A few weeks ago, Spamhaus filed a motion to have the judge reconsider his recent $27,002 award to e360. Their brief hangs on three arguments. ... it's clear Spamhaus is prepared to take this to the Court of Appeals (again) if the judge doesn't reconsider. In my lay reading of the law, and the memo in support of motion to alter judgement I don't think Spamhaus is out of line in asking for the judge to reconsider. I expect that if the judge doesn't reconsider, then we'll see an even more aggressive filing taking it up to the Court of Appeals. more
In a perfect world, consumers recognize authentic emails from fake, update their operating system, browser and anti-virus software, and have a healthy skepticism about the safety of the Internet. The bad guys hate perfect, so we should be working with consumers to stop them. ... Organizations like mine are joining forces to recruit consumers -- who are also your customers and employees -- in the fight against cybercrime. more
M86 Security today released it's bi-annual security report for the first half of 2010, highlighting the evolution of obfuscation through combined attacks. From the report: "This threat trend is the latest to emerge as cybercriminals seek new ways to limit the effectiveness of many proactive security controls. Because existing techniques for 'covering their tracks' are becoming less effective, cybercriminals have begun using combined attacks, which are more complex and difficult to detect. By splitting the malicious code between Adobe ActionScript language - built into Adobe flash - and JavaScript components on the webpage, they limit the effectiveness of many of the the proactive security detection mechanisms in place today." more
A friend of mine wrote to ask: "The Supreme Court overturned the Jaynes conviction on First Amendment grounds, yes? I'm wondering what that could mean from the spam filtering perspective." Spam filters, and in particular DNS blacklists are intended to prevent e-mail from being delivered. Doesn't the First Amendment make it illegal to block speech? The short answer is no, but of course it's slightly more complicated than that in practice. more
The California Supreme Court issued its opinion in Kleffman v. Vonage, a case certified from the Ninth Circuit. The California Supreme Court held that the transmission of "commercial e-mail advertisements from multiple domain names for the purpose of bypassing spam filters" does not violate California's spam statute. more
More than 420,000 scam emails are sent every hour in the UK according to a report published by Card Protection Plan Limited (CPP). The study estimates that Britons were targeted by 3.7 billion 'phishing' emails in the last 12 months alone. And a quarter of people admit to falling victim to e-fraudsters, with the average victim losing over £285 each. more
A federal court granted a request for attorney's fees (in the amount of $806,978.84) against prolific CAN-SPAM plaintiff Asis Internet. I thought things were looking good for Asis - whose lawsuits have generated substantial blog fodder - when it recently obtained a 2.5 million dollar default judgment in a spam case. more
As Reddit recently learned it's not a great idea to use the Amazon EC2 cloud to host mailservers. There are a number of reasons for this, most of them related to the reputation of mail coming from EC2 servers. When you're using machines in the cloud, changing IP addresses is as simple as initializing a new server. Spammers discovered this almost as soon as the EC2 cloud became public. more
Gary Warner over at Cyber Crime and Doing Time has a good post up this week about the CallService.biz website being shut down. I have posted a few good excerpts and added my comments to the end. ... Warner's take on the world of spam, malware, hacking and phishing is that unless people actually go to jail because they are spamming, the problem of spamming will never get better. That's because when the security industry fixes the latest hole or comes up with a new technology to stop the newest threat, spammers simply move onto another. more
Earlier this year Okpako Mike Diamreyan was found guilty of wire fraud. The district court recently denied his motion for judgment of acquittal. Diamreyan "was charged with devising a scheme to defraud known as an 'advance fee.'" As the court describes it, this is a "scam . . . where a person asks an individual to pay an advance fee in order to obtain a larger sum of money, which the individual [victim] never receives." ... Two things about the case struck me... more
Google, which through its Postini email security and archiving service processes over 3 billion email connections a day, reports that despite recent series of major botnet takedowns, spam levels during the first quarter of 2010 have held fairly steady. "This suggests that there's no shortage of botnets out there for spammers to use. If one botnet goes offline, spammers simply buy, rent, or deploy another, making it difficult for the anti-spam community to make significant inroads in the fight against spam with individual botnet takedowns." more
Bennett Haselton, who runs the Peacefire anti-censorship site, is one of the more successful anti-spam litigants. He says he's filed about 140 suits, mostly in small claims court, and has won the majority of the suits that got far enough to be decided on the merits. But last month, in Federal court in Seattle, he lost a suit against Quicken Loans that he should have won, partly because of his own mistakes, but largely because of the pernicious effect of Gordon vs. Virtumundo. more
Brian Krebs has a post up the other day on his blog indicating that the amount of spam ending in .cn has declined dramatically due to steps taken by the Chinese government making it more difficult to get a domain ending in .cn... A cursory glance seems to confirm that the amount of spam from .cn as opposed to .ru has switched places. Indeed, if the CNNIC requires people to start writing in application forms, with a business license and identity card, that is seriously going to slow down the rate at which spammers can sign up and register new domains. more
A study conducted by RIPE Labs indicates that about 1.89% of spam are received over IPv6. "With the increased deployment of IPv6, we were curious to see how much the amount of spam sent over IPv6 increases. We looked at the e-mail system of the RIPE NCC and produced some statistics that could be seen as an indication for the overall trend of spam sent over IPv6," says RIPE in a blog post explaining the analysis. Group also notes that the study was based on one week’s worth of data and that it excluded messages already rejected by blacklisting and greylisting. more
A court in Illinois rejected a motion to dismiss case filed by defendants in a class action brought on behalf of plaintiffs who received SMS spam marketing for an animated film called "Robots". The court's ruling is not surprising, given the other cases which have come to a similar conclusion. more