A Weblog About Topics and Issues Discussed in the Book Spam Kings by Brian McWilliams

About the Book

Book Cover Purchase Book
Table of Contents
Sample
Reader Reviews
Media Reviews

The mounting onslaught of email pitches for porn, pills, and penis enlargement has some techno-pundits declaring that spam is on the verge of destroying the Internet. In Spam Kings, author and investigative journalist Brian McWilliams delivers a compelling account of the cat-and-mouse game played by spam entrepreneurs (including the notorious Davis Wolfgang Hawke, "Dr. Fatburn," and Scott Richter) in search of easy fortunes and the cyber-vigilantes who are trying to stop them.

More

� December 2005 | Main | February 2006 �

January 31, 2006

Author of MySpace bot denies wrongdoing

I caught up with Anthony Lineberry, the author of MyFriendBot. Here's the deal.

Lineberry says he responded to the legal threats from MySpace by asking how his program breaks the law or the Myspace user agreement. But, so far, they haven't replied, he reports.

He denies that he is "hacking" the Myspace site or exploiting any vulnerabilities. "All [MyFriendBot] does is the exact same things that you can do with a browser, but automated ... everything is just done by emulating the POST and GET requests of the browser," says Lineberry.

Most of his sales are to bands hoping to promote their music on MySpace. (He can get some idea about his customers by the email addresses they use to buy his software via PayPal.) But he admits to making sales to clothing retailers and others who might be considered spammers. But "nothing like pill pushers or Viagra stuff," he says.

"It sucks, though. I didn't actually write that software with spamming in mind," he says.

Lineberry is an active Myspace user himself, and reports that he doesn't receive any spam via the service.

Brisk sales of the software are helping pay Lineberry's bills at college, where he's studying computer science. He said purchases have all resulted from word of mouth, and he wasn't too thrilled at the extra publicity from being on the Spam Kings blog.

"I don't really think of myself as a bad guy in the matter. People hear any association with spam, and bam, you are a bad guy," he says.

Posted by Brian at 7:57 PM | Comments (13)

MyFriendBot author threatened with lawsuit

myfriendbot In an apparent effort to nip a spamming threat in the bud, the online community site MySpace has sent a cease and desist letter to the developer of a software program for sending advertisements to MySpace's millions of young users.

The California company is threatening legal action against Anthony Lineberry, 20, a resident of Boise, Idaho, over a $20 program called MyFriendBot. According to the software's homepage, MyFriendBot is designed to "seek out [MySpace users] and send them your custom message. You can let it be random, or search for friends by Zipcode, Age, Gender, etc. You can choose to add only those who are online, or everyone." A list of frequently asked questions at the site says the program is limited to sending around 400 messages per day.

In its December 14, 2005 letter, MySpace's legal department said that MyFriendBot "constitutes an activity which is expressly prohibited by Section 5 (i) of our Terms of Service and damages the integrity of the MySpace website." The company wants Lineberry to stop distributing the program or he will be "liable for the damages suffered by MySpace, and will be subject to penalties, fines and even criminal imprisonment." Lineberry has posted a copy of the letter at his personal web site.

MySpace is a big phenomenon with younger Internet users and has something like 42 million users. Such a big population is of course attractive to spammers. But I think a lot of the hand-wringing over spim is unwarranted. anthony lineberry

I wasn't able to interview Lineberry yet, but he doesn't appear to be intimidated by the legal threats. (He released a new version of MyFriendBot two weeks after receiving the threat letter.)

Lineberry has got a rep as something of a whiz kid in the security community. In recent years he has given presentations at various hacker conventions. Last summer, he got some fame at BoingBoing for posing nearly nude.

According to PayPal records, MyFriendBot has over 270 verified buyers. A note at Lineberry's site says "its doing pretty well. Whenever sales slow down to a stop, I will release all the code as opensource."

But Lineberry claims he has lost lots of sales to pirates. For example, in recent days someone at the SpecialHam spammer site was offering a "cracked" version of the program for sale.

Other copycat programs are being marketed under similar names such as MySpace Bot, Mass Comment Bot, and Friend Bot .

Last year, a New York man named Anthony Greco was arrested for spamming MySpace members and then trying to extort money from the company. Following a plea agreement with prosecutors, Greco was sentenced last October, but the sentence is under seal.

Posted by Brian at 11:44 AM | Comments (6)

January 29, 2006

SpamCop blocking some Gmail servers

At least three mail systems operated by Google Mail have been placed on the SpamCop blacklist.

According to the SpamCop site, the systems (IP address 66.249.92.192, 66.249.92.198, and 66.249.92.201) were responsible for spam sent to SpamCop spamtrap accounts in the past week. The systems, which are part of a large collection of servers with the name uproxy.gmail.com, have also been reported by SpamCop users as a source of spam.

As we've noted before, Gmail is interesting from a spammer's perspective because it doesn't show the sender's IP address in the message headers. That could give spammers a layer of protection.

One of the spams that apparently caused the blacklisting was a 419 scam and looks like this.

None of those three IPs appear to be on any of the other major spam blacklists, which suggests they're hardly a huge source of spam.

This isn't the first time Gmail has been blaclisted by SpamCop. Last November, a similar block caused a lot of frustration for a number of SpamCop users.

Posted by Brian at 11:01 AM | Comments (2)

January 26, 2006

Christopher Smith owes AOL $.0049 per spam

Looks like the 1.13 billion spams that Christopher Smith sent to AOL members over a six-month period at the start of 2003 are going to cost him dearly.

$5,612,059.36 to be exact. ($5,325,000.00 in statutory damages, plus AOL's attorney’s fees
and costs of $287,059.36.)

A judge in Virginia issued the judgment against Smith on Tuesday. (AP coverage here.) Maybe Rizler will take consolation in the fact that he's only being dinged for about half a cent per spam?

Meanwhile, Smith awaits trial in the federal case over his Internet drug business.

His legal team is going to need some help. Smith's lawyer has just been indicted and now becomes a co-defendant in the case. Daniel Spivey Adkins allegedly helped Smith hide assets and procure narcotics for Xpress Pharmacy Direct. Adkins was arraigned Wednesday and released on a $25,000 bond.

The trial is set for October.

Posted by Brian at 11:26 PM

Dinosaur spam

It's standard spammer practice to desperately munge words like Viagra and Rolex to avoid spam filters. But it's especially sad when a self-proclaimed "CAN-SPAM compliant" spammer has to disguise his company name in spams.

I received one of these today in an unsolicited pitch for cellphone ringtones. The sender's company name was displayed in the email like so:

T-Re>< |\/|edia

The 1499 Blake Street 1-H, Denver address listed in the message corresponds to T-Rex Media, LLC, the Colorado company owned by Jeff Perreault, former sales manager for spam king Scott Richter.

Chapter 10 of Spam Kings gets into the messy 2003 mutiny by Perreault and other OptinRealBig.com employees. Richter alleged that Perreault et al. made off with his customer lists, proprietary software, and other goodies when Perreault split to set up his own company. Richter ended up suing Perreault and his gang in Denver District Court for breech of contract, business interference, and other charges.

Why would T-Rex Media, which boasts that it is "white listed with aol/hotmail," have to resort to camouflaging its name in junk emails? (The zip code was also munged, using the letter o instead of zeros -- 8O2O2.)

The T-Rex web site also makes this claim: "Our lists are 100 percent opt in and we are fully Can Spam compliant." Funny, I don't recall opting in to their lists. (Seems I'm not the only one who's been spammed by T-Rex in recent weeks.)

Maybe I'll send T-Rex a letter asking to opt out. But no way am I using the unsubscribe link in the T-Rex spam. It goes to stopmailinglist.com, a site run by the blacklisted spam operation Azoogle.

Posted by Brian at 10:46 AM

January 25, 2006

Spam history goes 404

encyclopedia.jpgIn recent weeks, spammers have been accused of trying to erase the past. But it seems that anti-spammers sometimes have an interest in obliterating the historical record as well.

Late in 2005, ancient spam king Jerry Reynolds sued anti-spammers Ed Falk and David Ritz to try to get Internet postings about his spam and porn operation removed. We also had the case of the anti-spam software company using search-engine tricks to hide complaints about its spamming. And most recently, there was the pill spammer suing to get Usenet postings about him taken down.

But some anti-spammers have (preemptively?) taken to scrubbing their sites clean of spam-fighting records.

Most notably, Chickenboner.com, the homepage of Spam Kings protagonist Shiksaa, has been sanitized of much of its interesting content. Gone are the Bulk Barn Diaries, which chronicled instant-message conversations with spam kings like Scott Richter, Bill Waggoner, and Dr. Fatburn. You'll also get a 404 message if you try to access the site's former directory of spam fighting resources, or the humourous collection of doctored photos of spammers.

And don't go looking in Archive.org for copies of the missing files. There's a rather prohibitive robots.txt file at chickenboner.com, preventing all indexing by the likes of Google and Archive.org. (At least Spamcentration still seems to be working. And there's an old cache of information about Eddy Marin.)

The web site of another anti-spammer profiled in Spam Kings has also been gutted. Karen Hoffman's Diary of a Spam Victim, where she stored information about spammer Tom Cowles, is gone, including from archive.org's database.

Note to self: Ask Ed Falk for a copy of his 1,300-page Encyclopedia of Spam before something happens to it.

Posted by Brian at 4:01 PM | Comments (2)

January 24, 2006

Penis-pill marketer sues anti-spammer

In the latest round of lawsuits against anti-spammers, Greg Tift, operator of MK Supplements, is suing Mark Ferguson, owner of a company called Ferguson Graphics, for malicious harrassment. Greg Tift

Seems Tift (photo, right), whose products include MaxxLength penis pills, is upset over some Internet postings made by Ferguson. The posts in question include this one made to the Nanae newsgroup on Usenet in December.

Tift's lawsuit in Washington's King County Superior Court alleges that Ferguson (pictured with bowtie below) has engaged in "malicious postings for the sole purpose of causing personal harm and torte business interference." Tift further asserts that Ferguson's postings have endangered minors, Tift, and innocent third parties. Tift has asked the court for an injunction and legal fees, as well as "additional relief as is just and proper."

ferguson What's weird is that the most revealing Usenet postings about Tift are these two (here and here) apparently from a former MK Supplements employee who calls himself "Jim Jam."

I spoke with Tift by phone earlier this month. He told me he has written to Google, formally requesting that the offensive postings be removed. I tried explaining to him that Google doesn't control all of Usenet. I mentioned he might want to read up on the case of George Alan "Dr. Fatburn" Moore, which is covered in Spam Kings.

Tift claims he never sends spam himself and denies he is a "notorious spammer," yet he acknowledged he's being sued for spamming by Microsoft in King County Court. Tift claims that he recently had a settlement conference with Microsoft's attorneys, at which he said he would gladly close his business down if they paid him $495,000. "They got up and walked out," reports Tift.

When I asked him about allegations that he's in business with a Top-200 spammer named Paul Boes, Tift said Boes was "a victim of his past" and was actually "hard working and honest."

According to Jim Jam, the anonymous Usenet poster, Boes runs MK Supplments' spammer affiliate system, known as MKBucks. Last March, someone representing MKBucks posted a message on the SpecialHam spammers' forum soliciting information about users of Microsoft's Hotmail service.

Tift contradicted assertions by Jim Jam and others that MK Supplements is owned by Michael Kerr, a Seattle carpet store owner. Tift told me MK's corporate structure is confidential, but he assured me that "no one else is involved in the business."

Posted by Brian at 12:40 PM | Comments (9)

January 17, 2006

Under attack, spammer begs for mercy

A follow up to my recent post about a controversial campaign to pollute a mortgage spammer's sites with bogus orders:

Darren Brothers reports that Alex Polyakov, the target of his Kick a Spammer in the Nuts Daily retaliatory campaign, has cried uncle.

Brothers says he got a call early this morning from Polyakov. (Brothers has posted a WAV file of the call. I created a smaller MP3 version of the recording, which can be downloaded here.) On the tape, an excited Polyakov complains that Brothers' "Refi Retaliator" program is "killing my business."

"How much money do I have to pay you? Surely we can work out something together!" says Polyakov.

During the 13-minute call, Polyakov claims that his "interest is only to make honest dollars." As a peace offering, Polyakov proposes to create a global opt-out list, "the anti list of all anti lists." Polyakov says he has no interest in sending spam to people who don't want to receive it, and he guarantees that he will persuade all his spam-business associates to clean their mailing lists.

In the past, such spammer-run global remove lists have been disasters. I can't see why a Polyakov-run list would be any different -- especially since he blames a lot of his problems on rogue spam affiliates.

Brothers triumphantly posted word of his phone call on the Nanae newsgroup today. He added this warning to spammers reading the group:

Hey, spammers... the Refi Retaliator can easily be reconfigured for any site selling any service or product... and it's coming to a website you own in the near future if you keep spamming. It's in the public domain now, so anyone can use it. And there are millions of 'anyones' you've pissed off.

I'd guess that this little battle isn't over. At a minimum, I'd expect Polyakov to devise a technical means of thwarting the Refi Retaliator. As JD Falk commented on my previous posting, "Has there ever been any indication that spammers will stop spamming if attacked? Far as I can tell, it just makes them more determined to strike back."

Posted by Brian at 11:11 AM | Comments (15)

January 13, 2006

Team effort on Lin case. Ralsky next?

You hear a lot about antispam lawsuits led by U.S. government agencies like the FTC and FDA, or by big Internet providers such as AOL and Microsoft. Daniel Lin

But the U.S. Postal Inspection Service gets credit for helping to send Michigan pill spammer Daniel Lin to prison. According to a story in yesterday's Detroit News, Lin will be in court next Tuesday to plead guilty under a deal that could send him away for over four years. (Three other men affiliated with Lin -- Chris Chung, Mark Sadek and James Lin -- are still under investigation.)

The USPI's have been very busy with Internet crimes of late. They got plenty of help investigating the Lin case. According to an affidavit, Postal Inspector Karl Hansen consulted Spamhaus records on several occasions to gather data on Lin. He also ran several Google Groups searches and dug up info from the Nanae newsgroup and even contacted some participants by phone. (The affidavit specifically mentions a conversation with Alan Curry regarding a posting he made.) Microsoft provided a CD-ROM filled with spam samples from its infamous spam traps. Anders Henke, an administrator with German ISP Schlund, turned over valuable proxypot evidence.

All this cyber research was corroborated by a physical search in April 2004 of Lin's residence at 7080 Ten Hill Dr. in West Bloomfield, Michigan. Agents boxed up all sorts of evidence, including computers, business records, product (herbal pills), along with several guns and a bong or two. (Lin's attorney said there was no legal justification for seizing the guns, since they weren't mentioned in the search warrant.)

Interesting about the address of Lin's house. It was listed in contact data provided in the registration for networks owned by Creative Marketing Zone, a spam operation run by the notorious Alan Ralsky. Lin has long been suspected of being a partner of his neighbor Ralsky.

Could Lin's plea agreement include ratting out Ralsky?

Posted by Brian at 9:37 AM

January 5, 2006

Who is the $11.2 billion man?

You may have heard the news about the Hialeah, Florida spammer who was ordered to pay $11.2 billion to CIS Internet, a small ISP in Iowa. But it's unlikely you've ever heard of the spammer, James McCalla aka James McNully.

The judgment is the biggest ever against a spammer, yet James Christopher McCalla, 26, isn't even listed on the Spamhaus list of the world's largest spammers.

So who is this mystery spam king? According to court papers, McCalla used the email address webgost79@yahoo.com, which was connected to lots of domains spammed in 2003. He evidently sent 280 million spams to CIS Internet alone, operating as JMC Internet Marketing Inc.

But McCalla's conduct in the case suggests he's nothing but a chicken boner.

McCalla chose to defend himself without an attorney, claiming that he was insolvent. In an April 2004 court filing, McCalla denied any and all allegations of wrongdoing. "These accusations jeopardize my reputation and I intend to file a countersuit with an action for defamation if these complaints against me are not rescinded," said McCalla in the filing.

In February 2005, he wrote a letter to the court accusing Pete Wellborn, one of the plaintiff's attorneys, of "taking advantage of me simply because I do not have an attorney ... Pete asked what assets I owned, and I told him only a 1996 Honda Accord. He laughed and said he would be happy to take that from me."

Another letter, sent in August 2005, accused CIS Internet of "taking advantage of their ability to afford lawyers in order to prey on smaller starting companies and innocent people."

Nonetheless, in November 2005, the judge entered a summary judgment against McCalla, noting that the defendant "has failed to submit any affidavit or other competent summary judgment evidence to support his general resistance and argument against plaintiff’s motion."

No word yet on that defamation counter suit against CIS from McCalla. I tried calling several of the phone numbers on record for him and his (now dissolved) spam business. Two were disconnected and one was a wrong number. According to court records, his last known address is a post office box in Pembroke Pines, Florida.

Posted by Brian at 3:55 PM

January 3, 2006

Violent Admins Against Spam

In June 2000, a taxi driver named Reid Walker got fed up with trying to unsubscribe from Davis Hawke's "Banned CD" spams. So, as detailed in Chapter 3 of Spam Kings, Walker used a comment form at one of Hawke's ordering sites to bomb him with hundreds of complaints. The next day, a grumpy Hawke removed Walker's email address from his mailing lists.

Some people take their retaliation even further. In May 2003, a guy named Fred said he belonged to a group known as "violent admins against spam (VAAS)." Fred introduced a free Windows utility called FormFucker (FF). The tool was designed to flood spammer order forms with bogus data. "Give them a few thousands realistic looking orders, and these guys are pretty screwed," wrote Fred in the Nanae newsgroup.

A number of people quickly signed up to use FF, but Fred also got a lot of criticism for, as one anti-spammer put it, "fighting abuse with abuse." About a month later, Fred stopped promoting FF online. But soon a similar tool, a Java application called FormFlood, appeared on the Internet.

More recently, a web developer named Robin Grimes created a site called PhishFighting.com that's designed to mess with web sites created by phishing scammers.

The latest project of this sort goes by the ungainly name Kick A Spammer In The Nuts Daily. It's headed up by an anti-spammer named Darren Brothers. Right now, the project is mostly manual. Brothers is trying to round up volunteers to poison the leads database of a ROKSO-class mortgage-and-pills spammer named Alex Polyakov.

Says Brothers: "The more we poison their leads database, the more work they've got to do to clean it up, and the fewer brokers will buy their leads in the future. We're going to give them a reputation as a trash leads seller, so no one will buy their leads."

Problem is, Polyakov apparently operates hundreds of domains. So Brothers says he needs lots of help. (Eventually, he hopes to release a program called Formicator, which will work a lot like FF, to automate the process.)

In an email, Brothers explained his goal: "I'm trying to starve [Polyakov] of resources by cutting off his income, raising his costs, and wasting his time. It's not enough to beat him up so badly that he stops spamming... I want to break him financially. I want him so poor that he can't even consider buying one domain."

Brothers says he recently received some telephone death threats from Leo Kuvayev, whom Brothers believes is partners with Polyakov.

Yikes. Isn't this all getting a bit too personal?

Posted by Brian at 12:10 AM | Comments (4)

Weblog authors are solely responsible for the content and accuracy of their webl ogs, including opinions they express,
and O’Reilly Media, Inc., disclaims any and all liability for that content, its accuracy, and opinions it may contain.

All trademarks and registered trademarks appearing on spamkings.oreilly.com are t he property of their respective owners.

O'Reilly Home | Privacy Policy

© 2004 O'Reilly Media, Inc.
For assistance with this site, email: