A Weblog About Topics and Issues Discussed in the Book Spam Kings by Brian McWilliams

� December 2004 | Main | February 2005 �

January 31, 2005

Photoshop site hosts phishing scam

Usually, phishing scam artists stage their look-alike sites on obscure servers in the Far East or on hacked home PCs. But this morning, one phishing gang used a much more high-profile site to host their rip-off files: the home page of Photoshop World, a trade show put on by the National Association of Photoshop Professionals.

I received an email this morning claiming to be from Washington Mutual. It said that the bank wanted to give me a "special cupon" (sic) good for over 15,000 shops. To receive my coupon, I needed to log in to my account at Wamu.com, according to the email.

If you clicked the login link in the email, it actually took you to this page: http://photoshopworld.com/sessions/.wamu/index.html. The source code of the page there revealed it was copied from the official Wamu.com log-in page. (Sure looked like the real thing. Here is a screen grab.)

I'm sure I wasn't the only person to report the scam. But the bogus page stayed online for about five hours. (Right now, you'll get a Not Found error.)

Posted by Brian at 12:16 PM

January 27, 2005

Spamware at Download.com

Several sneaky vendors of spam-sending software have managed to get their wares listed at the popular software distribution site, Download.com.

Alert readers of the SPAM-L mailing list have noticed numerous spamware programs currently available for free download, including LegalSender (formerly GhostSender), the developer of which boasts that the program is "a bulker's dream come true" and is "totally anonymous."

There's also the ever-popular StealthMail Master program, which "uses special proxies for anonymity" according to the description at Download.com.

Now, it's true that not all bulk email software is spamware. Download.com offers a number of legitimate programs conceivably useful for distributing newsletters, discussion lists, etc. But there's one good tell-tale sign of spamware: a built in SMTP server.

Easy Mass Mailer, available at Download.com, comes with its own SMTP and DNS servers -- presumably so your ISP won't know you are spamming. Speed Send Mailer, Advanced Mass Sender, and Mass eMailer also conveniently include built-in SMTP servers.

Judging from the messages coming across SPAM-L, Download.com is aware of the situation and trying to deal with it. Last week, auctions for e-mail lists and spamware were discovered -- and later removed from -- the eBay auction site.

Posted by Brian at 10:59 PM

Beware of cheap imitations

SpamCop beware logo When Microsoft announced last December that it was acquiring Giant Software Inc., some fans of the popular SpamCop.net spam-reporting service openly began to fret.

They knew about Giant from a copycat site called SpamCop.com. For years, the mysterious operators of SpamCop.com capitalized on misdirected SpamCop.net traffic by advertising Giant's Spam Inspector software on the front page of SpamCop.com. Julian Haight, who founded SpamCop.net in 1998, at one point took to posting a message at his site advising visitors to "beware of cheap imitations."

So, when Giant Software fell into Microsoft's hands, some SpamCop.net users feared that Microsoft would take over the deceit and use SpamCop.com to "embrace, extend, and extinguish" the venerable SpamCop.net.

No worries, says Haight. By email, he told us this week that Giant Software apparently doesn't own SpamCop.com. In fact, the Spam Inspector ads disappeared from the site months before Microsoft's deal for Giant.

The domain registration is ambiguous, but SpamCop.com is likely still operated by Dave Lahoti, who has a history of cybersquatting on sound-alike domains.

Posted by Brian at 9:35 AM

January 25, 2005

Spam Kings at Inkwell.vue

inkwell This Friday (January 28), I'm starting a two-week engagement as the featured guest author at Inkwell.vue, an online forum for discussions with "authors, artists and creative thinkers" at The WELL.

In the interview, I'll be answering questions about Spam Kings, spammers, and the junk email problem in general. The forum is open to the public, so even if you're not a WELL member, you can still view the site and submit questions via email to the conference hosts.

Hope to see you at Inkwell.vue!

Posted by Brian at 1:18 PM

January 24, 2005

AOL discontinuing newsgroup service

UPDATE: I have a more detailed story about this historic milestone up at BetaNews.com.

The world's biggest ISP is cutting off direct access to one of the coolest things about the Internet, the birthplace of spam, and the home of Nanae.

America Online says it will no longer provide subscribers with access to Usenet newsgroups. When you visit keyword "newsgroups" while signed on to the service, a pop-up appears with the following message:

Please Note: The AOL Newsgroup service will be discontinued in early 2005.
For members using AOL over a dial-up connection, you will no longer be able to access Newsgroups. If you have a separate high-speed connection, you can contact your broadband provider to see if they offer Newsgroups. Newsgroup services can often be accessed through a third party reader, such as Mozilla Thunderbird (http://www.mozilla.org/projects/thunderbird/).
Alternatively, you can access Newsgroups via Google at http://groups.google.com/.
We apologize for this inconvenience.

