http://idisk.mac.com/ and then it’s followed by their username and “-Public”. A programmer can write code to automatically generate random user names using words and names straight out of a digital dictionary.

“Why do this with iDisk’s public folder space?”, you ask.

iDisk: A Sample Public Folder

iDisk: A Sample Public Folder

The username associated with a public iDisk folder is also the first half of their email address assigned to them with the MobileMe service.  The second half of their address is either @me.com or @mac.com.  This hack allows a spammer to determine the validity of email address. Any http://idisk.mac.com/username-Public address that doesn’t result in a “Account Error: Inactive” message — as the link above probably will — means that they’ve found a legitimate account. A legitimate account would come up with a page as shown in the picture at right.

Furthermore, if the public folder shows that there are files stored in that location, as the sample picture shows, a spammer could tailor a message referring to that file in an effort to get the user to reply and reveal personal information.

Imagine if you used this service: You upload some of your files or photos to it, and then, a few days or weeks later you get an email mentioning one or more of your files by name. If you hadn’t thought about your “public folder” being “public”, you might take the message very seriously. Even more so if the sender claimed to represent Apple. (Of course that spammer would be breaking the law by falsely identifying themselves. See my article “Spammers Get CANned”.)

Anyone Can See The Files?

Anyone can see or read the names of your public files, assuming they find your public folder, but they won’t be able to access, open, or download them unless they take a guess at your login information, too; so make sure you use a good password and not your birthday or pet’s name.  They can’t upload anything to your folder either, unless they figure out your login info.

Simply said, Apple’s MobileMe iDisk service gives spammers a handy way to determine valid email addresses, so they get fewer, if any, bouncebacks and undeliverable messages. The names of files stored on iDisk could be used to make the spammer or phishers message appear legitimate.

Phishing. For those unfamiliar with this term, simply stated, it is an email message designed to get the recipient to reveal personal information such as account numbers or login information. The sender poses as well-known service or someone offering an enticement to respond. Popular targets have been eBay, PayPal, and online banking users.

In the iDisk problem discussed here, the phisher can determine if a username and email address exists. Furthermore, If the account owner stores files publicly on the service, the names of files can be referred to in a phishers email message to shore up their credibility.

Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form. I’m looking forward to hearing from you.


Share

I’m Fighting Acai Berry Spam Today

Clarifying the
Meaning of Spam

The term spam refers to email that has the purpose of promoting and selling a product or service. Furthermore, the email message has to be from an organization or individual that you didn’t request information from, nor did you tell them that it was okay to contact you. The FTC defines spam as “unsolicited commercial email” or “UCE” for short. If you tell a company it’s okay to send you email, then that applies to all email from that company unless otherwise specified.

FTC Law, Commercial Email:
CAN SPAM ACT 2003

  • Bans false or misleading ‘Header’ information. The “From” and “To” info must be accurate.
  • Prohibits deceptive “Subject” lines. The subject must match the content of the message.
  • Message must have an “opt out” or “unsubscribe” method. The link must
    be good for 30 days, and must be honored in 3 business days. (Previously 10 days
    was the allowance, but this changed in July 2008)
  • Message must list a legitimate physical address. The sender cannot register the address under an assumed name either.
  • Message must clearly state that it is an advertisement.

Update and Clarification (May 6, 2009):  This post is about spam in general, using Acai Berry spam as an example. I aim to (1)  illustrate that sometimes email addresses and web site addresses don’t match; and that when WHOIS is used, one may often find that they might not belong to the same person or organization. That should be a warning as to the legitimacy of the email message (or the site). Some readers have focused more on the email aspect of spam, but (2) much spam directs you to a web site. As some commenters have pointed out: email addresses can be spoofed, and tracking an email can be very difficult, BUT it is my opinion that web sites can be easier to track. (Read my “Spam Fighting Update”).

The original article begins here:

I hate spam.

