Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Wins $3.95 Million from Spammer

Posted by CowboyNeal on from the little-guy-finally-wins dept.

LehiNephi writes "A Washington, D.C. judge fined Daniel Khoshnood, a major spammer, for pretending to be Microsoft in order to attract customers. Specifically, he registered windowsupdate.com (not to be confused with windowsupdate.microsoft.com), then sent out mass email encouraging users to download a toolbar from that website. Although the suit was not specifically about spamming, the mass emails (and subsequent complaints) were what caught Microsoft's attention. So far, Microsoft's campaign against spam has netted them $54 million from six judgments, one dismissal, four settlements, and two bankruptcies. The article doesn't mention whether the toolbar actually lived up to its claims of automatically applying security patches."

9 of 169 comments (clear)

  1. Re:I have to say... by Anonymous Coward · · Score: 1, Informative

    On the contrary, many large companies do exactly that. My employer, Intuit, has registered thousands of domain names (including misspellings and variations) for this very reason.

  2. Re:I have to say... by Anonymous Coward · · Score: 5, Informative
    This article seems to be mistaken. The domain ownership for windowsupdate.com, according to NSI (no link to their evil whois-substitute), is:
    Microsoft Corporation
    Carolyn Gudmundson
    One Microsoft Way
    Redmond, WA 98052
    US

    Other articles on this story say that the spammer used the domain windowsupdatenow.com, which is owned by:
    Windowsupdatenow
    8975 hoello
    brazil city, brazil none
    BR
  3. Re:Am I my keeper's brother? by minas-beede · · Score: 5, Informative

    It's unclear what you mean, but have you seen:

    http://www.proxypot.org/ ?

    They don't sue the people (yet), but they do try to get ISPs and LEAs interested in the evidence collected. Often the ISP approac succeeds. It is also useful to create a list of ISPs who will not act on abuse reports.

    As a bonus, none of the spam that the spammers try to send through them reaches any victim.

    For this approach "popular mail client" is meaningless. Spammers don't start with a list of mail servers, they start with the IP address space and go looking for abuable servers (for proxypots the abusable entities are open proxies.) What is run doesn't have to be a real MTA (or real proxy server), just look enough like one that the spammers accept it as one. For the cleverer spammers it is useful for it to look exactly like some historic abusable MTA, like many of the earlier versions of Sendmail. Whether you need to gear your attack to defeating the cleverer spammer isn't known, but it's probable that you can have a huge effect just by going after the dumbest spammers (that's a big group.)

    It shocks me that (1) so many people don't know how spammers operate and (2) so many of those who do know (that is, recognize that spammers have to look for systems to abuse) never seem to be able to grasp the importance of that knowledge. It's like knowing a burglar favors basement windows but doing nothing to set a trap for a basement window burglar - just bitch about all the people with insecure basement windows. Stake out a few basement windows and some evening soon you may be face-to-face with he burglar. Stake out a few IP addresses and some time soon you may gather information that leads directly to the spammer's IP address. Poof! There went the supposed anonymity.

  4. Toolbar... by ideatrack · · Score: 5, Informative

    The article doesn't mention whether the toolbar actually lived up to its claims of automatically applying security patches.

    No but from this article on The Register:

    "In reality, the toolbar loaded a utility called called BrowserAid/QuickLaunch which bombarded users with random, unrequested pop-up ads."

  5. Actually, they did... by MadAnthony02 · · Score: 4, Informative

    Windows Update is owned by microsoft - in fact, it is one of the URL's that the blaster worm DOS'ed.

    According to this register article that someone posted, the website that the spammer registered was windowsupdateNOW.com

    --
    I have blog like everyone else
  6. Not really... by PatHMV · · Score: 2, Informative

    In most states in the U.S., there are only very few types of cases where the courts allow the prevailing party to recover attorney's fees from the losing party... which is assuming that Microsoft would prevails in every case, and would never have to eat a whole lot of attorney's fees in a losing case. Also, MS would not be able to recover the costs it incurred sending executives to depositions, having its executives keep track of the case, etc. Moreover, it is not going to be able to recoup its customer support costs and loss of good will (yes, MS does in fact have some with the general public) from customers who forgot that the site they needed to go to was windowsupdate.MICROSOFT.com instead of just windowsupdate.com, and then got screwed. Those costs alone far execeed the amount of money it would take to reserve 10,000 domain names.

  7. Re:Re-distribute the cash? by leeward · · Score: 2, Informative

    I would guess that the claim Microsoft's campaign against spam has netted them $54 million from six judgments is likely false. They may have been awarded $54 million, but collecting is always another matter. I would not be surprised if the total collected is just in the thousands. And that likely is less than the legal costs, meaning their net is probably a negative number.

    Of course, that is pure speculation. I have no facts to back it up. But then again, this is /.

  8. Re:The phony update site is still up. by morzel · · Score: 3, Informative
    The site is still up. Why didn't the court order it taken down?
    Because it actually is microsoft's?
    The guy used windowsupdatenow.com. for his toolbar. (It's in the article... nkay?)

    Those who're running IE with active-X controls enabled should click on it... Perhaps get some more holes fixed :-)

    --
    Okay... I'll do the stupid things first, then you shy people follow.
    [Zappa]
  9. Daniel Khooshnood by dynamo · · Score: 2, Informative

    I worked for this guy for a few months. He is the most disreputable excuse for a human being I've ever had the misfortune to know. I was young and stupid and I worked on a verbal contract through a friend who worked for him directly, and an assumption of trust once I got past a few paychecks. My huge mistake. He kept asking me to give him time, and by the time I broke down and refused to work for him anymore until I got paid, he owed me 8.5 thousand dollars. I was broke at the time and couldn't afford the time or money to sue for what was mine, especially without a written contract. My mistake in trusting him singlehandedly ended my consulting career.

    This guy uses obviously program-generated lists of emails to basically spam every possible email address in several popular domains - aol, hotmail, etc..

    In case anyone wants to discuss his case,
    His cell phone number is (or at least used to be) 818-516-3999.
    His work phone number is (or at least used to be) 800-516-3999. I believe the phone was answered as "mainstream advertising".
    His email was dk@global2000.com, but I doubt it's still the same.

    I have a bigger grudge against DK than anyone. It is thrilling to hear of MS's victory in this case. it's nice to hear of them doing good for once!

    Anyone else out there know him? I know from friends that I am far from the only person who he screwed over.