(According to this announcement, the shut off will occur in February.)

I guess AOL couldn't figure out a good way to "monetize" its newsgroup feed (aside from the little banner ads that appear on the main Read My Newsgroups window). AOL's built-in newsgroup reader was really quite poor compared to some of the standalone programs available. While it's true that AOL members can still get access to their newsgroups via Google Groups, the recent re-design of that service has not exactly been greeted with cheers.

Think other big ISPs will follow suit?

Posted by Brian at 3:47 PM | Comments (4)

Fighting Dr. Fatburn

Another item for those who enjoy learning how their sausage gets made. Here's an audio file of an April 7, 2003 court hearing in Anne Arundel County district court in Glen Burnie, Maryland.
Dr Fatburn
The hearing is part of the Spam Kings story of George Alan Moore, a diet-pills spammer who also went by the name "Dr. Fatburn." Chapter 8 of the book chronicles the battle between Dr Fatburn and an anti-spammer named Francis Uy, who published a web page that included the contact information of several spammers, including Moore.francis uy

At the hearing, Moore unsuccessfully tried to convince a judge that Uy was inciting others to harass him, and that the court should order Uy to remove the web page. The case touched off a heated discussion about the privacy rights of spammers at the Slashdot site.

(There are also a couple news reports about the incident here and here.)

The hearing lasted approximately 1 hr 54 minutes. Warning: that download is a hefty, 14.7 mb MP3 file. To "stream" the audio (listen while it downloads), click this link instead.

Posted by Brian at 12:54 PM

January 22, 2005

Readers respond to Microsoft spam story

Salon.com readers wrote some interesting letters in response to my recent piece about Microsoft's role in the war on spam.

(I must disagree with the first one, however. The article doesn't blame Microsoft for originally creating the spam problem. Instead, it said the company is arguably responsible for the current state of affairs.)

One reader asks whether Microsoft's numerous lawsuits against spammers are effectively SLAPP suits (Strategic Lawsuits Against Public Participation). If so, it would be ironic.

Meanwhile, Microsoft's new anti-spyware tool gets a negative review in a piece Friday from AP technology writer Matthew Fordahl.

Posted by Brian at 8:20 PM

January 21, 2005

A plan for spam folders


This article at O'Reilly Network visits the topic I covered during my presentation at the MIT Spam Conference today. I argue that although content-based spam filters are approaching 100% accuracy, they can never totally eliminate the spam problem. The reason has to do with consumer behavior and a design element indispensable to most junk email filters: the spam folder. (I'll try to provide more info about the conference, which was chock full of interesting presentations, soon.)

Posted by Brian at 8:06 PM | Comments (5)

January 19, 2005

Microsoft: the axis of inertia on spam?

Bill Gates

Salon has my new article, How Microsoft is losing the war on spam. It looks at whether the company can deliver on Bill Gates' prediction that junk email will be history in 2006. Excerpt:

According to many experts, Microsoft remains as much the root of the spam problem as the key to solving it.
Most junk e-mail today emanates from Windows computers that spammers have hijacked and turned into spam "zombies" using security holes in Microsoft's operating system. What's more, Microsoft is blamed for wrecking efforts this past summer to create e-mail authentication standards. The company also stands accused of trying to neuter state anti-spam laws. And Microsoft has yet to win a lawsuit against a major spammer.

As I report in the article, Microsoft says there's no silver bullet to solving the spam problem. But the folks I interviewed said Microsoft should stop worrying about what's good for its business, and concentrate instead on what's best for the Internet as a whole.

(Yes, I know. Salon's ads are extremely annoying. But they help pay the bills, and you can avoid them by becoming a premium member.)

Posted by Brian at 9:13 AM

January 18, 2005

Spam Conference

Spam Conference logo

I'm giving a presentation this Friday at the 3rd annual MIT Spam Conference. I originally planned to talk about some of the things I learned about spammers while researching Spam Kings. Maybe I'll still get into that a bit.

But then I decided the conference might be a good place to air out some thoughts I've had about how spam folders may evolve in the future.

So, my talk is entitled, "A plan for spam folders: Why filters will never totally eradicate junk email." (Yes, it's a riff on the influential paper that conference organizer Paul Graham released a couple years ago.)

I'll also be publishing an article on the topic at O'Reilly Network later this week.

Posted by Brian at 10:20 PM

January 17, 2005

When spammers sue anti-spammers

Nice words today about Spam Kings from Mike Masnick, who runs Techdirt.com:

I just finished reading Brian McWilliams' fascinating Spam Kings book, which follows a group of spammers and anti-spammers over a period of a few years. It's incredibly revealing about the types of folks on both side of the equation, and shows some of the ongoing legal threats each side throws at each other.

