A Weblog About Topics and Issues Discussed in the Book Spam Kings by Brian McWilliams

� September 2005 | Main | November 2005 �

October 27, 2005

Microsoft's decoy zombie

Microsoft said it has filed "John Doe" lawsuits against the operators of 13 spam organizations that use illegal "zombie" computers to send their spam. The company held a press conference today with officials from the Federal Trade Commission to announce the lawsuits, filed in Washington State's King Country court on August 17.

Microsoft tracked down the spam operations by intentionally infecting a PC with some malicious code known to turn unprotected computers into zombies. (Tim Cranton, director of Microsoft’s Internet Safety Enforcement programs, explained the process (mp3 audio) at the news conference in Washington, D.C. today.)

The company said that within 20 days, the PC received more than 5 million connections that resulted in requests to send 18 million spam e-mails. These requests contained advertisements for more than 13,000 unique domains. (Microsoft said it "cordoned off" its zombie to prevent it from actually sending out any spams.)

"Honey pot" or "spam trap" email accounts are often created by ISPs and law enforcement to keep tabs on spam operations. But Microsoft's decoy zombie will give it a new perspective on spammers.

zombie.jpgArmed with the information gained from this zombie, Microsoft is going to use subpoenas and other discovery tools to find out who's behind the IP addresses used to send spamming requests to the quarantined zombie, along with the identities of the operators of the Web sites advertised in the spam.

If I'm reading the King County court docket correctly, one of those subpoenas has already gone out to cable-Internet provider Adelphia Communications.

Microsoft said it hopes to amend the lawsuits in the coming months to name the actual spammers who used its decoy zombie.

Posted by Brian at 10:34 AM | Comments (2)

October 21, 2005

Smith violates pre-trial release

Christopher Smith ("Rizler") is back in federal custody after violating the terms of his pre-trial release.

smith signatureSmith had been under house arrest since late August, while awaiting trial over charges in connection with running illegal online pharmacies. As a condition of Smith's release, U.S. District Court Judge Michael J. Davis had assigned Smith to a halfway house in Minneapolis where he was to wear an electronic monitoring device.

Court papers don't go into the specifics of how Smith violated the release, but on September 21 prosecutors asked the court to issue a warrant for Smith's arrest. The following day, Smith was picked up by the U.S. Marshals Service. Following a hearing a week later, Judge Davis revoked the house arrest and ordered Smith remanded into custody of the U.S. Marshal Service until his trial.

Smith may have a long wait ahead of him. This week, the judge set the date of Smith's trial for October 2006.

Meanwhile, prosecutors obtained and executed a search warrant at the offices of Five9, Inc., a VoIP callcenter operation in Pleasanton, CA that apparently provided service to Smith's company, XpressRX.com.

The FBI is also apparently still assembling physical evidence. According to court records, the latest Smith possessions obtained under warrants include "a black TravelPro suitcase; a black computer bag containing a Sony Vaio laptop computer; a red mesh duffle bag appearing to primarily contain scuba gear; a white, carry-on bag; and packages wrapped like gifts."

Posted by Brian at 2:53 PM | Comments (2)

419 is just a game

i go chop your dollar album cover Here's what efforts to fight 419 fraud are up against. An article in yesterday's LA Times describes the disdain young cyber-scammers in Nigeria feel for their gullible (and mostly American) prey.

While the Nigerian government is trying to crack down on the problem, pop culture in Nigeria seems to glamorize ripping off so-called maghas (Yoruba slang for fools).

Check out the lyrics of "I Go Chop Your Dollar," a tune released this summer by actor/comedian Nkem Owoh (popularly known as Osuofia):

"419 is just a game, you are the losers, we are the winners. White people are greedy, I can say they are greedy. White men, I will eat your dollars, will take your money and disappear. 419 is just a game, we are the masters, you are the losers."

The song appears to be from a movie starring Owoh called "The Master." You can order the soundtrack online.

You can download a short excerpt (MP3) of "I Go Chop Your Dollar" here.

[Update: a copy of Owoh's music video is available in QuickTime format here (16.9 Mb). Thanks Justin!]

Posted by Brian at 11:05 AM | Comments (2)

October 19, 2005

Hotmail still home of the 419

Four different 419 fraud spams ("Dear Sir/Madam, I know this email will reach you as a surprise ..." etc. etc. ) made it through Brightmail's spam filters to me this evening. All were sent from MSN Hotmail accounts. The headers showed a variety of originating-IP addresses in Nigeria.

red_cuffs.jpgI wonder if the Internet cafes in places like Lagos have picked up word yet about the new alliance between Microsoft and Nigeria's Economic and Financial Crimes Commission (EFCC), not to mention the recently proposed law to make spam fraud punishable by 5-year jail sentences.

Fact is, Microsoft's Hotmail has lately been a hotbed of such scammers.

To compound the problem, some people have apparently run into problems reporting the Nigerian spams to Microsoft. In some cases, a spam filter on the abuse@hotmail.com address has kicked back spam reports. Other people report that Hotmail's abuse handlers frequently (and wrongly) deny responsibility for outbound 419 spams.

Earlier this month, I received an email from a U.S. Army system administrator frustrated over Hotmail's unresponsiveness to 419 spam reports. The admin, who supports 800-plus machines for a branch of U.S. Army Central Command in southwest Asia, said the problem has made him want to firewall off all email from Microsoft's networks. Quoth the admin, "Personally, I'd rather have surgery done with a heated spoon than to permit their traffic anywhere near our networks."