I mean I really hate spam.  I don’t just delete it, I report it. I send it to the FTC’s spam@uce.gov email address so they can record it. If I get really bothered about it, I contact the company that registered the name for the owner of the email address and let them know that someone is using their service for spamming.  A lot of decent companies don’t like to hear about that.  It can hurt their law abiding users. How’d you like to learn that your emails don’t go through because someone on the same service as you was spamming, and getting everyone else blocked because of it?

For about two weeks now I’ve been receiving emails claiming to be from the “American Health Association” telling me how to lose weight with various products made from Acai Berries. After clicking unsubscribe links (when available) and deleting, I began to “get testy” when they continued rolling in. So I started fighting back.

The Law Is On Our Side

Let’s see what laws and such are on my side and yours here.

  1. Web and email addresses have to be registered to an owner or registrant. It is illegal to do so under an assumed name.
  2. Commercial messages (they wanted me to buy these berry products) must by law contain truthful addressing info both in email and in the physical world. And, once more, no assumed names are allowed. A physical address must be included.
  3. Many other nations have teamed up with the US to fight spam, so even if these spammers aren’t in the US, the country they live in may work with the US to fight spam.
  4. Many reputable internet and email services will not allow their clients to use their systems for the delivery of spam.

How did I fight back?

The Registrant / Owner of the Email Address. If the message was from the “American Health Association” then its email address — according to my Google search — would be either “@ahahealth.com” or “@americanhealthfoundation.com”.

Instead the email addresses pointed to ”@brightbat.com” and “@prodemosite.com” among others. So there’s an FTC violation for false or misleading header information.

Want to know the registrant/owner of an “@whatever.com” address? Just go to Google and search for “whois whatever.com”. There’s no space in whois, and don’t include the quotation marks either. So I did a search for whois brightbat.com and whois prodemosite.com. Both came up with private or anonymous listings, they were both registered through the same service and one was registered just yesterday (a one day old address) and the other was registered in mid July.  Go to Google and try searching for them yourself. Oh, heck, here’s the direct link to brightbat’s listing and here’s prodemosite.

Also, the addresses were registered through a company in the UK, and the UK works with the US to fight spammers.

I contacted the private registration service, PrivacyProtect.org, and reported the owners of these two addresses. Privacy Protect will reveal the registry information if they deem it appropriate. I let them know the owners of these addresses were sending spam messages in violation of the provisions of the FTC’s CAN SPAM Act. I also forwarded copies of the emails to them at abuse @ privacyprotect.org.

What Other Violations Were In Those Emails?

You can follow along with the violations by taking a look at the legal requirements for commercial email messages listed in the yellow box at right. Several people have received up to three or more years in jail for violating these laws.

Back to the Acai berry violations:

  1. Along with the misleading email names (claiming to be the AHA when they weren’t), they also
  2. failed to mention the messages were advertising
  3. failed to include a postal address
  4. In several cases they failed to include an unsubscribe link, and in some cases the link didn’t work. All violations.

What Else Did I Learn?

The people at PowerSupplements, a manufacturer of Acai berry products wasn’t to thrilled to hear about the Acai berry spam. That was according to a report at SpamFighter.com, a provider of spam filtering software at www.spamfighter.com.

So if you decide you’d like to join the fight against spam you can follow my lead.

  1. Look for the same violations I looked out for.
  2. Forward spam to the FTC at spam@uce.gov.  (UCE stands for unsolicited commercial email).
  3. Want to go the extra mile? Go to Google, and do a whois search on the email address it came from.  Just use the part of the address that comes after the @ symbol, don’t use the whole address. Then find out where the reistered the address. For example, whois brightbat.com. Then find out who the registrar is and let them know a user of their service is sending out spam.

If anyone has a question, please email them to me using the Contact link, or, if it relates to today’s message, please use the Comment and Question link below. Follow me on Twitter. I’m looking forward to hearing from you.


Share