StopScum

February 08, 2005

Spamware: The story of US corporate greed, turning a blind eye, and a lack of ethics

Together, MCI Worldcom, Download.com, and SWREG make millions of dollars from knowingly participating/enabling the sale and or distribution of Spamware which is used to send millions of Spam emails, every hour of every day.

What is Spamware?

Software that enables the sending of spam. Slime bags install this software on their Windows machines. Next, the software takes control of remote computers. This enables spammers to use these remote computers which are infected and sometimes called "zombies," as proxy servers to send millions of Spam emails without the computer owners' knowledge. Many viruses like versions of the Sobig, Sober and MyDoom are used to turn remote computers into zombies. This can even let a spammer evade spam blacklists. Their are currently over 300 sites which sell Spamware. In other cases, Spamware uses tricks with proxy servers to send Spam. MCI, Download.com, and SWREG are aware of this action, participate in it's distribution, and together they earn millions of dollars from Spam.

Enabler Number 1

MCI Worldcom (a US Corp) leads the pack and currently hosts (retail or wholesale) 188 sites devoted to either sending Spam or selling the tools that permit others to do this. Click here to read all the details.

What the MCI enabler says

Timothy Vogel, who heads MCI's legal team for technology issues, told the Washington Post that "MCI is only the wholesale provider of the web space used by Send Safe. He told the paper that MCI would take action if it had evidence that the Send-Safe company was spamming which "would violate MCI policy". But merely advertising its product is a form of speech that should not be censored,..." Source

Sorry, we think this flawed explanation and attempt to wrap the American Flag around your excuse is simply a demonstration of greed and an effort to continue to reap millions of dollars from your actions. We aren't the only ones who think this. Read this:

"MCI Worldcom's official position on the issue is that MCI can't stop their spam gangs selling proxy hijacking spamware from MCI's network as that would be 'censoring' the distribution and sale of illegal proxy hijacking software."

"MCI is the only American, and indeed only Western network, where this spam support activity is "not against our policy". Spamhaus maintains that MCI's 'protected speech' excuses for servicing known spam gangs and proxy spamware distribution sites are dishonest and nonsensical in the face of the Internet's spam epidemic." Source

Enabler Number 2

The largest distributor/author of Spamware is Send Safe (send-safe.com). Send Safe is a stealth proxy hijacking tool. This site is of course hosted by MCI and they are acutely aware of this fact but refuse to shut the site site down. Matter of fact, Spammers/Spam Gangs of all flavors love MCI since they refuse to take action and use a flawed argument to continue to profit from from this deplorable act.

Enabler Number 3

The send-safe.com site uses SWREG (swreg.org) as their credit card gateway to process credit card orders for this Spam tool. This company earns a commission from each sale. I find this action deplorable.

Enabler Number 4

Download.com is also aware that they are distributing Spamware. For example, a Spamware tool called LegalSender 1.60g has been distributed by Download.com since 2002. Click here to read the description. Sorry, this is not an isolated incidence, they also profit and distribute the following Spamware: StealthMail Master, Easy Mass Mailer, Speed Send Mailer, Advanced Mass Sender, and Mass eMailer.

Conclusions

If you are a regular reader, you noticed that we have documented legal action against Spammers as well as the CAN-SPAM federal law. While these actions will help, they don't represent an effective solution. Today, about 70% of all email is Spam. Unfortunately, we expect this to continue to increase this year and beyond unless additional measures are taken. Our hope and prayer is that large ISPs like AOL or MSN will sue MCI Worldcom in federal court and prevail. Shut down MCI and make them stop. Make MCI pay millions of dollars for the Spam damage which they actively and knowingly participate in. This would also result in the shut down of the Spam gangs sites. Next, SWREG needs to also find themselves in federal court along side Download.com.

Naturally, this legal attack must continue against other US based criminals who are either directly or indirectly enaged in this deplorable behavior.

Posted by Steve_S

January 30, 2005

The CAN-SPAM Act Closes Loopholes

This anemic and vague federal law, which is enforced by the FTC, has been clarified with new definitions for Spam which are effective on March 28, 2005.

The new clarifications by the FTC

1. For e-mail messages that contain only the commercial advertisement or promotion of a commercial product or service (“commercial content”), the primary purpose of the message will be deemed to be commercial. If the recipient would reasonably interpret the subject line as commercial or if the body of the e-mail is primarily commercial, then these emails violate CAN-SPAM.

2. For e-mail messages that contain both commercial content and “transactional or relationship” content as set forth in the Act’s definition of “transactional or relationship message” and in the final Rule, the primary purpose of the message will be deemed to be commercial if either: 1) a recipient reasonably interpreting the subject line of the e-mail would likely conclude that the message contains commercial content; or 2) the e-mail’s “transactional or relationship” content does not appear in whole or substantial part at the beginning of the body of the message. These emails violate CAN-SPAM.

