A Weblog About Topics and Issues Discussed in the Book Spam Kings by Brian McWilliams

� November 2004 | Main | January 2005 �

December 28, 2004

Have you been harmed by Vii0xx?

vioxx logo There's a clever scam spam making the rounds (sample here) that preys on gullible users of Vioxx, the painkiller recently pulled from the market by Merck over safety concerns.

The spam invites recipients to "file a claim" at a special website if they've been harmed by taking Vioxx. If you go to the site (domains include worldwideteamwork.com, whereitallhappens.com, among others), you are asked to provide your name, email address, phone, etc., presumably so you can participate in some sort of legal action against Merck.

The site appears to be designed to capture information for a spam operation using servers from a notorious spam-hosting company in Brazil. If you check out the home page of the site, you'll see it's an online pharmacy of some sort. And it's still selling Vioxx!

Posted by Brian at 9:16 AM

December 27, 2004

Make lawsuits, not spam

betanews.gifIn an opinion piece for BetaNews.com, I offer a way for Lycos to make amends for its failed anti-spam screensaver project. The article, A Legal Cure for Spam Rage, argues that the U.S. Congress should give individual citizens the right to sue spammers under CAN-SPAM. To make this happen, Lycos should lobby for such a "right to private action" amendment, and open a clearinghouse with information on filing private, federal lawsuits against junk emailers.

Posted by Brian at 12:37 PM

December 26, 2004

Profile of Scott Richter

Scott Richter A few excerpts of Spam Kings that deal with Colorado spammer Scott Richter were published today in the business section of the Denver Post. (You can read the piece here.)

The Post asked Richter for his reaction to the book. He told the newspaper that my portrayal was accurate: "Brian didn't paint a bad or good picture of me, and overall I would say the book was 90 percent accurate. I still talk to Brian when he calls."

Richter also added this little zinger: "If I wasn't in this industry, I would have been bored reading this book."

I'll try not to take that comment too personally. Richter has publicly admitted that he doesn't write or spell very well, so my guess is he's bored reading most books.

Richter also used the Post article to put out word that he is looking for someone to ghost write a book about what it takes to succeed in business. (He asked me for the name of my agent a couple months ago.)

Posted by Brian at 8:43 AM

December 22, 2004

Judge rejects guilty plea by ex-AOL employee

Jason Smathers Looks like Jason Smathers will be spending the holidays in California, rather than in a New York prison.

Smathers' attorney and U.S. prosecutors had worked out a plea deal and just needed sign-off Tuesday from District Judge Alvin Hellerstein. But the judge surprised everyone by saying he didn't like the deal. The judge reportedly wants the U.S. attorney's office to submit a legal brief by January 12 with more information about Smathers' alleged violation of the CAN-SPAM law.

While prosecutors go back to the drawing board, Smathers will apparently be enjoying some sun and R&R. Earlier this month, the court granted him permission to travel to California through January 10.

Now, I am not a lawyer, but that seems like a strange privilege to grant to a guy who, in November, signed a document, available here , saying he agreed to plead guilty to violating 18 USC 2314, Interstate Transportation of Stolen Property. (To this legal sparrow, that seems like an appropriate charge.)

Then, on December 2, Smathers was arraigned instead for violating 18 USC 371, Conspiracy to Defraud the US Government. Smathers pled NOT guilty at the arraignment.

Confusing. Then we have Tuesday's proceedings, with Smathers trying to enter a guilty plea, apparently to violating CAN-SPAM.

An "information" document filed at his arraignment does suggest Smathers was involved in sending decepetive and misleading spam using the AOL customer list. So maybe there is a CAN-SPAM aspect to this case.

But it really does look like the US Attorney's office was trying too hard to get a CAN-SPAM conviction under its belt.

Posted by Brian at 11:05 AM

SpecialHam Spammer Forum Is Back

specialham.com logo After a two-month hiatus, SpecialHam.com is back online. If you've never visited, the site will be an eye-opening experience. It's a sort of virtual Chamber of Commerce for junk emailers. They use the bulletin boards to advertise spamming services such as website hosting, proxies, and mailing lists. There's also a forum for gossiping and networking with other spammers.

