Soloway case reveals big business behind spam
Selling the tools used by spammers is easy money, at least until you get caught. Just ask Adam Sweaney, a man charged with computer fraud who took the stand at the sentencing hearing in Seattle for Robert Soloway, the so-called spam king.
Sweaney said he earned about US$2,500 a month for a couple of years selling botnets that could be used for a variety of activities including sending spam e-mails. He didn't even write them himself, but he traded or bought them in online forums, he said.
Sweaney didn't sell a massive volume to a wide variety of people -- a typical week might involve selling three or four botnets to any of his six regular customers, he said. He also sold millions of e-mail addresses to spammers, including one who, unfortunately for Sweaney, was an undercover U.S. Federal Bureau of Investigation agent.
Testimony from Sweaney and others during the sentencing hearing for Soloway, the man notorious for the volume of spam that he facilitated, offered an inside look at the big business of online fraud. While antispam efforts implemented by ISPs (Internet service providers) may have shut out the small-time spammers, the more sophisticated players remain, and they have developed tools to make their efforts easier.
From the stand on Monday, investigators revealed some of the techniques that Soloway allegedly used to send out massive amounts of e-mail. After the government seized Soloway's servers from GoDaddy, a hosting company, investigators found files with as many as 10 million e-mail addresses on each server, according to Thomas Ervin, an engineer at the Mitre Corporation, a company the government hired to help investigate the case.
They also found Dark Mailer software on each server. Dark Mailer is a program that users can set up to automatically send out mass e-mails, drawing from databases to fill in the to, from, subject and body fields of the e-mail message. It also can spoof the header information, making it difficult to trace where the mail came from.
When Ervin began examining the Dark Mailer programs on the servers, they were set to send out 500 messages at a time, with the text body of the message rotated every five minutes.
Soloway ran a company called Newport Internet Marketing. He advertised a mass e-mail service that purported to send messages to an opt-in list of addresses, but he didn't have such a permission-based list. He also sold software that he said would let customers manage their own e-mail campaigns, but it often didn't work. Prosecutors allege that during a three-year period Soloway earned about $1 million.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
spam
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
