Spamhuntress

Three Russians were sentenced to 8 years of hard time for extortion in connection with denial of service attacks.

Anna from Kaspersky told me in June that there was a Russian law that could be used against cybercrime, but that it hadn’t been used so far. That mirrors what they said in their blog yesterday. This is a very important sentence, even if the sentencing reflected the extortion more than the cybercrime.

Other news reports:

Informationweek, Securityfocus

American Samoa’s .as domains are popular in Norway, and possibly other places.

Somehow, I guess their renewal invoices didn’t really work as they said, because a lot of domains haven’t been renewed, for some reason or another.

Some time in the last few days, they flipped a switch. Domains that hadn’t been renewed (some are years out of date) suddenly don’t work.

There are probably a lot of frustrated people out there right now, who don’t get their e-mail, and whose homepages don’t work.

Apparently, disappearing e-mails is the new rage in some (business) situations.

Just a little rant here: If I receive such an e-mail, I’ll go get my cameraphone and snap a picture of the screen. The best cameraphones today are totally capable of snapping readable images of the screen. And they’re fast, so you should be able to get several images if it’s a long message. And yes, I’ve tested it, works with my cameraphone!

Heck, some of those services may even be susceptible to a screen capture!

A cameraphone and a screen grab was even part of the plot of the recent movie Firewall…

Another trend is ReadNotify. Don’t trust that either. Some friends tested that out on me a few years ago (I was told they tested it). Doesn’t work if you’ve got an e-mail program that’s severed from the internet when you read messages, unless you purposely allow interaction with the internet. At least, they never got it to work when they sent messages to me…

So, the moral is: This sort of thing works some of the time, but you shouldn’t rely on it. If you send it to someone like me (and there are many like me on the net), expect it to bite you down the line. If it’s imperative nobody can prove you sent an e-mail, don’t send it. And failure to get a result with ReadNotify, doesn’t mean the e-mail was never read.

Thought I’d round up some less serious stuff and post:

I’ve been getting some linklove this past week or so, and thought I’d return it. These are the high volume links:

http://shoemoney.com/2006/09/29/5-quick-and-easy-ways-to-stop-blog-spam-before-it-hits-your-blog
http://mattcutts.com/blog/review-google-reader
http://blog.outer-court.com/archive/2006-09-25.html#n44
http://seroundtable.com/archives/006222.html

Also check IncrediBILL’s response to Shoemoney’s post

I wrote some posts on my other blog I wanted to show you guys:

Computer use and back problems
WiFi conflicting with wireless AV

Also, we have a Black Hat defection this week. Esrun has announced that he’s quitting Black Hat, and will be doing more White Hat coding and stuff. Welcome to the light side! Maybe we should have a wiki page with names of defected black hats?

Jensense talks about hackers changing the Adsense ID on other people’s pages. Scary…

We’ve had quite a few webspammers come here and say that webspamming is legal, so quit calling us spammers. They’re afraid of the stigma of being called spammers. And because they say it’s legal, they feel we as spam hunters should leave them alone.

So, let’s examine exactly how legal webspamming is.

1) There are no laws against webspamming per se. IE, there are no laws where webspamming has been defined as illegal.

2) There are plenty of laws against mail spamming. In some countries those laws define e-mail spam to the exclusion of other types of electronic advertizing. Which means those laws narrowly do not cover webspam. Correct me if I’m wrong on this.

3) Some countries have laws that cover e-mail spam, but does not define that law as only covering e-mail spam. The law covers advertizing, sometimes electronic advertizing. Those laws probably sometimes do cover webspam. It depends on the language of that law, and the lawyers would probably haggle over some finer points. It’s a question of case law, and so far there is no case law.

4) Spamming is by definition unwanted commercial bulk messages. Any webspam that involves putting messages or profiles on other people’s property (ie websites), falls under that definition. And by engaging in that activity, a webspammer is a spammer. Whether or not it’s illegal per se isn’t really relevant. Mail spamming isn’t illegal in every single country across the globe. Those who send mail spam are still spammers. In other words, it’s quite acceptable to call a webspammer - a spammer. It’s not libel.