Posted by Brian at 10:58 PM | Comments (2)

October 11, 2005

"BadCow" spammers must pay $37 million

mailien logoThe attorney general of Massachusetts today put out a press release announcing a court ruling in the May 2005 lawsuit against spam king Leo Kuvayev.

According to AG Thomas Reilly, a superior court judge has shut down of "dozens of illegal websites" and ordered Kuvayev to pay $37 million in civil penalties.

No word in the press release about how the AG intends to collect the money from Kuvayev, who appears to have fled the US to Russia.

While Kuvayev's BadCow spam affiliate program may have bit the dust, this doesn't seem to be the end of Kuvayev's career as a spammer. Bad Cow has apparently re-emerged with the cute name Mailien. (Notice how mailien.org looks code-for-code an awful lot like badcow.org?)

There are still plenty of reports of spam from Kuvayev advertising illegal drug sites, blackmarket software, and even e-books for forlorn romantics.

No surprise that Kuvayev is still listed as one of the top ten spammers in the world.

Posted by Brian at 3:56 PM | Comments (1)

October 5, 2005

Walter Rines hit with FTC spyware lawsuit

Walter Rines Walt Rines, like his former partner and spam king Sanford Wallace, is on the receiving end of a spyware lawsuit from the Federal Trade Commission.

Late last month, the FTC sued Rines and his company Odysseus Marketing in federal court in New Hampshire. The FTC announced the lawsuit today.

Rines told MSNBC.com today that he's innocent. "I have not done anything wrong nor broken any of the laws they are claiming," said Rines.

That's essentially what Rines told me two years ago when I did a story about him and his spyware operation for New Hampshire Public Radio.

At the time, Rines said a disclaimer at Kazanon.com, the main site where he was distributing his Trojan horse program, acknowledged that "adware" was being installed on users' computers. He admitted that he was operating in a legal "grey area."

The Kazanon.com site currently appears to be unavailable, but there's an archived version online, where you can read Kazanon's Terms of Use. Excerpt:

"User hereby understands and gives permission for application and/or any associated components to alter applications, files, and/or data so as to display information and/or marketing messages, including but not limited to file sharing applications, media viewers, and/or player applications."

The FTC hired SANS instructor Eric Cole to analyze Clientman, the core spyware program distributed by Rines. In an 18-page declaration (PDF) dated September 15, 2005, Cole concluded that "Kazanon’s main function, if not its only function, is to load spyware, adware, and other software onto the computer without the computer user’s knowledge or authorization."

The FTC wants the court to shut down Rines' company and strip him of his "ill-gotten revenues." The FTC has also asked for a temporary restraining order to be issued. A hearing on the TRO is set for tomorrow.

Posted by Brian at 1:48 PM

October 4, 2005

Spam Queen renounces her throne

OK, I'll bite. Self-proclaimed spam queen Laura Betterly put out a press release today.

The oft-quoted Betterly, who recently boasted of making millions of dollars from spamming, now claims that she and her new Florida company, In Touch Media Group Inc., have sworn off email marketing. Laura Betterly

"Bulk commercial e-mail has gotten to the point where it isn’t effective. We just don’t do it anymore. What’s the point? It doesn’t get a response, and we found people are overloaded with advertising messages and no longer willing to receive more, especially in their inbox, unless they specifically asked for it,” she says in the PR. (She goes into the subject in great detail on her blog.)

These days, Betterly is focusing instead on "a combination of market research, design, search engine marketing, ... search engine publicity and sites like the recently launched www.pixelbay.org that drive traffic directly to her clients sites."

Be that as it may, Betterly is still listed on the Spamhaus register of the world's biggest spammers, as well as on the SPEWS spam blacklist.

Maybe this PR is an attempt to get the spam blacklists to reconsider. Or maybe Betterly and her chairman Robert Cefail are trying to pump some life into their company's stock.

Posted by Brian at 7:46 PM | Comments (3)

October 3, 2005


A brief article in one of my local papers underscores the risks of stock tips that arrive via spam.

The article reports on an experiment by Joshua Cyr, a New Hampshire web developer. Cyr set up a site to track the value of 37 penny stocks touted in spams he received early this past summer.

Cyr's site apparently pulls live stock-price data from Yahoo, and computes the gain or loss on each stock, assuming someone had bought 1,000 shares.

While five of the stocks have shown gains, the rest have more or less tanked. So far, Cyr's hypothetical investment of $17,405.00 would have netted him a net loss of around $8,200.

While SpamStockTracker.com may serve as a valuable lesson to would-be spammed-stock investors, there's a conflicting message. Cyr has added a Google Adsense section to his site that funnels visitors into sites offering "1000% profit Penny Stocks" and "Stock Picks - Made 50% in 2 Weeks."

Posted by Brian at 11:45 AM | Comments (4)

Weblog authors are solely responsible for the content and accuracy of their weblogs, including opinions they express,
and O’Reilly Media, Inc., disclaims any and all liability for that content, its accuracy, and opinions it may contain.

All trademarks and registered trademarks appearing on spamkings.oreilly.com are the property of their respective owners.

O'Reilly Home | Privacy Policy

© 2004 O'Reilly Media, Inc.
For assistance with this site, email: