Information freedom for open source users.

Keith noted that Krebs has an interesting story on a Russian businessman being accused of running a spam ring while serving as an anti-spam adviser to the Russian government. It’s a strange tale including an investigation in 2007 that was abandoned when the chief investigator was actually hired to work for the spammer. Not suspicious at all, no way.

Read more of this story at Slashdot.

We’ve been getting submissions about an uptick in compromised Gmail accounts in the last few days, but nothing that could be substantiated. Robert McMillan did a bit of digging and now reports in PC World that “Google is investigating a growing number of reports that hackers are breaking into legitimate Gmail accounts and then using them to send spam messages. The problem started about a week ago but seems to have escalated over the past few days. … [I]n forum posts, Gmail users note that the hackers appear to be sending spam via Gmail’s mobile interface — which gives mobile-phone users a way to check their Gmail accounts — and wonder if there may be a bug in the mobile interface that is allowing criminals to send the spam. … Google says there’s no Gmail bug. … ‘Spammers may sometimes use a mobile interface to access accounts they have already compromised because it’s simpler for bots to use this method at large scale.’” Here’s how to tell if your Gmail account has been accessed by bad guys, and what to do about it.

Read more of this story at Slashdot.

eldavojohn writes “TV pitchman Kevin Trudeau was sentenced to 30 days in jail because he urged his fans and followers to spam a judge. Apparently the judge (who was deluged with emails) decided that this was an act of contempt of court on the court’s ‘virtual presence’ since nothing happened while the court was in session in regards to Trudeau’s courtroom behavior. US Marshals are now trudging through those emails to decide if any are threatening.”

Read more of this story at Slashdot.

www.sorehands.com writes “In the first case brought by a spam recipient to actually go to trial in California, the Superior Court of California held that people who receive false and deceptive spam emails are entitled to liquidated damages of $1,000 per email under California Business & Professions Code Section 17529.5. In the California Superior Court ruling (PDF), Judge Marie S. Weiner made many references to the fact that Defendants used anonymous domain name registration and used unregistered business names in her ruling. This is different from the Gordon case, where one only had to perform a simple whois lookup to identify the sender; here, Defendants used ‘from’ lines of ‘Paid Survey’ and ‘Your Promotion’ with anonymously registered domain names. Judge Weiner’s decision makes it clear that the California law is not preempted by the I CAN-SPAM Act. This has been determined in a few prior cases, including my own. (See http://www.barbieslapp.com/spam for some of those cases.)”

Read more of this story at Slashdot.

Spamresource.com has up a piece describing a new service that could be useful in evaluating the reputation of sites you deal with — anonwhois.org returns information on domains registered anonymously. It provides a DNSBL-style service that “is not a blacklist and wasn’t meant to be used for outright rejection of mail.” Only 619,000 domains are listed so far, but more are added as they are queried, so the database will grow more complete. Anonwhois.org seems to be a sister site to Spam Eating Monkey.

Read more of this story at Slashdot.

A team of computer scientists from the International Computer Science Institute in Berkeley, CA are claiming to have found an “effectively perfect” method for blocking spam. The new system deciphers the templates a botnet is using to create spam and then teaches filters what to look for. “The system … works by exploiting a trick that spammers use to defeat email filters. As spam is churned out, subtle changes are typically incorporated into the messages to confound spam filters. Each message is generated from a template that specifies the message content and how it should be varied. The team reasoned that analyzing such messages could reveal the template that created them. And since the spam template describes the entire range of the emails a bot will send, possessing it might provide a watertight method of blocking spam from that bot.”

Read more of this story at Slashdot.

An anonymous reader writes “The European Network and Information Security Agency released its new spam report, which looks at spam budgets, the impact of spam and spam management. Less than 5% of all email traffic is delivered to mailboxes. This means the main bulk of mails, 95%, is spam. This is a very minor change, from 6%, in earlier ENISA reports. Over 25% of respondents had spam accounting for more than 10% of help desk calls. The survey targeted email service providers of different types and sizes, and received replies from 100 respondents from 30 different countries.”

Read more of this story at Slashdot.

Unequivocal writes “Spammers hiding behind a WHOIS privacy service have been found in violation of CAN-SPAM. It probably won’t stop other spammers from hiding (what can?), but at least it adds another arrow in the legal quiver for skewering the bottom feeders. Quoting from the article: ‘A recent decision by the Court of Appeals for the 9th Circuit has determined that using WHOIS privacy on domains may be considered “material falsification” under federal law… Although the ruling does not make use of WHOIS privacy illegal, it does serve as a clear message from the court that coupling the use of privacy services with intentional spamming will likely result in a violation of the CAN-SPAM act. This is an important decision that members of the domain community should refer to prior to utilizing a privacy shield.’”

Read more of this story at Slashdot.

Frequent Slashdot contributor Bennett Haselton writes “An estimated 200,000 Hotmail users currently have their auto-reply set to a message spamming an advertisement for Chinese scam websites, which sell “discounted” electronics. Presumably the spammers compromised a large number of Hotmail accounts to pull this off, but wouldn’t it be pretty easy for Hotmail to query for which users have that set as their auto-reply, and turn the auto-reply off for them?” Read below for Bennet’s thoughts.

Read more of this story at Slashdot.

EastDakota writes “Project Honey Pot today announced that it had trapped its 1 billionth spammer. To celebrate, the team behind the largest community sourced project tracking online fraud and abuse released a full rundown of statistics on the last five years of spam. Findings include: spam drops 21% on Christmas Day and 32% of New Year’s Day; the most spam is sent on Mondays, the least on Saturdays; spammers found at least 956 different ways to spell VIAGRA (e.g., VIAGRA, V1AGRA, V1@GR@, V!AGRA, VIA6RA, etc.) in mail received by the Project; and much more.”

Read more of this story at Slashdot.

darthcamaro writes “America is no longer the spam king. According to Cisco, US-originated spam dropped by over two trillion messages — American-based IP addresses sent about 6.2 trillion spam messages. The new world leader is Brazil at 7.7 trillion messages. ‘I’m not completely surprised to see US falling to number two in the spam stats, but I didn’t expect it to happen yet,’ said Cisco Fellow Patrick Peterson. ‘I was really gratified to see the actual spam volume decrease, not just ranking, but we [also] decreased the amount of spam that is pouring out of the United States.’” The drop in US spam might have had something to do with the temporary shutdown of the McColo spam ISP.

Read more of this story at Slashdot.

Nashville Guy writes “According to Australia’s The Age, ‘A New Zealand man living in Queensland and believed to be behind the world’s largest spam operation, has been ordered to pay more than $16 million for running the illegal enterprise. Lance Atkinson, 26, originally from Christchurch, was living in Pelican Waters on the Sunshine Coast when the US Federal Trade Commission (FTC) had his assets frozen last year. … The FTC found Atkinson and American Jody Smith were at the centre of the world’s largest internet spam operation, dubbed ‘AffKing,’ having recruited spammers from around the world.’”

Read more of this story at Slashdot.

cin62 writes “The number of Internet scammers offering fake versions of the anti-swine flu drug Tamiflu has surpassed those selling counterfeit Viagra, reports CNN. Since the H1N1 virus, also known as swine flu, was declared a global pandemic last month, there has been an increase in the number of Web sites and junk emails offering Tamiflu for sale. ‘Every Web site that used to sell Viagra is now selling Tamiflu. We are pretty sure that the same people are making the Tamiflu as are making the Viagra,’ said Director of Policy for the UK’s Royal Pharmaceutical Society.” This news fits in nicely with a report Wired ran a couple weeks ago about the hysteria behind H1N1.

Read more of this story at Slashdot.

An anonymous reader lets us know about the dire straits the SORBS anti-spam blacklist finds itself in. According to a notice posted on the top page, long-time host the University of Queensland has “decided not to honor their agreement with… SORBS and terminate the hosting contract.” The post, signed “Michelle Sullivan (Previously known as Matthew Sullivan),” says that the project needs either to “find alternative hosting for a 42RU rack in the Brisbane area of Queensland Australia” or to find a buyer. Offers are solicited for the assets of SORBS as an ongoing anti-spam service — it’s now handling over 30 billion DNS queries per day. An update to the post says “A number of offers have already been made, we are evaluating each on their own merits.” Failing a successful resolution, SORBS will cease operations on July 20, 2009 at 12 noon Brisbane time. Such a shutdown could slow or disrupt anti-spam efforts for large numbers of mail hosts worldwide.

Read more of this story at Slashdot.

Baxil writes “For years now, Javascript munging has been a useful tool to share email addresses on the Web without exposing them to spammers. However, Google is now apparently evaluating Javascript when assembling summary text for web pages’ listings, and publishing the un-munged email addresses to the world; and spammers have started to take advantage of this kind service.” Anyone else seen this affecting their carefully protected email addresses?

Read more of this story at Slashdot.

Czmyt sends the excellent news that one of the US’s most notorious spammers has pleaded guilty and could serve 6 years in jail. “Five individuals pleaded guilty today in federal court in Detroit for their roles in a wide-ranging international stock fraud scheme involving the illegal use of bulk commercial e-mails, or ‘spamming’… Alan M. Ralsky, 64, of West Bloomfield, Mich., and Scott K. Bradley, 38, also of West Bloomfield, both pleaded guilty to conspiracy to commit wire fraud, mail fraud and to violate the CAN-SPAM Act. … Ralsky and Bradley also pleaded guilty to wire fraud, money laundering, and violating the CAN-SPAM Act. Under the terms of his plea agreement, Ralsky acknowledges he is facing up to 87 months in prison and a $1 million fine…”

Read more of this story at Slashdot.