3. For e-mail messages that contain both commercial content and content that is neither “commercial” nor “transactional or relationship,” the primary purpose of the message will be deemed to be commercial if either: 1) a recipient reasonably interpreting the subject line of the message would likely conclude that the message contains commercial content; or 2) a recipient reasonably interpreting the body of the message would likely conclude that the primary purpose of the message is commercial. Factors relevant to this interpretation include the placement of commercial content in whole or in substantial part at the beginning of the body of the message; the proportion of the message dedicated to commercial content; and how color, graphics, type size, and style are used to highlight commercial content. These emails violate CAN-SPAM.

4. For e-mail messages that contain only “transactional or relationship” content, the message will be deemed to have a “transactional or relationship” primary purpose. These emails are permitted under CAN-SPAM.

5. The FTC defined the header for X-rated Spam, as directed by Congress. The subject lines of such messages must begin with "SEXUALLY-EXPLICIT." Also, the sender must provide additional steps to view the explicit content, beyond opening the e-mail.

Source: FTC

So what!

While closing these loopholes does demonstrate a measure of concern, it's really an exercise in futility unless the FTC is prepared to sue numerous Spam Kings and their enablers on a regular basis. As we previously told you in the following entry which opens in new window, a single law suit in over one year by the FTC is totally unacceptable. Given the fact that the CAN-SPAM law does not provide the consumer/surfer with any judicial relief, the FTC must become much more aggressive. Legal action against the Spam king is a given but to really send shock waves, the FTC needs to sue Webmaster affiliates, affiliate networks, and advertisers who either use Spam and or fail to properly "police" third parties..

Posted by Steve_S

January 25, 2005

Spam Tricks: Don't click the opt-out (Remove Me) link or pay money for a do not Spam remove list

Spammers are clever con artist, scam kings, criminals, low life, and all of them belong in jail. In this installment we document a couple of procedures which guarantee that you will receive even more Spam and in other cases part with your hard earned money.

Just Trash the Spam: DO NOT opt-out

I'm sure you've seen the Spam selling pills, mortgages, porn, get rich schemes, etc. This junk often includes a link to remove your email address from the Spam list. This opt-out is a scam to verify your email address and rarely removes you from the list. What it does do is tell the Spammer that the email address works and a real life person is reading the email. If you do click the opt-out link the Spammer uses your address to not only send more Spam but sell it a zillion times to other Spammers. This will definitely increase the amount of Spam you receive so NEVER opt-out.

Other creative ploys used by Spammers

Recently, a bunch of Webmasters received Spam, which was sent to their Whois email address, which offered to purchase their domain for a lot of money. A few of them answered the email which provided the Spammer with verification that the email address works with a human reading the email. Naturally, the Spammer sold the email address to other Spammers. If the email sounds to good to be true or makes unreasonable claims then you should trash it and not respond.

Valentine's Day is just around the corner and we guarantee you that the Spam Kings are ready to capitalize on this holiday which produces about a 40% increase in email which ask you to visit a site and pick up your Valentines Day ecard. Legitimate postcard sites will always tell you the name of the person who sent you the ecard and often provide a validation number to enter so you can retrieve the ecard. If the senders name doesn't look familiar we suggest you trash the email and never provide any other data to the postcard site. We can also guarantee you that some of these Valentine's Day ecards will contain Virus infected attachments which you should never open. Naturally, your machine should have the latest Virus definitions installed, the current Windows update, a robust anti-Spyware tool, and sit behind a firewall.

It was a pleasure stealing your money

Their is no such thing as a "Do Not email List" on planet earth. Sometimes they are known as "Global Spam Remove Lists", "Unsubscribe List" or "Opt-out Service" and they normally ask you to pay money with the promise that your actions will insure that you won't receive any more Spam. We don't care what the site says, how slick the site may appear, or any claims made by the site. They are all a Scam and you should never pay money and or submit your data. For example, UnsubscribeNow.org is a Scam which claims you won't receive Spam after you pay $34.95 per year. This Scam artist even sends Spam to promote the site. As if stealing your money wasn't enough, many of these Scam sites also sell your email address to other Spam Kings which insures the volume of Spam you receive will increase.

Posted by Steve_S

January 16, 2005

Spam Ring Sued Twice

The fifth largest Spam ring in the world was sued by the Texas Attorney General on January 13, 2005 and the next day the same Spam ring was sued by Microsoft. We love this double attack which spans Federal courts in the states of Texas and Washington.

The Two Principal Slime Bags

Ryan Samuel Pitylak is a University of Texas student and resides in Austin, Texas. Mark Stephen Trotter is a businessman and resides in Encinitas, California. The case in Texas seeks millions of dollars in damages and alleges that these Spammers violated federal and Texas laws on Spam as well as Texas trade practices. The Microsoft action could seek $1,000 per Spam Email and alleges that they violated Washington state's anti-spam and consumer protection laws by misleading consumers. Microsoft helped the Texas Attorney General by providing more than 20,000 emails that were captured in their trap accounts.

For Your Reading Pleasure

According to the lawsuit, the Spam emails contained official-looking subject lines such as "Re: your past due bills" and "Urgent: Household Loan Memorandum: Please Read." When recipients clicked on links in the emails, they were asked to provide personal information that Pitylak and Trotter sold to other companies for as much as $28 per reference, the lawsuit alleges.

Read what the Spammers attorney (Lin Hughes) has to say

"Ms Hughes said that creative wording has long been an accepted tool employed by people soliciting business. I can't tell you how many times I've gone to my regular mailbox and found a letter telling that inside is an urgent message about my car, then it turns out to be someone offering car repair services. Is that misleading? Was anyone harmed by it? I doubt it. I have a trash can for regular mail and a delete key for my email."

Is that so. NOT! We suggest that attorney Hughes spend the next few weeks actually reading each state's anti-Spam laws as well as the Federal CAN-SPAM Act. At a minimum those email subjects are misleading and our sense and hope is that you have already lost the cases.

Congrats to Texas and Microsoft

We believe this is the first incidence of two separate federal proceedings which span two different states. Both the Texas Attorney General and Microsoft should be congratulated. These dual track actions force the slim bags to defend themselves across two states which cost them significantly more money and time, regardless of the final outcome. It also forces the Spammers to defend themselves against different State laws as well as the Federal CAN-SPAM Act. We hope that this new tactic is deployed by other States who can work with Microsoft along with other major ISPs like AOL. Even AOL and Earthlink could work together and file legal actions in two different states.

Posted by Steve_S

January 13, 2005

The CAN-SPAM Act: Finally Gets Serious

The FTC has has won a court order to temporarily halt a pornography Spam ring that stretches from Las Vegas to Latvia. This is the first Spam litigation brought by the agency under the Adult Labeling Rule of the CAN-SPAM Act. Although we do not normally list the URLs of Adult sites in any of our articles, it's impossible to properly document this landmark case without doing so. Our apologies to our valuable guests if this offends you.

The allegations by the FTC

"The complaint charges that the defendants violated the Adult Labeling Rule by sending sexually-explicit e-mails that: failed to contain the required identifying mark; contained sexually-explicit material within the initially-viewable areas; and failed to include an opt-out before the sexually-explicit material.

In addition, the FTC alleges that the defendants violated the FTC Act by falsely stating that membership to their Web sites was free. According to the FTC, by the time consumers realized that the defendants charged a fee for their Web sites, consumers had already given them their e-mail addresses."

Source: Please see the FTC Press Release

The band of slime bags which include an affiliate

The defendant's in this action are: Global Net Solutions, Inc., a Nevada Corporation; Global Net Ventures, Ltd., a United Kingdom Company; Wedlake, Ltd., a Corporation; Open Space Enterprises, Inc., a Nevada Corporation; Southlake Group, Inc., a Nevada Corporation; WTFRC Inc., a Nevada Corporation doing business as Reflected Networks, Inc.; Dustin Hamilton, individually and as an officer or director of Global Net Solutions, Inc., Global Net Ventures, Ltd., and WTFRC, Inc.; Tobin Banks, individually and as director of Open Space Enterprises, Inc.; Gregory Hamilton, individually and as an officer and director of Southlake Group, Inc.; Philip Doroff, individually and as an officer of Reflected Networks, Inc., now renamed WTFRC, Inc.; and Paul Rose, individually; Defendants., United States District Court, District of Nevada.

Webmasters and Affiliate Networks should make note that this action names an Arizona-based affiliate named Paul Rose. This slime bag is AKA "john baker" and uses this email address: idbud@epimp.com. This affiliate uses the following sites to promote the GNS (Global Net Solutions) Defendants Affiliate Program, which he owns: bjkandy.com, jgjenny.com, fritzwebcam.com, and numerous other sites. You can read the full list of sites in the FTC Complaint. The name of the affiliate program which is run by GNS is signup4cash.com. An affiliate sending Spam is nothing new but being named as a defendant in a FTC action under the CAN-SPAM Act is certainly new and hopefully will encourage Networks to actively police their affiliates. I suggest that all Networks (mainstream and adult) immediately ban the affiliate for the first offense and not pay them. This policy should be clearly documented in your TOS and internally you need to keep all emails sent and notes of your action. If your affiliates send Spam in violation of the CAN-SPAM Act, you may also be the target of an FTC action. Even if the Network is not guilty, the adverse publicity and legal costs will be very damaging.

The Opt-Out Game

A lot of this porn Spam didn't included a working opt-out mechanisms, as required in CAN-SPAM. A lot of the email that did include and opt-out option, required the recipient to scroll through adult pictures to find the opt-out link. This trick has been used for years and it's refreshing to finally see the FTC take note of these procedures.

The CAN-SPAM Act Summary

While it did take the FTC over one year to file it's first action, I think this first piece of litigation is a good sign. Many more suits by the FTC are required. Not one per year but dozens per year. Keep after the slimy affiliates and the Networks. We hope the next piece of FTC litigation names a mainstream Network and their affiliates, which should send a loud signal that the FTC means business.

Posted by Steve_S

December 28, 2004

Spam: A look at 2004

The Federal legislation titled "CAN-SPAM" is a resounding failure. AOL claims about a 75% reduction in Spam complaints through November 2004 but we think that number includes some marketing spin which inflates it and we so no evidence of any reduction in Spam for the greater Internet population. We do see plenty of evidence that Spammers will continue to use Spyware to infect systems and turn them into "zombies", sending millions of Spam emails every day.

The failure of CAN-SPAM

CAN-SPAM was destined for failure and after almost one year we have seen very few law suits and jail sentences.

"One of the provisions of CAN SPAM directed the FTC to consider implementing a do-not-spam list similar to the popular do-not-call list they maintain. The FTC diligently investigated the possibilities, and interviewed dozens of knowledgeable people including several CAUCE board members. They concluded that a do-not-spam list at this point would be unenforceable for a variety of reasons, notably that it's so easy to fake the source of e-mail that it would be very difficult to identify and go after violators." Source: CAUCE

The FTC is the federal agency responsible for enforcing the provisions of the CAN-SPAM law and they really don't seem to be very aggressive and or interested. Let's be clear, the USA delivers about 42% of the Internets Spam. You won't significantly reduce Spam until you place the enforcement authority in the hands of the States and let consumers sue Spammers and the advertisers who use Spam.

Spammers and the law

On the legal side of the issue, we do like the action which AOL took against Spam King Jeremy Jaynes, also known as Gavin Stubberfield. He was prosecuted not under CAN SPAM but under an older Virginia state law that makes it illegal to send unsolicited bulk e-mail with falsified routing information. Although Jaynes lives in North Carolina, the target of much of his spam was AOL, so the trial took place in Leesburg VA, the seat of the county where AOL is located. The jury found Jaynes guilty and sentenced him to nine years.

While this is a great first step, we need dozens of law suits and jail time for Spammers in a given 12 month period. AOL should not be the only Company engaged in these law suits. We would hope that deep pocketed companies like Microsoft, Yahoo, Earthlink, Google, and major hosts would sue dozens of Spammers every year. Some may be reluctant to due this because they are developing their own "authentication" system which they hope will become a standard. We are not very optimistic about the evolution of a standard and would always prefer to let consumers sue Advertisers who use Spam.

Let's repeat that just incase you missed it. Spammers can hide under rocks and seek off shore havens. While the Advertiser who uses Spam are generally a much easier target for a law suit. Many are well known companies and easy for the consumer to Sue and obtain a money judgment in Small Claims court.

Webmasters and Spam

We are continually dismayed by Webmasters who actually read Spam email and take the bait. Certainly, many of these folks are cheaters looking for a brand new Affiliate program to rob but many aren't. Don't read Spam. Don't support or join any affiliate program which uses Spam. We have never seen an Affiliate Network prosper long term who uses Spam.

Spyware and Spam

As more ISPs develop strong anti-Spam filters like AOL, we expect Spammers to increase the use of Spyware/Adware to infect your computer and turn it into a "zombie" which sends out millions of Spam Emails. This condition is also the result of more folks using broadband Net access which often results in Computers running 24/7. Some of the Spammers plan to set up more ecommerce sites, escrow companies, affiliate programs, and hosting companies. This fertile ground will produce even more infections and more Spam.

Spammers Love Blogs

Most of the major Forum scripts contain a robust set of tools to control abuse and lower Spam to an acceptable level. The same can not be said for Blogs. All Blog scripts and services! Spammers have found an easy mark with Comment Spam and track back Spam in Blogs. Thousand per day in a given Blog. Blogs have rundimentry controls at best and all the plug-ins in the world pail in comparrison to Spam control available in Forum scripts like vBulletin.

Posted by Steve_S