Since first appearing online in mid-2003, SpecialHam.com has over 2,500 registered members. (Of course, some of the people who frequent the site are anti-spammers doing reconaissance.) It's not the only online spammer forum by any means. But SpecialHam.com is one of the most active and is quite useful to entry-level spammers.

The site currently gets its hosting from China Telecom, an especially spam-friendly service in a nation that's become a junk email haven. SpecialHam.com is registered to a "Wobble Juice" with a UK mailing address, although the site's domain record has previously listed Queensland, Australia and Mumbai, India addresses.

Posted by Brian at 10:31 AM

December 20, 2004

Big Day in Court for Former AOL Engineer

SDNY court seal

Former America Online engineer Jason Smathers is scheduled to appear in a Manhattan federal courthouse on Tuesday, Dec.21 in connection with the theft of AOL's member database, which included approximately 92 million email addresses.

Associated Press scoopmeister Ted Bridis has learned that Smathers, 24, of Harpers Ferry, West Virginia, will plead guilty at the proceeding to violating the CAN-SPAM law. U.S. prosecutors will recommend a fine and up to two years in prison.

An alleged co-conspirator, Sean Dunaway, 21, of Las Vegas, Nevada, has not yet been indicted for his involvement in the matter.

Since their arrest in June, both Smathers and Dunaway have been free, with travel restrictions, on $25,000 bonds. The court has granted numerous continuances to prosecutors prior to Smathers' arraignment this month.

AOL fired Smathers in June. The company has said that the stolen database included customer names, mailing addresses and email addresses, but did not contain credit card information.

The complaint filed by the U.S. last summer said that Smathers stole the AOL customer list in May 2003 while employed in the company's Dulles, Virginia facility. Smathers, who had worked for AOL since 1999, allegedly sold the information that month to Dunaway.

According to the government, Dunaway then re-sold the AOL customer data for $52,000 to a third co-conspirator, who used it to spam AOL members with ads for a variety of products. The unnamed co-conspirator served as a government informant in hopes of receiving leniency, according to the complaint.

Spam Kings readers know that Brad Bournival, the head of New Hampshire-based spam operation Amazing Internet Products, was the co-conspirator cited in the government's complaint. Bournival's involvement in the case was first reported in Chapter 9 of Spam Kings.

Bournival and his partner, former neo-Nazi Davis Wolfgang Hawke, primarily used the list to bombard AOL subscribers with email ads for Pinacle, an herbal supplement that the spammers claimed would enlarge penises. Bournival and Hawke were sued by AOL in March in the ISP's first action under the CAN-SPAM law.

Smathers is represented by Faith A. Friedman, an associate in the New York law firm of Jay Goldberg, which has defended clients including Donald Trump, Carl Icahn, and Willie Nelson.

Posted by Brian at 12:17 PM

December 18, 2004

Iowa ISP Awarded Billion-dollar Spam Judgment

A federal court has reportedly awarded default judgments totalling $1.22 billion to CIS Internet, an Internet service provider based in Clinton, Iowa. The judgments are believed to be the largest ever in a spam case.

Attorneys for CIS originally filed the lawsuit in October 2003 against 300 "John Doe" spammers. The ISP, which had 5,000 customers, was receiving up to 10 million spams per day.

The court awarded judgments against three spam companies after they failed to respond to the lawsuit: $360 million against Cash Link Systems Inc. of Florida; $720 million against AMP Dollar Savings Inc. of Florida; and $140,000 against TEI Marketing Group Inc. of Florida.

CIS's lawsuits against other companies continue. "Our goal is the economic death penalty," said the ISP's attorney, Kelly O. Wallace of The Wellborn Firm in Atlanta. Wallace admitted that the owner of CIS was unlikely to collect the entire amount of the judgment but hoped "at least to recover his costs."

Posted by Brian at 5:49 AM | Comments (1)

December 16, 2004

Web warfare at LaptopLobbyist.com

Until it recently became the target of "spam rage," LaptopLobbyist.com was a fairly obscure web site. But I'm sure the publicity generated by its recent run-in with a Philadelphia radio reporter has boosted the conservative lobbying group's mission, which it describes as waging "Web Warfare against the entrenched Liberal Establishment."
Buchman

I decided to check out LaptopLobbyist's email newsletters, which reportedly sent (former) WHYY radio reporter Rachel Buchman into a tizz earlier this month. (Buchman claims she never signed up for the newsletters and grew exasperated trying to unsubscribe.)

