Slashdot Mirror

Bismillah writes: Russian security researchers have spotted a new malware named Mayhem that has spread to 1,400 or so Linux and FreeBSD servers around the world, and continues to look for new machines to infect. And, it doesn't need root to operate. "The malware can have different functionality depending on the type of plug-in downloaded to it by the botmaster in control, and stashed away in a hidden file system on the compromised server. Some of the plug-ins provide brute force cracking of password functionality, while others crawl web pages to scrape information. According to the researchers, Mayhem appears to be the continuation of the Fort Disco brute-force password cracking attack campaign that began in May 2013."

Juha-Matti Laurio writes "A consignment of laptops from German manufacturer Medion, sold through German and Danish branches of giant retail chain Aldi, have been found to be infected with the boot sector virus 'Stoned.Angelina', first seen as long ago as 1994. The affected notebook models (German language) Medion MD 96290 have been pre-installed with Windows Vista Home Premium and Bullguard anti-virus, which reportedly is unable to remove it. A special removal tool was released to clean the laptops. Aldi has shared the same warning as well. Two years ago several thousands of Creative Zen Neeon MP3 players were shipped with a Windows worm Wullik.B."

Slashdot contributor Bennett Haselton writes in to say "The last few times that I sued a spammer in Washington Small Claims Court, I filed a "booby-trapped" written legal brief with the judge, about four pages long, with the second and third pages stuck together in the middle. I made these by poking through those two pages with a thumbtack, then running a tiny sliver of paper through the holes and gluing it to either page with white-out. The idea was that after the judge made their decision, I could go to the courthouse and look at the file to see if the judge read the brief or not, since if they turned the pages to read it, the tiny sliver of paper would break. To make a long story short, I tried this with 6 different judges, and in 3 out of 6 cases, the judge rejected the motion without reading it." The rest of this bizarre story follows. It's worth the read.
An example of a "booby-trapped" legal brief
with the pages still joined together

I did this after it occurred to me one day that I'd never won a Small Claims case against a spammer or telemarketer where the defendant had showed up in court. Sometimes the judges said the spammers were not liable, sometimes they said that the subject line of the spam was not misleading enough, and sometimes they simply said that they were going to make an exception under the law ("It was just one phone call"). So I asked the handful of other people in Washington that I knew had sued spammers in Small Claims, and none of them had ever won a case against a spammer or telemarketer who appeared in court either. (The only Small Claims victories had been out-of-court settlements and default judgments where the defendant didn't show up.) It wasn't because most judges said that the cases couldn't validly be brought in Small Claims court, it was simply that the number of times the defendant appeared and the judge ruled against them, was zero. Now, there were only a handful of us suing spammers and telemarketers in Small Claims, and the defendant only rarely showed up, so we're talking about a sample size of dozens of cases, not hundreds, and I'm sure some of those were cases where reasonable people could disagree. But still. Zero?

I knew when I started suing spammers in 2001 that many judges would have attitudes similar to this guy:

Judge Nault: You know what I think about these cases?
Bennett Haselton: Uh... what?
Judge Nault: They stink.
Bennett Haselton: Really? Why?
Judge Nault: I don't have to answer your questions, you have to answer mine.
Bennett Haselton: OK.
[...]
Judge Nault: I just think this is the stupidest law in the world. But I didn't write the law and I'm bound to follow it. So I'm gonna go ahead and give you your money. But I'm just saying, it just takes up court time and it's absolutely stupid.

Actually, I like honesty, and Judge Nault is like the hot chick who just tells you that she doesn't like your looks instead of making up some crap about your personality. But after getting similar (but usually more subtle) messages from so many different judges, I thought it was worthwhile to test whether the motions I was filing were being read at all. The 6 test case motions were all filed as part of the formal cases, so the judges were at least theoretically required to read them -- and each one was about facts unique to that case (that is, I wasn't handing in a copy of something that I had already handed in a million times before, that wasn't why they were being ignored). I posted the complete list of all the test cases here.

I realize, of course, that courts are overburdened and judges have to prioritize what they work on. The problem I have with that excuse applied to these cases, is that often the judge spent so much time haranguing me for filing some "silly" lawsuit, that they could have read the brief forwards and backwards in the same amount of time. More likely, most judges probably just don't think spam is a real problem worth spending time on. (Obligatory rebuttal.) But, strictly speaking, that's not the judge's decision. If the legislature has passed a law making spam punishable, the judges are simply supposed to apply that law, not to be influenced by their opinion about the law. (If a judge asserts a bias in the other direction, that's just as inappropriate, but that has been very rare.)

Well, shoot, I can't complain

If you feel you've been wronged, there is a Commission on Judicial Conduct in Washington for processing complaints against judges for improper behavior. For example, when a certain Judge Gary W. Velie got in trouble for saying "nuke the sand niggers" (referring to the first Iraq war), and for saying in court that a defendant had "gone crazy from sucking too many cocks" and telling another lawyer in court that he looked like he had been "jacking off a bobcat in a phone booth", the Commission flew (by judicial standards, meaning, a little over a year later) into action, and issued a reprimand. Evidently this was an exceptional situation, since the CJC takes action in response to only about 3% of submitted complaints in a typical year. Apparently the last time the CJC actually barred someone from office was in 2005, in the case of a judge who was convicted and imprisoned for molesting an 11-year-old boy. The Commission lists this decision as one of their accomplishments, although I think the judge probably wouldn't have been re-elected after that anyway.

Of the three test cases judges who got caught with the booby-trapped motions, two of them I thought were not really worse than most other judges anyway, but for the third one, I thought filing a complaint was probably justified. This was a case where I had telephoned the spammer before the trial, pretending to be an interested customer, and tape-recorded him making such statements as "Well, I would blast out 5 million for $500" and "It's a United-States-based company but they pump everything through China and then it comes back to the United States". At the trial, presided over by Judge Karlie Jorgensen, the spammer didn't know I was the guy from the phone call, so he claimed that he didn't even know how to send spam and had no idea what I was talking about, while Jorgensen kept Judge-Judying me in between just about every other sentence for picking on this obviously innocent man. After I brought out the recording, she became very flustered for a few moments and then started accusing me of "entrapment". (Entrapment, of course, is where you trick someone into doing something, and then sue them or arrest them for it. That wasn't the case here, since he spammed me first, and I called him afterwards just to get evidence that he was in the spamming business.) In the end she dismissed the case, and never said anything about the statements the spammer had made under oath.

So, that's when I filed my "motion to reconsider" with the pages stuck together, and after I got a letter that it had been denied (no kidding), I went to the courthouse and found the pages still attached. After the rest of the experiment was finished, I filed an official complaint with the Commission on Judicial Conduct saying that my motion had been rejected with the pages still stuck together, indicating the judge didn't read it. A little over a year later, I got a letter saying the complaint had been rejected.

Making a federal case out of it

Fortunately, there is a way to bring future spam suits in federal court, where several lawyers have suggested to me that I'm likely to get better results (with their help, naturally).

First though, I am of course aware that most spam can't be traced to the original sender to sue them, and that a lot of spam is sent by some Russian hacker or some loser in his Mom's basement who wouldn't be able to pay off a court judgment anyway. However, quite a bit of spam can be traced indirectly to companies that paid the spammer to send the spam or paid them for the leads that they generated, and those companies are usually easier to find and easier to collect against. For a while, every time I got a mortgage spam with a link to fill out a contact form, I would fill it out using a temporary phone number in a certain area code. Then I'd see which mortgage companies called me, and I'd call them back saying, "The person who sold you this lead is generated them illegally; you should stop buying leads from them, and should stop buying leads from people without asking where they came from." Then I'd wait until the next similar mortgage spam came in, fill out the form with a new phone number in the same area code, see which mortgage companies called me, and repeat.

Sometimes the mortgage brokers apologized and said they'd stop dealing with the person who sold them the lead. Others were unrepentant and started hanging up on me by the second or third time that I called them to tell them their latest batch of leads was generated by a spammer.

The Washington law lets you sue anyone who "sends, or conspires with another to send" spam if the person "knows, or consciously avoids knowing" that the spam violates the law. If I do file any future spam suits, what I'll probably do is use this method to find mortgage companies that refuse to stop buying leads from spammers, and then sue them for the cumulative liability for all the spam that I got from their lead generators. There are several advantages to doing it this way:

• Unethical mortgage companies are easier to locate, sue, and collect against, than most spammers.
• Rather than waiting for that rare spam that contains enough information to find and sue the spammer, you can almost always trace a mortgage spam to the company that is buying the leads, by filling it in with "bait" contact information.
• If you reach more than $75,000 worth of liability, you can sue in federal court. At least one good lawyer has said that if I built a case in this way against a spam-enabling mortgage company, he'd help file it for no up-front fee in exchange for a percentage of the winnings.

This last advantage is the big one. Whatever most media figures say in their rants against judges, what they usually don't mention is that there's a dividing line between judges at the state and federal levels: to be a federal judge, someone has to put their reputation on the line and nominate you. It's a horribly politicized process, but at least it's something. At the state level on the other hand, any lawyer who wants to be a judge can run for office -- and even then, for most judicial positions there is only one candidate. If we're so cynical about lawyers and politicians, why on Earth do we give a pass to judges, when a state-level judge is just a lawyer who ran for office? In fact, to be a "pro tem" judge, filling in for a day for the regular judge, you don't even have to win an election, you just take a class and then sign up for an available time slot.

Given the vastly greater seriousness of becoming a federal judge, I'll bet that if one of them had been handling the Karlie Jorgensen case, and the spammer said he "knew nothing about any spam" right before being confronted with a tape of his past conversations, maybe the judge wouldn't have sent him to jail for perjury, but the judge probably would have mentioned something about it. And if you had proof that a federal judge denied a motion without reading it, some cynics might not be surprised, but an official complaint at that level would probably be taken more seriously.

Besides, the nice thing about federal cases is that the defendant is likely to have a lawyer who will talk some sense into them and get them to settle out of court, instead of digging in their heels the way spammers often do in Small Claims. They say the best lawyer isn't the one who wins in court but the one who keeps the case from going before the judge at all, and I'm sure that's true even with federal judges. By that standard, I hope that every spammer that I sue in federal court, has a fantastic lawyer.

sheriff_p writes "Rainer Link and Kurt Huwig started the OpenAntiVirus project two years ago. In this interview with Virus Bulletin, they talk about ongoing projects, the advantages of having an open-source anti-virus product, and defend their choice of Java for the main scanning engine."

sheriff_p writes "Rainer Link and Kurt Huwig started the OpenAntiVirus project two years ago. In this interview with Virus Bulletin, they talk about ongoing projects, the advantages of having an open-source anti-virus product, and defend their choice of Java for the main scanning engine."

sheriff_p writes "Anyone recieving even a small amount of email is likely to have encountered Klez varients of some form in the last few months - Message Labs shows it as being the biggest email-transmitted virus of all time by some way. So just how boring is it? Virus Bulletin has an indepth look at what makes Klez tick." And today alone, Klez virus e-mails were 90% of my e-mail by bytecount. YAY Outlook!

sheriff_p writes "Anyone recieving even a small amount of email is likely to have encountered Klez varients of some form in the last few months - Message Labs shows it as being the biggest email-transmitted virus of all time by some way. So just how boring is it? Virus Bulletin has an indepth look at what makes Klez tick." And today alone, Klez virus e-mails were 90% of my e-mail by bytecount. YAY Outlook!

sheriff_p writes: "Virus Bulletin are running an article on Unix shell scripting malware, citing a 'zeitgeist' of interest in *nix malware following the release of {Win32/Linux}/Simile.D. The article looks at possible infection methods, possible actions the virus could take, and at a couple of real-world examples..."

sheriff_p writes: "Virus Bulletin are running an article on Unix shell scripting malware, citing a 'zeitgeist' of interest in *nix malware following the release of {Win32/Linux}/Simile.D. The article looks at possible infection methods, possible actions the virus could take, and at a couple of real-world examples..."