5) While webspamming, there are other issues that crop up, that could be illegal by themselves, or at the very least, cause for civil lawsuits. In no particular order:

*Denial of service attacks. Many servers have been brought down by spambots hammering sites with spam comments or trackbacks. Websites have been disabled or thrown out by hosting companies for that reason.
*Trashing websites. Guestbooks are regularly trashed by spam, and so are other types of sites withe built in interactivity. Some spambots may potentially mess the site up in other ways too. There’s a potential for a civil suit there.
*Some topics commonly spammed are illegal in some places. Like bestiality in the US, for instance.
*Hacking into other people’s servers in order to run proxies, spambots and placing spammy pages and scripts
*Using proxies that were never meant to be proxies
*Using compromised windows computers - zombies/botnets

Please help me add to this list.

Someone who’s speaking for the spammers said in a comment on Spamtool gets outed, that some spamhunters make threats against spammers or their wives and children. I don’t know if it’s true or not, but I still have to address the principle.

Do NOT attack spammers in any way! We’re not posting their information so you guys can contact them and bemean them in any way. That’s not the point.

The point is establishing a history, so when they do something that is illegal - either escalation of what they’re doing (using zombies, hacking), or when webspamming becomes illegal, we have a trail on them.

About harassment and threats

Simply put, if spam hunters attack spammers via threats or violence, then those spam hunters are more miserable beings than the spammers.

It’s illegal, and I’ll show you how:

Most states have harassment laws. They’re often called cyberstalking laws, but in reality they’re covering a sliding scale from single incidents of harassment. A phone call where you call a spammer names is harassment in my opinion, and if you keep calling it’s stalking, in many states. If you threaten them, you’ve just sealed the deal. Some states have intent as part of the law. Which means for it to be harassment or stalking, there needs to be intent. That will not be hard to prove in the case of a spam hunter trying to intimidate a spammer.

So don’t go there. The aim is to get the spammer in jail - eventually. If I see a spam hunter arrested for harassment or worse, I’m outing that spam hunter. Wall of shame, whatever. Do NOT go there!

As a rule I don’t get angry over spamming. But right now I’m feeling the blood boiling. Harassment and stalking is such a low tactic. If you feel the need to do something like that, go get help! It’s a sign of either a personality disorder or a very shaky sense of self. It’s like a playground bully, that has to bemean others to feel good about himself. We’re grown ups, so act like a grown up!

McAfee’s site advisor is ranking very high in Google these days. Which means people are likely to check out what they have to say about domains they’re looking for.

Their testing is not always entirely accurate. Take Spamhuntress as an example.

They put one bad mark against my site for linking to a site they classified as bad.

But you can put up comments on sites, whether you own them or not.

That should be a golden opportunity to comment on spamresources. Especially domains we’re likely to see as nameservers for spammy domains. Webhosting and registrars often used by spammers.

Just one caution: If you do comment on other people’s sites, be responsible. Don’t be rude. Don’t get sued for libel. What you write needs to be true at the time of writing, and you’d better be prepared to show evidence of what you write.

The site has been down for a while.

I’m sure most of you have already guessed why.

I guess I struck a nerve this last week or so, eh? Definitely an incentive to keep doing exactly what I’m doing.

A long time ago, I got a theoretical lesson in culture clash. How different cultures relate, and how they treat other cultures. One culture in particular was singled out. I’ll leave out the details, as what I was told was confidential.

Men from one culture was often employed under bosses from another culture. They were cheap, but not unskilled labor. While stealing wasn’t an act of honor within that culture, it was considered honorable when they stole from the westerners. Not directly from their bosses, but little things that wouldn’t get missed immediately. Things that passed under their noses. In that culture, there was, as far as I can tell, a deep seated animosity against westerners. What they considered wealthy westerners.

Similar to other cultures meeting, where one has more than the other, or one is oppressing the other.

If you check the recent discussion here between Russian spammers and western anti-spammers, you’ll see the exact same sentiments.

Just like the cheap laborer had no way of knowing if the people they actually stole from were wealthy or not, Russian spammers have no way of knowing, and no interest in finding out, if the victims of their spamming can actually afford the ultimate results of their spamming.

I’ve been seeing a lot of KLIK Media GmbH as registrar (or rather, registration service under PublicDomainRegistry) lately. Always spammy domains. So I thought I’d check if there was a connection between the registrar and the KlikVip PPC program.

Yep, it’s one and the same.

The whois on for instance KLIKVIP.com is fake (says it’s in Victoria, SC). The company is actually in Germany:

KLIK Media GmbH
Alt-Karow 3
13125 Berlin
+49.3094413291

But the owner also speaks Russian.

So, the PPC company is also serving as registrar for it’s spammers.