Soloway case reveals big business behind spam
Selling the tools used by spammers is easy money, at least until you get caught. Just ask Adam Sweaney, a man charged with computer fraud who took the stand at the sentencing hearing in Seattle for Robert Soloway, the so-called spam king.
Sweaney said he earned about US$2,500 a month for a couple of years selling botnets that could be used for a variety of activities including sending spam e-mails. He didn't even write them himself, but he traded or bought them in online forums, he said.
Sweaney didn't sell a massive volume to a wide variety of people -- a typical week might involve selling three or four botnets to any of his six regular customers, he said. He also sold millions of e-mail addresses to spammers, including one who, unfortunately for Sweaney, was an undercover U.S. Federal Bureau of Investigation agent.
Testimony from Sweaney and others during the sentencing hearing for Soloway, the man notorious for the volume of spam that he facilitated, offered an inside look at the big business of online fraud. While antispam efforts implemented by ISPs (Internet service providers) may have shut out the small-time spammers, the more sophisticated players remain, and they have developed tools to make their efforts easier.
From the stand on Monday, investigators revealed some of the techniques that Soloway allegedly used to send out massive amounts of e-mail. After the government seized Soloway's servers from GoDaddy, a hosting company, investigators found files with as many as 10 million e-mail addresses on each server, according to Thomas Ervin, an engineer at the Mitre Corporation, a company the government hired to help investigate the case.
They also found Dark Mailer software on each server. Dark Mailer is a program that users can set up to automatically send out mass e-mails, drawing from databases to fill in the to, from, subject and body fields of the e-mail message. It also can spoof the header information, making it difficult to trace where the mail came from.
When Ervin began examining the Dark Mailer programs on the servers, they were set to send out 500 messages at a time, with the text body of the message rotated every five minutes.
Soloway ran a company called Newport Internet Marketing. He advertised a mass e-mail service that purported to send messages to an opt-in list of addresses, but he didn't have such a permission-based list. He also sold software that he said would let customers manage their own e-mail campaigns, but it often didn't work. Prosecutors allege that during a three-year period Soloway earned about $1 million.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
spam
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
