Spam Dropped Last Week. Are You A Victim?

You may or may not have heard the news last week, but spam traffic dropped by 50 to 70 percent last week after two Internet Service Providers (ISPs) cut off Internet access for hosting company McColo in California last week.

If you’re not familiar with these terms, a hosting company provides computer service and equipment for other companies and individuals. A hosting company typically offers storage service for email and web sites. An ISP provides companies and individuals with access to the Internet.

In last week’s case, McColo, a hosting company with locations in Delaware and California, was providing hosting services to several companies and individuals who used the McColo’s computers to distribute viruses and spyware via spam and harmful web sites. Many of the sites and messages dealt in pharmaceutical drug sales and child pornography. These companies were paying McColo for the use of their computers, and despite the illegal activity McColo ignored it.

McColo’s host computer center in San Jose, CA was connected to the Internet via several Internet Service Providers.  Two of the providers took it upon themselves to deprive McColo of Internet access and shutdown the Internet connection. Within seconds the level of spam traffic worldwide dropped by 50% to 75% according to several spam watchdog services such as Spamhaus.

Consumer Risks: “XP AntiVirus Protection” and “AntiVirus 2009″

If you downloaded either of these two programs then you can probably count yourself among the victims of this incident. “XP AntiVirus Protection” and “AntiVirus 2009″ were fraudulent programs distributed by several companies and individuals who were provided hosting services by McColo.

AntiVirus 2009

XP AntiVirus

Help Yourself, Help Your Computer

If you downloaded either of these programs you should remove them immediately. To do so:

1. Click Start > Conrol Panel
2. Click or double-click “Add/Remove Programs”
3. Locate and click each of these programs on the list and click “Remove”

After removing these programs, go to http://pack.google.com and download, install, and run “PC Tools Spyware Doctor” and “Norton Security Scan” to remove any traces of these programs and the harmful software they may have added to your computer. Users of Lavasoft’s Ad-Aware 2008 software may want to run an additional scan of their system for through cleaning. You may need to scan your system three times to fully clean out these programs.

Click here for more news

Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form.

Subscribe to the comments for this post

Spammers Get Canned

Surprisingly, spammers getting jail time doesn’t get much press, but several major spammers have been put away this past year, and the latest one, a 27 year old Brooklynite, Adam Vitale, was sentenced to 30 months in prison yesterday. 24 to 30 months is the current limit of the Federal CAN SPAM Act of 2003. Yes, that’s the name, CAN SPAM. It stands for “Controlling the Assault of Non-Solicited Pornography and Marketing”.

What is the CAN SPAM Act of 2003?

According to the FTC, the CAN SPAM Act sets the following requirements for commercial (ie sales or promotional) email:

1. It bans false or misleading header information. The email’s “From,” “To,” and routing information - including the originating domain name and email address - must be accurate and identify the person who initiated the email.
2. It prohibits deceptive subject lines. The subject line cannot mislead the recipient about the contents or subject matter of the message.
3. It requires that an email give recipients an opt-out method. The sender must provide a return email address or another Internet-based response mechanism, in the message, that allows a recipient to ask the sender not to send future email messages to that email address. (Recipients have 30 days to opt-out, and senders have 10 business days to comply). (Revision: A revision activated in July 2008 requires the sender complies within 3 business days.)
4. It requires that commercial email be identified as an advertisement and include the sender’s valid physical postal address. Messages must contain clear and conspicuous notice that the message is an advertisement or solicitation and that the recipient can opt out of receiving more commercial email. It also must include a valid physical postal address.

Furthermore, the CAN SPAM Act allows:

1. Each violation of the above is subject to fines of up to $11,000.
2. Deceptive commercial email is subject to laws banning false or misleading advertising.
3. Additional fines are provided for violators who:
   1. “harvest” email addresses from web sites or services that have published a notice prohibiting such activity
   2. generate random email addresses (a dictionary attack) with the intent of “stumbling” across a few genuine email addresses
   3. use software to register for multiple email accounts to send commercial email
   4. relay emails through a computer or network without permission
4. The law allows the Dept. of Justice to seek criminal penalties, including imprisonment, for commercial emailers who do - or conspire to:
   1. Use another computer without authorization to send commercial email from or through it
   2. Use a computer to relay multiple commercial email messages to deceive or mislead recipients or an Internet service about the message’s origin
   3. Falsify header information (see no. 1 up top) in multiple email messages and initiate the transmission of such messages
   4. Register for multiple email accounts or domain names using information that falsifies the identity of the actual registrant
   5. Falsely represent themselves as owners of multiple Internet Protocol addresses that are used to send commercial email messages.

More about Yesterday’s Sentencing

Starting in 2005, the US Secret Service had a confidential informant communicate with Vitale and his partner, Todd Moeller, via instant messaging chats. One of the two young men had already been profiting from spamming stock market scams.

The informant hired the men to promote computer software through their spam activities. This resulted in around 250,000 email messages being sent to 1.2 million AOL subscribers. The emails contained falsified header information, and they were relayed through other computers and internet services without permission.

In June 2006, Vitale and Moeller pled guilty to charges of sending emails in a scheme to bypass spam filters. Moeller was sentenced in Dec. 2007, to 27 months in prison. Both also received 3 years of supervised release, and must each forfeit over $183,000 in illegal gains. Vitale was sentenced on July 15, 2008.

Other Recent Spammer Sentencings and Indictments

• 3/18/2008: Daniel Mascia, 24, of West Haven, CT, pleaded guilty in Hartford to one count of conspiracy to commit fraud in connection with access devices and one count of fraud in connection with electronic mail. The charges relate to a “phishing” and “spamming” scheme that targeted AOL subscribers.
• 3/14/2008: Robert Alan Soloway, 29, pleaded guilty in Seattle to Mail Fraud, Fraud in Connection with Electronic Mail, and Willful Failure to File a Tax Return. Soloway, indicted in May 2007, has been dubbed the “Spam King” by investigators. The most serious charge, mail fraud, is punishable by up to 25 years in prison.
• 1/03/2008: Alan Ralsky, age 52, and ten others, indicted in international illegal spamming and stock fraud scheme.
• 12/04/2007: Min Kim, 24, of Denver, CO was sentenced to 30 to 37 months, instead of 24 to 30, because he kept books tracking his $250,000 in profits. This is the first time that profits were a considerable factor in sentencing and it opens the way for longer sentences in the future.
• 9/17/2007: Joshua Eveloff, 27, receives 6 months, 5 years supervised release, and $9,100 in penalties in San Diego for 3 months of spamming in 2004.

Related Links:

• Department of Justice’s Computer Crime & Intellectual Property Section press releases
• Take Action Against Spam. A useful guide for dealing with and fighting spam provided by the Washington State Office of the Attorney General. Washington State Law allows consumers to sue spammers.
• File A Spam Complaint with the FTC
• United States Secret Services Electronic Crimes Task Force

Post Comments or Questions with the link below. Keep up-to-date with Skylarking: By Email or RSS Newsfeed or on Twitter. You can also send questions with my email form. I’m looking forward to hearing from you.

Subscribe to the comments for this post