Mike's comments came as an intro to a piece about the lawsuit filed last August against an anti-spammer named Jay Stuler by Atriks, a bulk email operation run by Brian Haberstroh.

In a nutshell, Atriks accuses Stuler of tortuous interference and defamation. The lawsuit claims Stuler commited those crimes when he reported Atriks for spamming. (Here's what Spamhaus.org has to say about my New Hampshire neighbors Atriks and Mr. Haberstroh.)

Posted by Brian at 2:47 PM

January 14, 2005

Syngress: "We don't buy from spammers"

Syngress Publishing has issued the following statement about the ad banner that recently appeared at the SpecialHam.com spammer forum:

"Neither Syngress nor any of our associates sponsored the banner ad on SpecialHam.com in any way, shape, or form. We were completely unaware that it existed before seeing mention of it in your article. We are currently doing everything possible to have the banner removed. We do not in any way condone the spam trade and absolutely none of our marketing efforts or dollars are going towards any Web site, magazine, group, etc to support the spam trade or to entice them to buy our book."

It's kind of a moot point right now, since SpecialHam.com appears to be down again. (A screen grab of the page showing the banner is here.)

Posted by Brian at 2:43 PM

January 10, 2005

Know your enemies

[See my Jan. 14 update. Syngress says it was not responsible for the ads at SpecialHam.com.]

BetaNews.com just published my latest spam op-ed piece. In it, I discuss my surprise at discovering the newest sponsor of the SpecialHam spammer forum mentioned here last month.

Syngress has bought ad space at SpecialHam to promote Inside the Spam Cartel, a book that's being positioned as "a must read" for anyone trying to secure email against spammers.

As I say in the BetaNews piece, I'm all in favor of the concept of full disclosure. I think it makes absolute sense for anti-spammers to learn about their enemies. I hope to assess the value of the information in Spam Cartel soon. But it strikes me as ethically questionable for Syngress to market the book to spammers, even as it's claiming to serve security professionals.

(Speaking of full disclosure, I should point out that Syngress has a distribution agreement with O'Reilly, the excellent company that published Spam Kings.)

Posted by Brian at 6:33 AM

January 8, 2005

The Incredible Bulk

John Moran has a nice write-up on Spam Kings in the Hartford Courant. I enjoyed reading his reaction to some of the spammer profiles in the book, which he termed "both scary and fascinating":

Though [Davis] Hawke's is the book's best-drawn portrait of a spammer, about a dozen other members of the junk e-mail rogues gallery are also presented.
Some, such as Thomas Cowles and Eddy Marin, seem menacing in their determination to profit from junk e-mail. Others, such as Alan "Dr. Fatburn" Moore and Cajun spammer Ronnie Scelson, seem more like happy-go-lucky types who are playing at a particularly shady but lucrative game. Still others come across as pathetic cranks, including Terri DiSisto, who bulk e-mailed in search of men willing to videotape themselves being tickled.

The article suggests Spam Kings doesn't give enough ink to profiling spam fighters besides Shiksaa and Steve Linford of Spamhaus.org. But I don't think that's true. Many pages are devoted to the stories of spamfighters such as Francis Uy, Rob Mitchell, Kelly Molloy Thompson, and Karen Hoffmann. (Probably too many for the tastes of readers who are spammers!)

Posted by Brian at 11:03 AM

January 7, 2005

A Year of CAN SPAM

John Levine has a brief piece at Circle ID reviewing the first-year performance of CAN-SPAM, the federal law governing junk email.

Levine makes some familiar arguments about how CAN-SPAM's weaknesses outweigh its benefits. He tells a funny anecdote about how a religious organization harvested email addresses off his church's website, and then spammed him. When he complained, the organization "pompously assured me that they complied with the letter and spirit of CAN SPAM."

Levine also notes that the shocking criminal conviction of spammer Jeremy Jaynes took place under Virginia state law, not CAN-SPAM.

To me, the best evidence of CAN-SPAM's weakness is the behavior of big Internet service providers, not their rhetoric.

Back in 2003, Microsoft was one of the Internet heavyweights lobbying for the federal anti-spam law. The company continues to defend CAN-SPAM, even though folks like Levine say it's been a bust.

But look at Microsoft's recent legal moves against spammers. Microsoft has certainly filed its share of CAN-SPAM lawsuits (in July 2004 versus Daniel Lin and Super Viagra Group, for example). But it seems to prefer to deal with spammers under Washington State law and in King County Superior Court, not under CAN-SPAM.