LaptopLobbyist.com says it uses a "double opt-in" process to manage newsletter subscriptions. In other words, you sign up for the "Action Alert" via a "subscribe" link atop its home page (or via a pop-up window), and LaptopLobbyist emails you back asking you to confirm whether you actually want to receive the newsletter.

This is industry-standard stuff. And it worked when I tested it this week. I signed up, confirmed my intent via email, received a few issues, and then successfully unsubscribed via email.

But it seems LaptopLobbyist.com isn't consistent about double opt-in. There's a link at the site's secure privacy page (among other places) for subscribing to the Laptoplobbyist.com "Daily Digest." It doesn't generate a confirmation email. You can type in anyone's email address and LaptopLobbyist will dutifully begin sending the newsletter without double-checking. The site was prompt about removing an email address when I tried to unsubscribe. But this subscription method is ripe for abuse.

The site has other options for doing email mischief. A link that appears on several pages labeled "Tell Your Friends" is designed to send a message touting LaptopLobbyist.com to the email addresses of up to 10 people with the push of a button.

Web warfare, indeed.

Posted by Brian at 7:30 PM

December 13, 2004

Undercover in the land of fake-Rolex spam

BlackMarketMoney.com logo Do "unsubscribe" links actually work, or are they just another spammer scam? To find out, I went behind the scenes at BlackMarketMoney.com, a mysterious junk email operation that's been blanketing the Internet with spams for replica watches. As I explain in Remove Me!, a new article at Salon.com, my undercover mission in the heart of fake-Rolex spam produced a number of surprises. For one thing, lots of savvy Internet users are clicking unsubscribe links, against the advice of experts. Check out the article and find out what happened when I tried to get removed from the watch-spammers' lists.

Here, for your amusement, is an archive issued by the spam operation to all its sales affiliates (spammers). It contains a list of "do not spam" domains and keywords. (Cia.com?!)

Posted by Brian at 8:59 PM | Comments (2)

December 10, 2004

Furtive shopping frenzy

graph from BSA study A new report from Forrester research (on behalf of the Business Software Alliance) provides some surprising data on the effectiveness of spam. The survey of 1,000 worldwide Internet users found that over 40% of Americans surveyed had purchsed something via spam, while 44% of Britons had bought from spammers.

Brazil, a haven for lots of spam-hosting companies, is also apparently home to some of the most receptive spam recipients. Researchers discovered that 66% of Brazilians surveyed had bought something in response to junk email.

The most popular items purchased via spam: software, clothes/jewelry, and leisure/travel.

As I observe in the epilogue to Spam Kings, the root of the spam problem isn't legislative or technological. It's human. In particular, it's the humans who buy from spammers.

Posted by Brian at 7:38 AM

December 2, 2004

Chongq and the Spam Vampires

Make Love Not Spam logo

The controversial Lycos anti-spam screensaver has been mysteriously out of service since Thursday morning. No word from the company about when, if ever, the Make Love Not Spam campaign will return.

If it does make a comeback, I hope Lycos corrects the problems with the renegade program. For one thing, some of the alleged spam sites targeted by the service aren't even listed on any spam blacklists.

In the meantime, Internet users with a strong desire to retaliate against spammers have other alternatives, as I describe in a new article at the O'Reilly Network entitled Chongq and the Spam Vampires.

For those not bothered by the ethics of fighting abuse with abuse, there are browser-based tools that suck up spammer bandwidth even faster than the Lycos screensaver.

And, as I detail in the story, there's also a new system for fighting back against blog and wiki spam -- and all the while staying on the high moral road!


Posted by Brian at 6:09 PM

Weblog authors are solely responsible for the content and accuracy of their weblogs, including opinions they express,
and O’Reilly Media, Inc., disclaims any and all liability for that content, its accuracy, and opinions it may contain.

All trademarks and registered trademarks appearing on spamkings.oreilly.com are the property of their respective owners.

O'Reilly Home | Privacy Policy

© 2004 O'Reilly Media, Inc.
For assistance with this site, email: