« Blog spam from Lycos IP | Main | Leeching off Begg-Smith »
March 1, 2006
Stock spammers stung by Secret Service
I've held off on blogging about the reported arrest last week of spammers Adam Vitale (booking photo below) and Todd Moeller until I could get more facts about the case. I've now got some of the details, thanks to a previously sealed deposition of a U.S. Secret Service agent, which includes some juicy excerpts of instant-message conversations involving the two men.
Vitale and Moeller, part of a spam operation known as g00dfellas, have struck me over the years as low-level, blustering spammers, often accused of ripping off their partners -- in other words, they're hardly "spam kings" as others have called them.
But their arrest is still significant. While Moeller (aka trill) and Vitale (aka Batch1 and n1hustler4life) have sent spam for everything from pills to college diplomas, their big money-maker of late has been stock spams -- one of the most vexing types of spam out there right now.
According to the February 17 complaint, Moeller boasted to a fellow spammer (working for the feds as a confidential informant or CI) that he and Vitale were making $40,000 per week sending spam that touted shares of small-cap stocks -- a practice known as pump-and-dump spamming. The two operated a company called Viatelecom aka Via Telecom LLC to do their stock deals.
In an April, 2005 instant message conversation with the CI, Moeller claimed that he had 40 servers for sending spam, as well as 35,000 "peas" or proxies to disguise the true origin of the spams. He said he exclusively spammed AOL members and boasted he could send millions of spams per hour, with less than 20 percent getting caught in AOL's spam filters.
In July of last year, Vitale contacted the CI and offered to hire him as a "mailer" for stocks. According to court documents, Vitale offered to pay the CI $10,000 if he could "make it move" (increase the stock's sales volume).
But it was anti-spyware software spamming that tripped up the two spammers. It all started in April, 2005, when the CI contacted Moeller to try to hire him to send spam for what the feds called "a "purported computer security product" (later referred to as an anti-spyware program).
After months of wrangling over fees and payments, Moeller finally agreed in August to spam for the CI if he was made a full partner, receiving 50% of proceeds. To get the ball rolling, the CI (actually, it was law enforcement agents) wired $1,500 to Moeller in New Jersey. Soon, Moeller began hammering AOL with spams for the anti-spyware product.
At one point, Moeller boasted that his proxies included AOL systems, which enabled him to "proxy lock the [aol] domain and use the internal smtp." However, AOL has told the Secret Service that "most, if not all" of the spams from Moeller/Vitale were sent using Internet IPs and not from AOL's internal network.
Toward the end of August, Vitale contacted the CI, angry that he was paying Moeller, not him. Vitale claimed he was the one doing the mailing, and that Moeller just created fake email headers. "You don't get it do you dum [expletive deleted]?" said Vitale.
Judging from an assortment of online complaints, Vitale has been involved in numerous cases of partners double-crossing each other.
According to the Secret Service, before the sting was over, AOL's filters had registered a total of 1,277,401 spams from Moeller and Vitale. A review of a small portion of the spams showed they had been sent from 73 unique IP addresses (aka proxies).
In spammer forums, there's speculation that the CI was Sean Dunaway, whom you may recall was the Nevada man busted in 2004 for co-conspiring to steal AOL's member database and sell it to other spammers. According to the court docket, Dunaway pled not guilty to defrauding the US in January 2005 and his case is still open.
But spammers have told me that the informant was a spammer who used the online nickname m3rk and who resided in Boca Raton. Perhaps that's Sean Brooks, who identified himself in this online resume as being 22 years old and "extremely good with coding America Online Applications."
No word yet on other members of the g00dfellas gang, who went by aliases including Orlando. But the arrests have certainly shaken up some spammers. When I greeted one spammer online the other night, his first comment was, "skared ... goodfellas went down."
Posted by brian at March 1, 2006 2:04 PM
Comments
Interesting. Those "pump and dump" stock
spam runs are very vexing. The more recent ones I have seen in the past half year exploit weakness in coding of webmail forms such as PHP and Perl. Not sure if this gang was a part of that approach.
Posted by: my0 at March 1, 2006 9:18 PM
ROKSO lists Vitale as a Top 200 spammer. He isn't exactly a "low-level, blustering spammer."
Posted by: mf at March 1, 2006 9:59 PM
mf, I admit I may have underestimated Vitale. But I'm always a bit skeptical about a spammer's ROKSO status when Spamhaus has no SBL listings for the individual, as in the case of Vitale. And his ROKSO record is remarkably free of details about his actual spamming (mostly just info about his spats with fellow spammers).
Posted by: Brian at March 1, 2006 10:35 PM
I am not part of the "g00dfellas" group.
Thanks.
Posted by: Guilt at March 3, 2006 2:40 PM
Adam Vitale is nothing more than a 2 bit punk who was introduced in to the pump and dump word of spamming stocks by a Broker out in Cali. Do you really thing that Vitale is gonna keep his mouth shut? From what I hear the little Rat is spilling his guts as I write this. A word to the Morons who did biz with the little Wannabe Mobster "GET YOURSELF A GOOD LAWYER YOUR GONNA NEED IT"
Posted by: Balls2theWall at March 3, 2006 7:11 PM
Heh, "Proxy Lock", I'd forgotten about that. Whatever happened to that?
Posted by: Justin Mason at March 6, 2006 10:28 AM
Justin, last I checked, proxy lock was just vaporware. Perhaps it's time to review the latest offering from Send Safe. Can't seem to find the current version online, though.
Posted by: Brian at March 6, 2006 10:54 AM
m3rk does NOT program.
aol doesnt want you to know mail is sent from their network.
sean dunway is a a rat.
Posted by: wtf at March 22, 2006 12:43 PM
Your all a bunch of jerks!!!
Posted by: Andy Hanrahan at April 24, 2006 8:53 AM