Case in point: the June 2004 lawsuit against Pin Point Media (a.k.a. the Bulk Barn). Or the September 2004 lawsuit against Levon Gillespie, operator of Cheapbulletproof.com. (The pending case against Synergy 6 and Scott Richter is also in Washington Superior Court, but that was filed in December 2003, before CAN-SPAM went into effect.)

Ironically, as Levine notes, CAN SPAM wiped out a lot of more stringent state laws. Fortunately, laws like those in Virginia and Washington are still around.

Posted by Brian at 6:23 PM

January 4, 2005

Tsunami causes Nigerian-spam morph

Clint Swett of the Sacramento Bee has a story today about the latest trend in "Nigerian" scam-spam: so-called "419" con artists are re-writing their messages and using the recent Indian Ocean tsunami as their hook. (The article mentions Spam Kings and includes a couple quotes from me.)

The morphed spam (one example is here) follows the same template as the garden-variety stuff from Nigeria. ("If you help me get several million dollars out of a bank account, I'll give you a percentage. But first, I'll need you to put up some cash to grease the wheels, etc.")

Meanwhile, other fraudsters are reportedly trying to swindle people with spams soliciting donations to bogus tsunami-disaster relief organizations.

Haven't seen such cold-hearted scamming since 9-11.

Posted by Brian at 2:20 PM | Comments (1)

No more exploits from Sanford Wallace

Sanford WallaceIn the spyware case of FTC versus SmartBot.net et al, Spam King Sanford Wallace has agreed to a preliminary injunction.

Under the deal, signed last month, Wallace agreed to remove from his web sites "any software script, code, or other content that exploits the web browser security vulnerabilities referenced in Microsoft Bulletins MS03-032 and MS03-040, or any other web browser security vulnerabilities, to install, download, or deposit onto any computer any software code, program, or content, without the computer users authorization."

Perhaps as a result of the order, the most notorious site controlled by Wallace, default-homepage-network.com, is no longer online. Freevegasclubs.com, one of the sites supporting his new DJ career in Vegas, is still up but doesn't appear to contain exploit code.

The order (a copy of which is here) doesn't mean the end of the FTC's lawsuit against Wallace. Nor has Wallace admitted any wrongdoing or agreed to the FTC's allegations. There's a preliminary pre-trial conference scheduled for January 28.

In the meantime, looks like the FTC will be going over Wallace's finances with a microscope. The order calls for him to release his complete financial records.

For the technical details on how Wallace was allegedly infecting peoples' PCs with spyware, check out this affidavit from Stephen Gribble, a computer science professor at the University of Washington.

Interestingly, one of the affidavits filed in support of the FTC's complaint is from Ari Bluman, an executive with 24/7 Real Media. Wallace had apparently paid 24/7 to run pop-up ads at web sites participating in 24/7's network, including KingofChaos.com and CDMSports.com. But then people starting noticing that Wallace's pop-ups were taking control of visitors' computers, changing their start pages, and opening their CD-ROM drive. (Bluman's affidavit is here.)

Posted by Brian at 8:16 AM

January 3, 2005

Bush will stop spam in 2005?

Bush Salon just published a list of tongue-in-cheek technology predictions for 2005. At the top of the piece is a scenario in which President G.W. Bush earns a spot on Mount Rushmore after putting together an "anti-spam Manhattan Project."

The fine folks at Salon don't predict exactly how Bush's initiative will succeed in stopping all unwanted email. And of course, the idea totally flies in the face of the long-held wisdom that there is no final, ultimate solution to the spam problem (FUSSP).

Then again, a year ago Salon facetiously predicted that the result of the penis-enlargement spam epidemic would be "millions of happy, loving and extremely sexually satisfied couples," and thus the death of pornography in 2004.

Posted by Brian at 3:57 AM | Comments (1)

January 2, 2005

Worst kind of spam? "Mainsleaze"!

The Slashdot site is polling readers about what they consider the worst type of spam. It's just a silly little multiple-choice survey, but corporate marketers might want to take note. When I last checked, the geeks of Slashdot were saying that the worst type of spam is when you "email a company, and they add you to a mailing list."

Such unconfirmed, opt-in stuff from legitimate companies, also referred to as "mainsleaze," was even polling ahead of "malicious, infected spam" and Rolex spam.

Posted by Brian at 6:14 PM

Weblog authors are solely responsible for the content and accuracy of their weblogs, including opinions they e xpress,
and O’Reilly Media, Inc., disclaims any and all liability for that content, its accuracy, and opinions it may contain.

All trademarks and registered trademarks appearing on spamkings.oreilly.com are the property of their respectiv e owners.

O'Reilly Home | Privacy Policy

© 2004 O'Reilly Media, Inc.
For assistance with this site, email: